 Remove Wowcraft.d. Description and removal instructions
Related files: debugprogram.exe, exeroute.exe, winlogon.exe, dxdiag.com, explorer.com, finder.com, iexplore.com, msconfig.com, regedit.com, rundll32.com, 1.com, command.pif, iexplore.pif, pagefile.pif Wowcraft.d properties: • Logs keystrokes • Connects itself to the internet • Hides from the user • Stays resident in background Automatic Wowcraft.d removal:remover for Wowcraft.d
Wowcraft.d manual removal:Kill processes:debugprogram.exe, exeroute.exe, winlogon.exe Delete registry values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Run\Torjan Program HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\RunServices\Torjan Program HKEY_CLASSES_ROOT\.bfc\ShellNew\Command=%System%\rundll32.com appwiz.cpl,NewLinkHere %1 HKEY_CLASSES_ROOT\.bfc\ShellNew\Command=%System%\rundll32.com syncui.dll,Briefcase_Create %1!d! HKEY_CLASSES_ROOT\.exe\(default)=winfiles HKEY_CLASSES_ROOT\Applications\iexplore.exe\Shell\Open\Command\(default)=C:\Program Files\Common Files\Internet Explorer\iexplore.com %1 HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shell\OpenHomePage\Command\(default)=C:\Program Files\Internet Explorer\iexplore.com HKEY_CLASSES_ROOT\cplfile\Shell\cplopen\Command\(default)=rundll32.com shell32.dll,Control_RunDLL %1,%* HKEY_CLASSES_ROOT\Drive\Shell\Find\Command\(default)=%Windir%\explorer.com HKEY_CLASSES_ROOT\dunfile\Shell\Open\Command\(default)=%System%\rundll32.com netshell.dll,InvokeDunFile %1 HKEY_CLASSES_ROOT\ftp\Shell\Open\Command\(default)=C:\Program Files\Common Files\Internet Explorer\iexplore.com %1 HKEY_CLASSES_ROOT\htmlfile\Shell\Open\Command\(default)=C:\Program Files\Common Files\Internet Explorer\iexplore.com -nohome HKEY_CLASSES_ROOT\htmlfile\Shell\opennew\Command\(default)=C:\Program Files\Common Files\iexplore.pif %1 HKEY_CLASSES_ROOT\htmlfile\Shell\Print\Command\(default)=rundll32.com %System%\mshtml.dll,PrintHTML %1 HKEY_CLASSES_ROOT\http\Shell\opennew\Command\(default)=C:\Program Files\Common Files\iexplore.pif -nohome HKEY_CLASSES_ROOT\inffile\Shell\Install\Command\(default)=%System%\rundll32.com setupapi,InstallHinfSection DefaultInstall 132 %1 HKEY_CLASSES_ROOT\InternetShortcut\Shell\Open\Command\(default)=finder.com shdocvw.dll,OpenURL %l HKEY_CLASSES_ROOT\scrfile\Shell\Install\Command\(default)=finder.com desk.cpl,InstallScreenSaver %l HKEY_CLASSES_ROOT\scriptletfile\Shell\Generate Typelib\Command\(default)=%System%\finder.com %System%\scrobj.dll,GenerateTypeLib %1 HKEY_CLASSES_ROOT\Telnet\Shell\Open\Command\(default)=finder.com url.dll,TelnetProtocolHandler %1 HKEY_CLASSES_ROOT\Unknown\Shell\OpenAs\Command\(default)=%System%\finder.com %System%\shell32.dll,OpenAs_RunDLL %1 HKEY_CLASSES_ROOT\winfiles\DefaultIcon\(default)=%1 HKEY_CLASSES_ROOT\winfiles\Open\Command\(default)=%Windir%\exeroute.exe %1 %* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dunfile\Shell\Open\Command\(default)=%System%\rundll32.com netshell.dll,InvokeDunFile %1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\Shell\Open\Command\(default)=C:\Program Files\Common Files\Internet Explorer\iexplore.com -nohome HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\Shell\opennew\Command\(default)=C:\Program Files\Common Files\iexplore.pif -nohome HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\Shell\Open\Command\(default)=finder.com shdocvw.dll,OpenURL %l HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\Shell\Install\Command\(default)=finder.com desk.cpl,InstallScreenSaver %l HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\Shell\OpenAs\Command\(default)=%System%\finder.com %System%\shell32.dll,OpenAs_RunDLL %1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell=explorer.exe 1 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Check_Associations=No Delete files: debugprogram.exe, exeroute.exe, winlogon.exe, dxdiag.com, explorer.com, finder.com, iexplore.com, msconfig.com, regedit.com, rundll32.com, 1.com, command.pif, iexplore.pif, pagefile.pif Misc: Exact file location: iexplore.pif - C:\Program Files\Common Files iexplore.com - C:\Program Files\Internet Explorer debugprogram.exe - C:\Windows\Debug or C:\Winnt\Debug exeroute.exe, winlogon.exe, explorer.com, 1.com - C:\Windows or C:\Winnt finder.com - C:\Windows or C:\Winnt; C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32 dxdiag.com, msconfig.com, regedit.com, rundll32.com, command.pif - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32 Other programs to remove Wowcraft.d:• SUPERAntiSpyware - Review - Download• CounterSpy - Review - Download • Windows Defender - Review - Download Information added: 20/06/06 Information updated: 20/06/06 Additional resources related to Wowcraft.d:Attention: If you know or you have a website or page about Wowcraft.d removal, feel free to add a link to this list: add url
more resources Post Comment:Attention: Use this form only if you have additional information about Wowcraft.d parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
|
Latest spyware news:
 Download free MP3 now and get free adware! Can malware tactics be used for good effects? New tool to fight zombie networks came from Microsoft Spam keeps up with recent events US take botnets seriously Is anti-virus really helpful? Not a surprise attack: patched MS Windows are still vulnerable Pre-infected hardware – is there any way to fight it? Coming next: crimeware-as-a-service Scareware – malware for MacsSubscribe to news 
Similar parasites:
|
FORUM:
HELP:
