Trojan Adclicker ? Help! I have vista!
After my PC tools:internet security scanned my computer today I found the Trojan.
I believe this trojan is also referred to as virtualmundo or it has some tie to this. From what the virus scan says it is Trojan.Adclicker..
While searching the web I found this trojan is for the XP. But I have windows vista.
The following are the registry keys as well as a screen shot of my PC tools as well as a typed out registry key values that PC tools has recognized as belonging to the Trojan. I tried to fix it with PC tools and I cannot find the registry values any longer except for the one that says it is to be repaired. I do not know if i have fixed the problem are not. Registry values the scan found are below..Please help!:
Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet Explorer\ActiveX compatiblility\{4AFC04A3-B551-4B68-9BEB-8677D90150D9},Compatiblity Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet Explorer\ActiveX compatiblility\{4AFC04A3-B551-4B68-9BEB-8677D90150D9},Pst
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet Explorer\ActiveX compatiblility\{54485651-524A-4245-5846-2D514F312230},Compatiblity Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet Explorer\ActiveX compatiblility\{54485651-524A-4245-5846-2D514F312230},Pst
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet Explorer\ActiveX compatiblility\{5CC2F638-99FF-45D2-97C7-E30E83CF04D2},Compatiblity Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet Explorer\ActiveX compatiblility\{5CC2F638-99FF-45D2-97C7-E30E83CF04D2},Pst
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet Explorer\ActiveX compatiblility\{D7BF4552-94F1-42BD-F434-3604812C856D},Compatiblity Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet Explorer\ActiveX compatiblility\{D7BF4552-94F1-42BD-F434-3604812C856D},Pst
Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet Explorer\ActiveX compatiblility\{4AFC04A3-B551-4B68-9BEB-8677D90150D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet Explorer\ActiveX compatiblility\{54485651-524A-4245-5846-2D514F312230}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet Explorer\ActiveX compatiblility\{5CC2F638-99FF-45D2-97C7-E30E83CF04D2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet Explorer\ActiveX compatiblility\{D7BF4552-94F1-42BD-F434-3604812C856D}
Registry Value to be repaired:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bits\Parameters,ServiceDll
You can leave an optional "tip" with Mahalo's virtual currency, Mahalo Dollars. If you are asking a difficult question that might require some research, or if you'd like a wide variety of feedback, a higher tip often leads to more answers to your question.
M$6 Answers
You can leave an optional "tip" with Mahalo's virtual currency, Mahalo Dollars. If you are asking a difficult question that might require some research, or if you'd like a wide variety of feedback, a higher tip often leads to more answers to your question.
M$
1. Copies itself to your computer, often to the Windows or System folder.
2. Sends HTTP requests to various Web sites. The request typically takes the form of an HTTP GET request, with the Referer field set to a Web site, which the Trojan's author controls.
3. Depending on the variant, the Trojan may also do the following:
* Add a value:
""=""
to one of the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the Trojan runs when you start Windows.
You can leave an optional "tip" with Mahalo's virtual currency, Mahalo Dollars. If you are asking a difficult question that might require some research, or if you'd like a wide variety of feedback, a higher tip often leads to more answers to your question.
M$
http://www.malwarebytes.org/
http://www.superantispyware.com/
You can leave an optional "tip" with Mahalo's virtual currency, Mahalo Dollars. If you are asking a difficult question that might require some research, or if you'd like a wide variety of feedback, a higher tip often leads to more answers to your question.
M$Trojan Adclicker can also be removed without the aid of an anti-malware program. To remove Trojan Adclicker manually, open the Registry Editor and delete the following registry entries:
Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
Then, open the Command Prompt and use it to delete the following dynamic link libraries and files:
%System%\kbd101b.dll
%System%\kbd101c.dll
%System%\kbd103.dll
%Windir%\Temp\OLD12.tmp
%System%\kbd101b.dll
%Windir%\Temp\OLD16.tmp
%System%\kbd101c.dll
%Windir%\Temp\OLD1A.tmp
%System%\kbd103.dll
Removing Trojan Adclicker manually is a technical process that, if done incorrectly, can cause significant problems that may require you to re-install the Windows operating system. Therefore, inexperienced users should avoid removing Trojan Adclicker manually.
Read more: http://www.registryfast.com/error-exe/Trojan-Remover-.exe.html
You can leave an optional "tip" with Mahalo's virtual currency, Mahalo Dollars. If you are asking a difficult question that might require some research, or if you'd like a wide variety of feedback, a higher tip often leads to more answers to your question.
M$
Disable the System Restore feature on your computer. If this is still turned on, the system will restore any deleted files, including those infected by the Trojan horse. This can be done by going into the My Computer file and looking for the Performance option. Then select File System, Troubleshooting and Disable System Restore.
Turn on the computer and run it in safe mode. Restart the computer and when the words begin appearing on the screen, press the F8 key. This takes you to a new screen, where you'll select the safe mode option. Let the computer start as it regularly would before you continue.
Go into the Control Panel by clicking on the "Start" button at the bottom left-hand side of the screen and looking for the Control Panel. Select the Add or Remove Programs icon. The computer should then show a list of all programs existing on your system.
Look for programs that include Spyware or adware on your computer and select the Remove program option. Many users have found it helpful to look for programs that they didn't install and those that were installed when they downloaded a game or other program onto their computer.
Open the Windows System folder and delete all files that include the Trojan virus extension. Go through the list twice to make sure you removed all virus files. Then restart the computer in normal mode and check the folder again. If all the files are gone, you'll be ready to move on. If there are any remaining, remove them and restart the computer
You can leave an optional "tip" with Mahalo's virtual currency, Mahalo Dollars. If you are asking a difficult question that might require some research, or if you'd like a wide variety of feedback, a higher tip often leads to more answers to your question.
M$If the above Prevx program doesnt get rid of it
Click Start, and then click Run.
Type regedit
Then click OK.
Navigate to each of the keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the any value that refers to the file detected
http://www.dllcure.com/
You can leave an optional "tip" with Mahalo's virtual currency, Mahalo Dollars. If you are asking a difficult question that might require some research, or if you'd like a wide variety of feedback, a higher tip often leads to more answers to your question.
M$
