Remove Wowcraft.b. Description and removal instructions
Wowcraft.b properties: • Sends out logs by FTP or email • Logs keystrokes • Hides from the user • Stays resident in background Automatic Wowcraft.b removal:remover for Wowcraft.b
Wowcraft.b manual removal:Kill processes:debugprogram.exe, exeroute.exe, smss.exe Delete registry values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\torjan program=%Windir%\smss.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\torjan program=%Windir%\smss.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell=explorer.exe 1 HKEY_CLASSES_ROOT\.bfc\ShellNew\Ccommand=%System%\rundll32.com %System%\syncui.dll,Briefcase_Create %2!d! %1 HKEY_CLASSES_ROOT\.exe\(Default)=winfiles HKEY_CLASSES_ROOT\.lnk\ShellNew\Command=rundll32.com appwiz.cpl,NewLinkHere %1 HKEY_CLASSES_ROOT\cplfile\Shell\cplopen\Command\(Default)=rundll32.com shell32.dll,Control_RunDLL %1,%* HKEY_CLASSES_ROOT\dunfile\Shell\Open\Command\(Default)=%System%\rundll32.com netshell.dll,InvokeDunFile %1 HKEY_CLASSES_ROOT\file\Shell\Open\Command\(Default)=rundll32.com url.dll,FileProtocolHandler %1 HKEY_CLASSES_ROOT\htmlfile\Shell\OpenNew\Command\(Default)=C:\Program Files\Common Files\iexplore.pif HKEY_CLASSES_ROOT\http\Shell\Open\Command\(Default)=C:\Program Files\Common Files\iexplore.pif -nohome HKEY_CLASSES_ROOT\inffile\Shell\Install\Command\(Default)=%System%\rundll32.com setupapi,InstallHinfSection DefaultInstall 132 %1 HKEY_CLASSES_ROOT\winfiles\Shell\Open\Command\(Default)=%Windir%\exeroute.exe %1 %* HKEY_CLASSES_ROOT\InternetShortcut\Shell\Open\Command\(Default)=finder.com shdocvw.dll,OpenURL %l HKEY_CLASSES_ROOT\scrfile\Shell\Install\Command\(Default)=finder.com desk.cpl,InstallScreenSaver %l HKEY_CLASSES_ROOT\scriptletfile\Shell\Generate Typelib\Command\(Default)=%System%\finder.com %System%\scrobj.dll,GenerateTypeLib %1 HKEY_CLASSES_ROOT\telnet\Shell\Open\Command\(Default)=finder.com url.dll,TelnetProtocolHandler %l HKEY_CLASSES_ROOT\Unknown\Shell\OpenAs\Command\(Default)=%System%\finder.com %System%\shell32.dll,OpenAs_RunDLL %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\Shell\Open\Command\(Default)=C:\Program Files\Internet Explorer\iexplore.com %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\Shell\Find\Command\(Default)=%Windir%\explorer.com HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dunfile\Shell\Open\Command\(Default)=%System%\rundll32.comnetshell.dll,InvokeDunFile %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\Shell\Open\Command\(Default)=C:\Program Files\Internet Explorer\iexplore.com %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\Shell\Open\Command\(Default)=C:\Program Files\Common Files\iexplore.pif -nohome HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\Shell\Install\Command\(Default)=%System%\rundll32.com setupapi,InstallHinfSection, DefaultInstall 132 %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\Shell\Open\Command\(Default)=finder.com shdocvw.dll,OpenURL %l HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\Shell\Install\Command\(Default)=finder.com desk.cpl,InstallScreenSaver %l HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\Shell\Openas\Command\(Default)=%System%\finder.com %System%\shell32.dll,OpenAs_RunDLL %1 HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\iexplore.pif\Shell\Open\Command\(Default)=C:\Program Files\Common Files\iexplore.pif HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSInfo\ToolSets\MSInfo\hdwwiz\command=%System%\command.pif Delete files: debugprogram.exe, exeroute.exe, smss.exe, dxdiag.com, explorer.com, finder.com, iexplore.com, msconfig.com, regedit.com, rundll32.com, 1.com, command.pif, iexplore.pif, msconfig.sys Misc: Wowcraft.b usually does not install all the listed files and registry entries, but creates only few of them. Exact file location: debugprogram.exe - C:\Windows\Debug or C:\Winnt\Debug exeroute.exe, smss.exe, explorer.com, 1.com - C:\Windows or C:\Winnt finder.com - C:\Windows, C:\Winnt, C:\Windows\System, C:\Windows\System32, C:\Winnt\System32 dxdiag.com, msconfig.com, regedit.com, rundll32.com, command.pif - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32 iexplore.com - C:\Program Files\Common Files iexplore.pif - C:\Program Files\Internet Explorer msconfig.sys - C: Other programs to remove Wowcraft.b:• Malwarebytes Anti Malware - Review - Download• Malwarebytes Anti Malware - Review - Download • Windows Defender - Review - Download Information added: 23/10/05 Information updated: 23/10/05 Additional resources related to Wowcraft.b:Attention: If you know or you have a website or page about Wowcraft.b removal, feel free to add a link to this list: add url
more resources Post Comment:Attention: Use this form only if you have additional information about Wowcraft.b parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
|
Latest spyware news:
 Rogue security applications impersonate leading anti-virus manufacturers Attack of Waledac Worm is schedulled on July 4 Another Parasite Attack Spreads Via Twitter Free security product vets Twitter links Mac trojan targets game sites to infect users Security Threat at Fanny Mae Some web sites to avoid for today British Government will track all e-mail's YOUR SISTER NAKED LOLZ com “intervalhehehe” popupSubscribe to news 
Similar parasites:
|
FORUM:
HELP:
