| Spyware.Borzoi removal process |
|
| Author:admin CopyFrom:web Hits: UpdateTime:2008-5-29 11:03:02 |
Begin of the article Spyware.Borzoi removal process
1.DownloadGoogle recommend safer browser Web browser, For more safe , Stay Secure on the Web and stay far away virus,Download URL http://www.oral8.net/firefox/firefox.htm
2. Temporarily Disable System Restore (Windows Me/XP).
3. Update the virus definitions. Reboot computer in SafeMode
4. Run a full system scan and clean/delete all Spyware.Borzoi infected files and Delete/Modify any values added to the registry.
Navigate to the subkey and delete the valuesas following:
When the program executes, it creates the following files:
- %UserProfile%\Application Data\Seegh\Borzoi\config.xml
- %UserProfile%\Application Data\Seegh\Borzoi\Session [DATE] at [TIME]\report.xml
- %UserProfile%\Application Data\Seegh\Borzoi\Session [DATE] at [TIME]\screenshots\[DATE] at [TIME].png
- %UserProfile%\Desktop\Borzoi Control Center.lnk
- %ProgramFiles%\Borzoi\adbho.dll
- %ProgramFiles%\Borzoi\adhk.dll
- %ProgramFiles%\Borzoi\adzip.dll
- %ProgramFiles%\Borzoi\bcc.exe
- %ProgramFiles%\Borzoi\blg.exe
- %ProgramFiles%\Borzoi\Borzoi Help.chm
- %ProgramFiles%\Borzoi\buns.exe
- %ProgramFiles%\Borzoi\gdiplus.dll
- %ProgramFiles%\Borzoi\report.xsl
- %Windìr%\eSellerateControl365.dll
- %Windìr%\eSellerateEngine.dll
Next, it creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"borzoi" = "C:\Program Files\Borzoi\blg.exe"
It also creates the following registry subkeys:
- HKEY_CURRENT_USER\Software\Seegh
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55411323-30E3-4FF7-82E5-E94545B69BAB}
- HKEY_CLASSES_ROOT\CLSID\{C915F573-4C11-4968-9080-29E611FDBE9F}
- HKEY_CLASSES_ROOT\Interface\{40A9417F-F41E-40A2-BAA5-FE0ACB1CF8F8}
- HKEY_CLASSES_ROOT\TypeLib\{169FBBF8-0478-42A4-B386-4F5B2CF9A98B}
- HKEY_CLASSES_ROOT\eSellerateControl.365.1
- HKEY_CLASSES_ROOT\eSellerateControl.365
The program may then perform the following activities on the computer:
- Record all keystrokes
- Monitor applications that are launched as well as all clipboard activities
- Take screen shots at regular intervals
- Send all of the saved logs to a predefined email address
- May schedule to run on a particular date or on a regular basis according to a Scheduler table or on Windows bootup
- Perform all of the above activities in stealth mode
5. Exit registry editor .
6.delete the IE temp files or you may download ATF temp files cleaner to run a full cleaning.and restart the computer.
8. Now you may remove Spyware.Borzoi successfully.
|
| howtoremoveInputer:admin Editor:admin |
| End Of The Article how to remove Spyware.Borzoi |
|
Back 个howtoremove:Zinaps
Next 个howtoremove: W32.Emsenush.A |
