 Remove Wowcraft.b. Description and removal instructions
Wowcraft.b properties: • Sends out logs by FTP or email • Logs keystrokes • Hides from the user • Stays resident in background Automatic Wowcraft.b removal:remover for Wowcraft.b
Wowcraft.b manual removal:Kill processes:debugprogram.exe, exeroute.exe, smss.exe Delete registry values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\torjan program=%Windir%\smss.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\torjan program=%Windir%\smss.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell=explorer.exe 1 HKEY_CLASSES_ROOT\.bfc\ShellNew\Ccommand=%System%\rundll32.com %System%\syncui.dll,Briefcase_Create %2!d! %1 HKEY_CLASSES_ROOT\.exe\(Default)=winfiles HKEY_CLASSES_ROOT\.lnk\ShellNew\Command=rundll32.com appwiz.cpl,NewLinkHere %1 HKEY_CLASSES_ROOT\cplfile\Shell\cplopen\Command\(Default)=rundll32.com shell32.dll,Control_RunDLL %1,%* HKEY_CLASSES_ROOT\dunfile\Shell\Open\Command\(Default)=%System%\rundll32.com netshell.dll,InvokeDunFile %1 HKEY_CLASSES_ROOT\file\Shell\Open\Command\(Default)=rundll32.com url.dll,FileProtocolHandler %1 HKEY_CLASSES_ROOT\htmlfile\Shell\OpenNew\Command\(Default)=C:\Program Files\Common Files\iexplore.pif HKEY_CLASSES_ROOT\http\Shell\Open\Command\(Default)=C:\Program Files\Common Files\iexplore.pif -nohome HKEY_CLASSES_ROOT\inffile\Shell\Install\Command\(Default)=%System%\rundll32.com setupapi,InstallHinfSection DefaultInstall 132 %1 HKEY_CLASSES_ROOT\winfiles\Shell\Open\Command\(Default)=%Windir%\exeroute.exe %1 %* HKEY_CLASSES_ROOT\InternetShortcut\Shell\Open\Command\(Default)=finder.com shdocvw.dll,OpenURL %l HKEY_CLASSES_ROOT\scrfile\Shell\Install\Command\(Default)=finder.com desk.cpl,InstallScreenSaver %l HKEY_CLASSES_ROOT\scriptletfile\Shell\Generate Typelib\Command\(Default)=%System%\finder.com %System%\scrobj.dll,GenerateTypeLib %1 HKEY_CLASSES_ROOT\telnet\Shell\Open\Command\(Default)=finder.com url.dll,TelnetProtocolHandler %l HKEY_CLASSES_ROOT\Unknown\Shell\OpenAs\Command\(Default)=%System%\finder.com %System%\shell32.dll,OpenAs_RunDLL %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\Shell\Open\Command\(Default)=C:\Program Files\Internet Explorer\iexplore.com %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\Shell\Find\Command\(Default)=%Windir%\explorer.com HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dunfile\Shell\Open\Command\(Default)=%System%\rundll32.comnetshell.dll,InvokeDunFile %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\Shell\Open\Command\(Default)=C:\Program Files\Internet Explorer\iexplore.com %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\Shell\Open\Command\(Default)=C:\Program Files\Common Files\iexplore.pif -nohome HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\Shell\Install\Command\(Default)=%System%\rundll32.com setupapi,InstallHinfSection, DefaultInstall 132 %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\Shell\Open\Command\(Default)=finder.com shdocvw.dll,OpenURL %l HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\Shell\Install\Command\(Default)=finder.com desk.cpl,InstallScreenSaver %l HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\Shell\Openas\Command\(Default)=%System%\finder.com %System%\shell32.dll,OpenAs_RunDLL %1 HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\iexplore.pif\Shell\Open\Command\(Default)=C:\Program Files\Common Files\iexplore.pif HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSInfo\ToolSets\MSInfo\hdwwiz\command=%System%\command.pif Delete files: debugprogram.exe, exeroute.exe, smss.exe, dxdiag.com, explorer.com, finder.com, iexplore.com, msconfig.com, regedit.com, rundll32.com, 1.com, command.pif, iexplore.pif, msconfig.sys Misc: Wowcraft.b usually does not install all the listed files and registry entries, but creates only few of them. Exact file location: debugprogram.exe - C:\Windows\Debug or C:\Winnt\Debug exeroute.exe, smss.exe, explorer.com, 1.com - C:\Windows or C:\Winnt finder.com - C:\Windows, C:\Winnt, C:\Windows\System, C:\Windows\System32, C:\Winnt\System32 dxdiag.com, msconfig.com, regedit.com, rundll32.com, command.pif - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32 iexplore.com - C:\Program Files\Common Files iexplore.pif - C:\Program Files\Internet Explorer msconfig.sys - C: Other programs to remove Wowcraft.b:• SUPERAntiSpyware - Review - Download• CounterSpy - Review - Download • Windows Defender - Review - Download Information added: 23/10/05 Information updated: 23/10/05 Additional resources related to Wowcraft.b:Attention: If you know or you have a website or page about Wowcraft.b removal, feel free to add a link to this list: add url
more resources Post Comment:Attention: Use this form only if you have additional information about Wowcraft.b parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
|
Latest spyware news:
 What could happen if you’d replied to every single spam message? Is your web browser safe? Supervisor of the newest Nigerian scam gets punished MySpace spammer sentenced to pay $6 million Security experts are worried about home computers France and Japan combines efforts to fight cyber crimes Why can’t spam say goodbye? The most secure and the most insecure domains of virtual world Beware of new scam targeting online banking accounts Why hackers are faster than you areSubscribe to news 
Similar parasites:
|
FORUM:
HELP:
