Free spyware removal and spyware protection
Unfortunately, defeating spyware is harder than evading conventional viruses.
Spyware is any potentially-unwanted program that makes undesirable changes to your computer and/or collects information about user activities, without consent, usually for financial gain. That definition may be fine in the abstract, but making concrete decisions about which programs are really spyware can he difficult.
Please visit the download section of this website and you will find a few simple and FREE applications written by different authors in which I have found throughout the years of facing spyware and viruses over 100 times, to be the most affective and free of course, way to keep your computer clean of worms, popups, spyware and other malicious computer bugs. ( If your computer is already affected, these programs might not completely get rid of your problem, but it will prevent from any more damage. I my self have tested these simple and free applications many times, on hundreds of PC computers, and I am happy to share my years of extensive research and trial and error to help you live a bug free pc lifestyle.
Spyware is any potentially-unwanted program that makes undesirable changes to your computer and/or collects information about user activities, without consent, usually for financial gain. That definition may be fine in the abstract, but making concrete decisions about which programs are really spyware can he difficult.
Please visit the download section of this website and you will find a few simple and FREE applications written by different authors in which I have found throughout the years of facing spyware and viruses over 100 times, to be the most affective and free of course, way to keep your computer clean of worms, popups, spyware and other malicious computer bugs. ( If your computer is already affected, these programs might not completely get rid of your problem, but it will prevent from any more damage. I my self have tested these simple and free applications many times, on hundreds of PC computers, and I am happy to share my years of extensive research and trial and error to help you live a bug free pc lifestyle.
GPCoder.h Trojan Win32 ransomware trojan
Wednesday, January 9, 2008
This is a detection for a ransomware trojan. It encrypts files on the harddrive, creates a text-file indicating what has happened, and gives email addresses to send the ransom money to.
Aliases
* Backdoor:Win32/Kollah.D (Microsoft)
* TSPY_KOLLAH.F (TrendMicro)
* Virus.Win32.Gpcode.ai (Kaspersky)
Characteristics
-- Update July 17, 2007 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
This trojan encrypts documents, depending on the file extension, and then attempts to extort money from the victim in order for them to obtain a decryptor tool to recover the documents.
When run this trojan searches for files using the following extensions:
* .12m
* .3ds
* .3dx
* .4ge
* .4gl
* .7z
* .a
* .a86
* .abc
* .acd
* .ace
* .act
* .ada
* .adi
* .aex
* .af3
* .afd
* .ag4
* .ai
* .aif
* .aifc
* .aiff
* .ain
* .aio
* .ais
* .akf
* .alv
* .amp
* .ans
* .ap
* .apa
* .apo
* .app
* .arc
* .arh
* .arj
* .arx
* .asc
* .asm
* .ask
* .au
* .bak
* .bas
* .bb
* .bcb
* .bcp
* .bdb
* .bh
* .bib
* .bpr
* .bsa
* .btr
* .bup
* .bwb
* .bz
* .bz2
* .c
* .c86
* .cac
* .cbl
* .cc
* .cdb
* .cdr
* .cgi
* .cmd
* .cnt
* .cob
* .col
* .cpp
* .cpt
* .crp
* .cru
* .csc
* .css
* .csv
* .ctx
* .cvs
* .cwb
* .cwk
* .cxe
* .cxx
* .cyp
* .d
* .db
* .db0
* .db1
* .db2
* .db3
* .db4
* .dba
* .dbb
* .dbc
* .dbd
* .dbe
* .dbf
* .dbk
* .dbm
* .dbo
* .dbq
* .dbt
* .dbx
* .dfm
* .djvu
* .dic
* .dif
* .dm
* .dmd
* .doc
* .dok
* .dot
* .dox
* .dsc
* .dwg
* .dxf
* .dxr
* .eps
* .exp
* .f
* .fas
* .fax
* .fdb
* .fla
* .flb
* .frm
* .fm
* .fox
* .frm
* .frt
* .frx
* .fsl
* .gtd
* .gif
* .gz
* .gzip
* .h
* .ha
* .hh
* .hjt
* .hog
* .hpp
* .htm
* .html
* .htx
* .ice
* .icf
* .inc
* .ish
* .iso
* .jar
* .jad
* .java
* .jpg
* .jpeg
* .js
* .jsp
* .key
* .kwm
* .lst
* .lwp
* .lzh
* .lzs
* .lzw
* .ma
* .mak
* .man
* .maq
* .mar
* .mbx
* .mdb
* .mdf
* .mid
* .mo
* .myd
* .obj
* .old
* .p12
* .pak
* .pas
* .pdf
* .pem
* .pfx
* .php
* .php3
* .php4
* .pgp
* .pkr
* .pl
* .pm3
* .pm4
* .pm5
* .pm6
* .png
* .ppt
* .pps
* .prf
* .prx
* .ps
* .psd
* .pst
* .pw
* .pwa
* .pwl
* .pwm
* .pwp
* .pxl
* .py
* .rar
* .res
* .rle
* .rmr
* .rnd
* .rtf
* .safe
* .sar
* .skr
* .sln
* .swf
* .sql
* .tar
* .tbb
* .tex
* .tga
* .tgz
* .tif
* .tiff
* .txt
* .vb
* .vp
* .wps
* .xcr
* .xls
* .xml
* .zip
Found documents are encoded and a text file named read_me.txt is placed in the directory containing the following text:
Hello, your files are encrypted with RSA-4096 algorithm
(http://en.wikipedia.org/wiki/RSA).
You will need at least few years to decrypt these files without our
software. All your private information for last 3 months were
collected and sent to us.
To decrypt your files you need to buy our software. The price is $300.
To buy our software please contact us at: %s and provide us
your personal code %d. After successful purchase we will send
your decrypting tool, and your private information will be deleted
from our system.
If you will not contact us until 07/15/2007 your private information
will be shared and you will lost all your data.
Glamorous team
The following registry key is created to run itself at Windows login:
# HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
\winlogon\userinit = "%SysDir%\userinit.exe, %SysDir%\ntos.exe,"
(Where SysDir is the Windows System directory, e.g. C:\Windows\System32)
Symptoms
* File types mentioned previously, overwritten with "garbage" (encrypted data).
* Presence of aforementioned read_me.txt files.
Method of Infection
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Aliases
* Backdoor:Win32/Kollah.D (Microsoft)
* TSPY_KOLLAH.F (TrendMicro)
* Virus.Win32.Gpcode.ai (Kaspersky)
Characteristics
-- Update July 17, 2007 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
This trojan encrypts documents, depending on the file extension, and then attempts to extort money from the victim in order for them to obtain a decryptor tool to recover the documents.
When run this trojan searches for files using the following extensions:
* .12m
* .3ds
* .3dx
* .4ge
* .4gl
* .7z
* .a
* .a86
* .abc
* .acd
* .ace
* .act
* .ada
* .adi
* .aex
* .af3
* .afd
* .ag4
* .ai
* .aif
* .aifc
* .aiff
* .ain
* .aio
* .ais
* .akf
* .alv
* .amp
* .ans
* .ap
* .apa
* .apo
* .app
* .arc
* .arh
* .arj
* .arx
* .asc
* .asm
* .ask
* .au
* .bak
* .bas
* .bb
* .bcb
* .bcp
* .bdb
* .bh
* .bib
* .bpr
* .bsa
* .btr
* .bup
* .bwb
* .bz
* .bz2
* .c
* .c86
* .cac
* .cbl
* .cc
* .cdb
* .cdr
* .cgi
* .cmd
* .cnt
* .cob
* .col
* .cpp
* .cpt
* .crp
* .cru
* .csc
* .css
* .csv
* .ctx
* .cvs
* .cwb
* .cwk
* .cxe
* .cxx
* .cyp
* .d
* .db
* .db0
* .db1
* .db2
* .db3
* .db4
* .dba
* .dbb
* .dbc
* .dbd
* .dbe
* .dbf
* .dbk
* .dbm
* .dbo
* .dbq
* .dbt
* .dbx
* .dfm
* .djvu
* .dic
* .dif
* .dm
* .dmd
* .doc
* .dok
* .dot
* .dox
* .dsc
* .dwg
* .dxf
* .dxr
* .eps
* .exp
* .f
* .fas
* .fax
* .fdb
* .fla
* .flb
* .frm
* .fm
* .fox
* .frm
* .frt
* .frx
* .fsl
* .gtd
* .gif
* .gz
* .gzip
* .h
* .ha
* .hh
* .hjt
* .hog
* .hpp
* .htm
* .html
* .htx
* .ice
* .icf
* .inc
* .ish
* .iso
* .jar
* .jad
* .java
* .jpg
* .jpeg
* .js
* .jsp
* .key
* .kwm
* .lst
* .lwp
* .lzh
* .lzs
* .lzw
* .ma
* .mak
* .man
* .maq
* .mar
* .mbx
* .mdb
* .mdf
* .mid
* .mo
* .myd
* .obj
* .old
* .p12
* .pak
* .pas
* .pem
* .pfx
* .php
* .php3
* .php4
* .pgp
* .pkr
* .pl
* .pm3
* .pm4
* .pm5
* .pm6
* .png
* .ppt
* .pps
* .prf
* .prx
* .ps
* .psd
* .pst
* .pw
* .pwa
* .pwl
* .pwm
* .pwp
* .pxl
* .py
* .rar
* .res
* .rle
* .rmr
* .rnd
* .rtf
* .safe
* .sar
* .skr
* .sln
* .swf
* .sql
* .tar
* .tbb
* .tex
* .tga
* .tgz
* .tif
* .tiff
* .txt
* .vb
* .vp
* .wps
* .xcr
* .xls
* .xml
* .zip
Found documents are encoded and a text file named read_me.txt is placed in the directory containing the following text:
Hello, your files are encrypted with RSA-4096 algorithm
(http://en.wikipedia.org/wiki/RSA).
You will need at least few years to decrypt these files without our
software. All your private information for last 3 months were
collected and sent to us.
To decrypt your files you need to buy our software. The price is $300.
To buy our software please contact us at: %s and provide us
your personal code %d. After successful purchase we will send
your decrypting tool, and your private information will be deleted
from our system.
If you will not contact us until 07/15/2007 your private information
will be shared and you will lost all your data.
Glamorous team
The following registry key is created to run itself at Windows login:
# HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
\winlogon\userinit = "%SysDir%\userinit.exe, %SysDir%\ntos.exe,"
(Where SysDir is the Windows System directory, e.g. C:\Windows\System32)
Symptoms
* File types mentioned previously, overwritten with "garbage" (encrypted data).
* Presence of aforementioned read_me.txt files.
Method of Infection
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
