RazeSpyware Trojan

RazeSpyware virus description
Technical details:
Categories: Trojan,Adware,Downloader,Ransomware

RazeSpyware Folders:
[%PROGRAM_FILES%]\RazeSpyware
[%PROGRAM_FILES%]\xsremover.com
[%PROGRAMS%]\razespyware
[%PROGRAM_FILES%]\razespyware

RazeSpyware Files:
[%SYSTEM%]\mswinb32.dll
[%SYSTEM%]\mswinb32.exe
[%SYSTEM%]\mswinup32.dll
[%SYSTEM%]\mswinxml.dll
[%SYSTEM%]\shell386.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winlfl32.dll
[%SYSTEM%]\{052D02B8-3386-4C0A-ACEA-59902248CC52}.exe
[%COMMON_APPDATA%]\Microsoft\Internet Explorer\Quick Launch\cmd.exe
[%DESKTOP%]\m00.exe
[%DESKTOP%]\razespyware.lnk
[%DESKTOP%]\razespywareinstaller.exe
[%SYSTEM%]\intxt.exe
[%WINDOWS%]\adw.htm
[%WINDOWS%]\silent.exe
[%SYSTEM%]\mswinb32.dll
[%SYSTEM%]\mswinb32.exe
[%SYSTEM%]\mswinup32.dll
[%SYSTEM%]\mswinxml.dll
[%SYSTEM%]\shell386.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winlfl32.dll
[%SYSTEM%]\{052D02B8-3386-4C0A-ACEA-59902248CC52}.exe
[%COMMON_APPDATA%]\Microsoft\Internet Explorer\Quick Launch\cmd.exe
[%DESKTOP%]\m00.exe
[%DESKTOP%]\razespyware.lnk
[%DESKTOP%]\razespywareinstaller.exe
[%SYSTEM%]\intxt.exe
[%WINDOWS%]\adw.htm
[%WINDOWS%]\silent.exe

RazeSpyware Registry Keys:
HKEY_CLASSES_ROOT\winapi32.mybho
HKEY_CURRENT_USER\Software\XXI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securedisk
HKEY_CLASSES_ROOT\clsid\{7a533235-a128-434b-9f8a-9300a544d191}
HKEY_CLASSES_ROOT\clsid\{a94fd42a-e405-4cd9-9486-3a341310ee2f}
HKEY_CLASSES_ROOT\clsid\{ff71228a-0d58-4e50-b592-36551f1acc01}
HKEY_CLASSES_ROOT\interface\{018080b0-d90d-46f8-86d1-4cf8ce6e8686}
HKEY_CLASSES_ROOT\interface\{9bd2b2bc-d289-4fce-b734-e4d6acbbab7d}
HKEY_CLASSES_ROOT\interface\{ade60563-5ad0-4832-a1e7-0e3a428c43c4}
HKEY_CLASSES_ROOT\typelib\{b7dfabbf-f985-4a67-8d72-ea0d9fc7c429}
HKEY_CLASSES_ROOT\winapi32.intelinks
HKEY_CLASSES_ROOT\winapi32.mybaner
HKEY_CURRENT_USER\software\razespyware
HKEY_CURRENT_USER\software\xxi\razespyware\updates
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7a533235-a128-434b-9f8a-9300a544d191}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\razespyware

RazeSpyware Registry Values:
HKEY_CURRENT_USER\software\borland\locales
HKEY_CURRENT_USER\software\borland\locales
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache
HKEY_CURRENT_USER\software\xxi\razespyware
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables


RazeSpyware indications of infection

This symptoms of RazeSpyware detection are the files, registry, and network communication referenced in the technical details section.
Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.

Also Be Aware of the Following Threats:
Remove FakeMail Hacker Tool
MIRC.Slap DoS Removal instruction
Obfuscated Downloader Removal instruction

No comments: