[Advertising.com]
Threat=“Tracking cookie or cookie of tracking site”
Description=“I won’t call a saved IP in combination with a log of visited web pages anonymous!”
[Avenue A, Inc.]
Threat=“Tracking cookie or cookie of tracking site”
Description=“They say they no longer do tracking.”
[ClickFinders]
Threat=Tracking cookie or cookie of tracking site
Description=Their cookie itself is a tracking cookie.
[CoreMetrics]
[Enliven]
Threat=Tracking cookie or cookie of tracking site
Description=A unique number and the IP would be enough for me to call it tracking; but to also save search terms is even worse.
[HitBox]
[Bluemountain]
Threat=Tracking cookie or cookie of tracking site
Description=
[Adbureau]
Threat=Tracking cookie or cookie of tracking site
[AllInOneTelcom.HotA]
Threat=Dialer
Description=Above URLs are an example for a company that is using that dialer.
[VLoading]
Threat=Security threat
[InterFun]
Threat=Dialer
Description=Upon clicking ‘enter’, a window is opened saying ‘opening website’, while in the background the connection is made.
[TTW]
Threat=Dialer
Description=To activate by phone 25 € per call and 2,50 € per minute. ActiveX install.
[RatedXXX]
Threat=Dialer
Description=Dialer for New Zealand (also international calls to NZ), also hijacker of IE start page.
[Huysuzseks]
Threat=Dialer
Description=Dialer for Australia, Austria, Belgium, Germany, Greece, Italy, Netherlands, Spain, Switzerland, Turkey, UK, US
[MoneyTree]
Description=Page installs multiple dialers. Adds itself to the list of trusted publishers. Could be a Central24 dialer because its certificate contains reference to Central24.
Threat=Dialer
[IBS]
Threat=Dialer
Description=The targeted dialer product is advertised in spam mail. Mail tells reader that ‘Claudia’ would commit suicide if the user doesn’t dial in.
[UnderageHost]
Threat=Browser hijacker
Description=Silently sets itself as IE start- and search pages (furthermore done by a file on every system start), and adds some favourites. Anyone visiting the site that installs it is sick!
[SuperSexPass]
Threat=(Unverified) Browser hijacker
Description=Redirects MSN search for URLs that could not be resolved.
[Amircivil]
Threat=Malware
Description=
[DeskMate.Tahni]
Threat=Trojan
Description=This trojan horse adds itself to systemstart and connects without user consent to the internet.It also downloads other trojan horses and malware like Zlob , SurfSideKick, Smitfraud-C.
[CastGen]
Threat=Trojan
Description=This trojan horse downloads other malware and trojans like ClimaxBucks.InternetOptimizer, Avenue Media and Media-Motor without user consent.
[Win32.Downloader.Wzip32]
Threat=Trojan
Description=This trojan horse poses as Winzip and adds itself as such in the systemstart. It also downloads other malware like ClientMn and Win32.Downloader
[Autodialer]
Threat=Dialer
Description=The dialer builds up an expensive connection to a german provider without informing the user about the fees.
[Axis]
Threat=Dialer
Description=The dialer builds up an expensive connection to a german provider without informing the user about the fees.
[BD Internet Billing]
Threat=Dialer
Description=This dialer tries to establish a connection (foreign call) to a server in australia. The connection gets started in a hidden mode in the background of the system without user permission.
[BTV Industries]
Threat=Dialer
Description=BTV Industries is a company which developes dialer that try to build up an expensive dial up connection without informing the user about possibe fees.
[Cbit-Solutions]
Threat=Dialer
Description=Cbit-solutions is an illegal dialer that tries to establish expensive connections. The user cannot see how expansive these dial-up connection is and so he will not recognize in what danger he could be.
[ConnectMePlus]
Threat=Dialer
Description=This Italian dialer tries to establish an expansive connection without informing the user about the special fees. So the user cannot see how expansive a connection is.
[Consul-Info B.V]
Threat=Dialer
Description=The Consul-Info B.V dialer connects to expensive toll numbers without user awareness.
[Dataline]
Threat=Dialer
Description=Dataline dialer establishes an expensive connection to the USA without informing the user about the special fees.
[DerBiz]
Threat=Dialer
Description=This program installs a data communication connection with which the user connects to its own provider. This causes high tolls. At the same time the program redirects IE to the provider’s web site and the user is unable to change the homepage
[Netvision]
Threat=Dialer
Description=The dialer connects to expensive toll numbers without user awareness.
[New Media]
Threat=Dialer
Description=New Media establishes an expensive connection to a 0190 number (EUR 1,98/min) without clearly informing the user.
[One2Bill]
Threat=Dialer
Description=One2Bill establishes an expensive connection to a 0900 number (0900/90001530) without informing the user about the special fees.
[Phonerdial]
Threat=Dialer
Description=The dialer connects to expensive toll numbers without users awareness.
[RST Datentechnik GmbH]
Threat=Dialer
Description=Establishes an expensive connection to 0190 numer (EUR 1,86/min) without users awareness.
[TripleSexoes]
Threat=Dialer
Description=The connects to expensive toll numbers without users awareness.
[VacPro]
Threat=Trojan
Description=This program is a trojan that tracks the user’s surfing habits. There are several variants that create a registry entry under the specific name and copy files to the System32 folder.
[WWPack32Dialer]
Threat=Dialer
Description=The dialer connects to expensive toll numbers without users awareness.
[Xgenius]
Threat=Dialer
Description=The Xgenius dialer connects to expensive toll numbers without users awareness.
[Allwebsearcher]
Threat=Hijacker
Description=AllWebSearcher redirects the IE start page to a dangerous website and always reconnects to this particular site.
[Copiloto]
Threat=Hijacker
Description=The Toolbar installs without user consent into the Internet Explorer and there is no way to uninstall it.
[IwantSearch]
Threat=Hijacker
Description=Iwantsearch changes the IE start page to a dangerous website and redirects the user this site all the time.
[Media Access]
Threat=Hijacker
Description=This hijacker installs a toolbar in IE, creates popups with dubious contents and redirects the start page to a dubious search enginge.
[Process Guard Killer 2]
Threat=Hijacker
Description=This program disables known security tools (e.g. ZoneAlarm) thus making the computer more vulnerable and enabling an attack. It can also be used to start and terminate services and to directly access the TaskManager.
[SmileyWorld]
Threat=Hijacker
Description=This hijacker installs an IE toolbar and redirects everything to a very dangerous website
[TargetSearch]
Threat=Hijacker
Description=Targetsearch sets the start page to a dangerous website and and redirects several popular sites to this page (e.g. —removed by narg—)
[TNS-Search]
Threat=Hijacker
Description=This hijacker creates a false security warning when opening IE asking the user to download the latest virus definitions. In consequence, it will install an IE toolbar, redirect the IE start page and creates a lot of icons on the desktop.
[Windowssearch]
Threat=Hijacker
Description=Hijacks the startpage of the Internet Explorer
[Wow Access]
Threat=Hijacker
Description=Wow Access changes the IE start page a dangerous website which cannot be undone.
[Macrosoft]
Threat=Malware
Description=Macrosoft installs itself into the window directory and runs on each system startup using a lot of resources without user consent and without any usefull effect.
[Phynix]
Threat=Malware
Description=Phynix installes itself on the computer and is running in the background using a lot of resources without user consent.
[QDown]
Threat=Malware
Description=Installs itself on the computer and tries to spy on the users surf behaviour. When the computer is connected to the internet the program waits for new orders to harm the computer
[R-Bot]
Threat=Trojan
Description=This trojan copies itself to the System32 folder and removes its download file. Then it tries to connect to the internet and waits for new orders to harm the computer
[NetzAny]
Threat=Browser Hijacker
Description=
[System1060]
Threat=Browser hijacker
Description=Set of files that do everything to appear as system files. Named taskmgr.exe and twunk_64.exe, both even have the original Microsoft description in their properties, but they don’t have the original functionality. Instead, they begin phoning home on system start.
[Xupiter]
Threat=Browser hijacker/BHO
Description=A hijacker that comes with it’s own IE toolbar.
[RapidBlaster]
Threat=BHO
Description=Runs in background and connects in short intervals to the internet.
[SearchAndBrowse]
Threat=BHO/Hijacker
Description=Installs a new toolbar upon leaving page. %0D%0ASee more information here: —removed by narg—
[WebEntrance]
Threat=Hijacker
[FakeWGA]
Threat=Trojan
Description=Disables the Windows firewall, adds itself and a services.exe in Windows\etc\ as services. Both run in background and are registered as autostarting services. They connect to various IPs and wait for incoming TCP and UDP connections.
[Zlob.DVBX11_Bat]
Threat=Trojan
Description=Disguises as the Bat! email client and DVB services.%0D%0ADisables the Windowssecuritycenter and enables the Windows Explorer to pass the Windows Firewall.%0D%0ARuns in backbground and hooks up to winlogon to get started at any Windows boot. As long the file bmtdhh.dll in system32 directory is active, the other files of this trojan are hidden from the WindowAPI (i.e. invisible for most applications including Explorer).%0D%0A%0D%0AIf the file bmtdhh.dll remains active in winlogon, it can recreate some of the other files and settings, to disable the file it is required to reboot windows in minimal alternate shell and rename the file manually.%0D%0AThe filename is static and it is located in the system32 directory.%0D%0A%0D%0AThe Windowssecuritycenter may need to be reinstalled to function properly.
[eUniverse.PowerSearch]
Threat=Trojan
Description=This trojan horse installs in background, connects to the internet in background, does not show up any useful function to the user and downloads other software without user consent.
[CoolWWWSearch.WinRes]
Threat=Hijacker
Description=Part of the CoolWWWSearch hijackers. It installs itself without any permission in background. It hooks itself to the Internet Explorer and redirects its searches and/or homepage to CoolWWWSearch websites, which habor other malware or fraudware.
[CoolWWWSearch.IE-Extension]
Threat=Trojan
Description=An Internet Explorer Browser Helper Object. Changes Zonemaps. The IE-Extension connects to certain Web sites and tries to download malware, every time Internet Explorer is started. Code contains traces of the spyware Vipsearcher, related to the multitudinous and reproductive CWS clan.
[Sallity.Badcro]
Threat=Malware
Description=Sallity.Badcro is a bad MS-Word macro. It copies DLLs to the Windows system folder, and creates an .exe file in the root folder.
[Win32.Small.v]
Threat=Trojan
Description=It creates an Autorun entry (“msbb”) in the registry in order to be launched on each Windows startup. It also downloads other objects without giving the user a possibility to stop this process.
[NCast]
Threat=Adware
Description=It installs an Browser Helper Object which is executed every time you run the Internet Explorer. Then it connects to —removed by narg— and displays ads in the Internet Explorer. All that happens without user consent.%0D%0A
[Fake.xpRecovery]
Threat=Malware
Description=It deletes the complete content of the hostfile. Additionally it installs a BHO which is loaded on every Internet Explorer start. Then it connects to many bad pages in the internet and tries to download files
[AdMoke]
Threat=Adware
Description=It installs an BHO wich is executed every time you start the Internet Explorer. It connects to many webpages and tries to download files. It also tries to install a chinese language package. A service is installed to be loaded on every windows startup. All that happens without user consent.
[Ad-Protect]
Threat=Malware
Description=Ad-Protect pretends to be an antispyware solution but actually does not detect any kind of malware. The program’s website contains horrifying stories about computers, espionnage etc. urging the user to install Ad-Protect.
[AdSponsor]
Threat=Adware
Description=AdSponsor gets installed on the computer without user consent and advertising popups come up when certain key words are typed.
[HappyToFind.Toolbar]
Threat=Hijacker
Description=This hijacker makes use of security holes and trojans to get installed. When it is installed it displays a toolbar that redirects to malicious websites.
[Kolweb.B]
Threat=Trojan
Description=Kolweb.B copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[SearchBy]
Threat=Hijacker
Description=The browser start page gets reset to this page if you install Ultimate Popup Killer from their homepage for free. To get rid of it, you have to uninstall Ultimate Popup Killer.
[FreeHQMovies]
Description=Pages installs dialer and hijacks IE to itself.
[Jethomepage]
Threat=Hijacker
[Desktop Detective 2000]
Threat=Keylogger
Description=Stealth, encrypted log file, remote capability.
[Desktop Spy]
Threat=Keylogger
Description=Password protected, stealth mode.
[MDSA Sentinel]
Threat=Keylogger
Description=Stealth, password protected.
[Probot]
Threat=Keylogger
Description=Stealth, password protected, remote functionality, sends log by email…
[SpyCapture]
Threat=Keylogger
Description=Can’t be found on website any more.
[SpyPC]
Threat=Keylogger
Description=Warning! Website links to other site.
[WinRecon]
Threat=Keylogger
Description=Stealth, password protected, encrypted logs, sends log as email, network capability.
[Informer]
Threat=Keylogger
Description=Stealth, sends log as mail. Uses the AFP File Monitor & Protector to protect itself against removal. Please boot into safe mode before removing.
[DSO Exploit]
Threat=Security hole
Description=There’s a security hole in IE allowing websites to execute code without asking you first. You can find more information at —removed by narg—
[BDE Projector]
Threat=Stealth network
Description=According to News.com (—removed by narg—), the BDE Software contains technologie that would allow Brilliant Digital to turn every computer with BDE installed into a node of a Brilliant controlled network. Thus Brilliant could use your computer for distributed computing without your knowledge.
[ClickTheButton]
Threat=Spyware
Description=ClickTheButton monitors your visits to shopping sites.
[ClickTillUWin]
Threat=Adware/Spyware/Trojan
Description=Hides itself using the name Explorer.exe. F-Secure lists it as a trojan (—removed by narg—).
[Cydoor]
Threat=Adware
Description=Cydoor has been using unique user IDs in the past, but is stating to do that no longer.%0D%0AFOR YOUR INFORMATION: It may be illegal and surely is illegitimate to use Cydoor-infected software after you have replaced Cydoor with the dummy. The dummy is only provided so that you may save all your data from the infected software after it has been cleaned; it is strongly suggested that you look for a spyware-free alternative.
[Expedioware]
Threat=Adware
Description=Only possible threat is the continued use of a personal ID (registration number).
[Flyswat]
Threat=Adware/Spyware
Description=Flyswat creates a User ID to every user.
[IE Plugin]
Threat=Spyware/BHO
Description=See Terms Of Use. IMI may change the software at any time and upload it to your computer without your knowledge. It also breaches your security by sending the whole URL to their server whenever it contains one of their keywords.
[Message Mates]
Threat=Adware/Possibly Spyware
Description=This product saves an identifier and keeps track of you like stated in the Privavy statement quoted above. A named feature on AdTools’ website is: ‘Comprehensive tracking’.
[WMF Exploit.NewYear2006]
Threat=Trojan
Description=connects to the internet and tries to download luckly.exe%0D%0Aalso opens the IE in background and connects it to the internet.%0D%0Aalso installs Fake.Wget Trojan%0D%0Acopies nerodll.exe into systemdirectory and enters the system through exploits like WMF
[Win32.Small.Act]
Threat=Trojan
Description=This trojan copies its dll files to the system folder and runs without user consent
[Yazzle]
Threat=PUPS
Description=This package is frequently installed in background by trojan horses. In most cases it does not run automatically and just lies dormant on the computer.
[Win32.Autoit.E]
Threat=Trojan
Description=Win32.Autoit.E copies a malicious executable file into the system directory, starts itself in autorun as “Task Manager” and “SVCHOST” without giving the user a possibility to cancel that process.
[Pigeon]
Threat=Trojan
Description=Pigeon copies a malicious library file into the system directory without giving the user a possibility to cancel that process.
[AntiLamerBackDoor]
Threat=Trojan
Description=AntiLamerBackDoor enables remote access to the infected computer. It can be remotely controlled to delete data, steal data, send emails and messages, edit the registry, show PC and ICQ passwords and change other OS settings.
[SearchPixieBar]
Threat=Hijacker
Description=SearchPixieBar installs a toolbar into the Internet Explorer without user consent. The SearchPixieBar seems to provide the possibillity to search the web like the Google Toolbar does. But in reality the search option does not work and only advertisement will be displayed.
[FM.Toolbar]
Threat=Hijacker
Description=FM.Toolbar installs a toolbar into the Internet Explorer without user consent. The FM.Toolbar seems to provide the possibillity to search the web like the Google Toolbar does. But in reality the search option does not work and only advertisement will be displayed.
[Fraud.PCHealth]
Threat=Malware
Description=Fraud.PCHealth claims to be an antispyware solution. When it is installed on the computer it shows a lot of harmless cookies, browser helper objects and autorun entries as high risk spyware problems installed by itself. When the user wants to fix these false positives he has to purchase a license.
[Win32.BHO.kv]
Threat=Trojan
Description=Win32.BHO.kv runs in background, installs itself as a browser helper object (BHO) to get started with the Internet Explorer. It also installs a service which starts this trojan horse at system start. It runs in background and connects to its malicious websites.
[AdwarePro]
Threat=Malware
Description=When it is installed AdwarePro detects a lot of entries which are false positives. When the user wants to fix these problems he has to buy a license.
[VisualBreeze]
Threat=Trojan
Description=The trojan downloads several files and installs them into the system directory. It runs in background and tries to get the user’s passwords. It also disables the Windows Secuity Center.
[RightMedia]
Threat=Trojan
Description=The web site contains adult content images, movies and messages. Automatically connects to a webserver hosting pornographical content.
[Redtube]
Threat=Malware
Description=The web site contains pornographical images, movies and live cams.
[Win32.Delf.rtk]
Threat=Trojan
Description=This trojan horse installs itself in background. It uses rootkit functions and multiple services to start itself and stay persistent on the users computer.
[IRCBot.svchost]
Threat=Trojan
Description=This trojan horse installs itself in background and pretends to be a system file. It runs in background and connects to malicious IRC channels to receive commands to harm the users computer or use the users computer for a botnet.
[Agent.Clicker]
Threat=Trojan
Description=This trojan horse installs itself in background, it also registers itself to the system start. It runs in background without user notice and connects to its malicious websites.
[Win32.Joleee.K]
Threat=Trojan
Description=Win32.Joleee.K copies a malicious executable file (“services.exe”) into the system directory, starts itself in autorun as “services” without giving the user a possibility to cancel that process. Also disables Windows firewall
[Win32.Delf.jl]
Threat=Trojan
Description=Win32.Delf.jl substitutes an original file (c:\Program Files\Internet Explorer\msvcrt.dll) to a malicious faked one. Also copies a malicious relive.dll into the CommonProgrammfiles directory without giving the user a possibility to cancel that process.
[Win32.Delf.gkw]
Threat=Trojan
Description=Win32.Delf.gkw copies an executable file into the system and Windows directories, starts itself in autorun as “Printer”, “DriveSystem” and “Spoolsrv” without giving the user a possibility to cancel that process. Also loads and installs BraveSentry, Win32.Agent.gvu, Win32.Qhost.abh, Smitfraud-C., CoolWWWSearch, Virtumonde, Win32.Agent.bfj, Win32.Agent.gvu, Win32.Agent.pz.
[PCCleaner]
Threat=Malware
Description=PCCleaner claims to be an antispyware solution and if it is installed on the computer it flags some entries as malware, which are totally harmless. When the user tries to fix these problems he has to buy a license and so the program tries to frighten users by showing false positives.
[Vegas.Red.Casino.PT]
Threat=PUPS
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with “installation finished” , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[USA.Casino.PT]
Threat=PUPS
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with “installation finished” , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Swiss.Casino.PT]
Threat=PUPS
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with “installation finished” , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Slots.PT]
Threat=PUPS
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with “installation finished” , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Sky.Kings.Casino.PT]
Threat=PUPS
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with “installation finished” , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Sierra.Star.Casino.PT]
Threat=PUPS
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with “installation finished” , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[SIA.Casino.PT]
Threat=PUPS
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with “installation finished” , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Royal.Dice.Casino.PT]
Threat=PUPS
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with “installation finished” , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Prestige.Casino.PT]
Threat=PUPS
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with “installation finished” , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Playgate.Casino.PT]
Threat=PUPS
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with “installation finished” , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[New.York.Casino.PT]
Threat=PUPS
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with “installation finished” , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Mega.Sport.Casino.PT]
Threat=PUPS
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with “installation finished” , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Mansion.Casino.PT]
Threat=PUPS
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with “installation finished” , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Magic.Box.Casino.PT]
Threat=PUPS
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with “installation finished” , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
