Wednesday, November 12, 2008

SillyDl Trojan

Click here to remove SillyDl malware
SillyDl description:
SillyDl Category:Trojan,Adware,Toolbar,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Detection SillyDl :

SillyDl Files:
[%INTERNET_CACHE%]\Content.IE5\4LM3S9IZ\L2[1].exe
[%INTERNET_CACHE%]\content.ie5\K3TRUY71\tool3[1].txt
[%INTERNET_CACHE%]\content.ie5\VYSFJHOX\ms1[1].txt
[%PROFILE_TEMP%]\1245934_4056_580_3468_79.41.tst
[%PROFILE_TEMP%]\1311928_2992_580_2720_79.41.tst
[%PROFILE_TEMP%]\131658_2360_200_2420_79.41.tst
[%PROFILE_TEMP%]\131658_2360_200_2448_79.41.tst
[%PROFILE_TEMP%]\131736_1332_348_1076_79.41.tst
[%PROFILE_TEMP%]\131802_3512_1848_3668_79.41.tst
[%PROFILE_TEMP%]\1376672_4056_580_3668_79.41.tst
[%PROFILE_TEMP%]\1835924_4056_580_1172_79.41.tst
[%PROFILE_TEMP%]\1901206_236_224_3244_79.41.tst
[%PROFILE_TEMP%]\1966774_4056_580_2888_79.41.tst
[%PROFILE_TEMP%]\2097914_1300_580_4064_79.41.tst
[%PROFILE_TEMP%]\262708_236_224_1640_79.41.tst
[%PROFILE_TEMP%]\328360_3512_1848_3552_79.41.tst
[%PROFILE_TEMP%]\590892_1968_580_1572_79.41.tst
[%PROFILE_TEMP%]\6226776_2992_580_2932_79.41.tst
[%PROFILE_TEMP%]\656248_616_2024_3032_79.41.tst
[%PROFILE_TEMP%]\656268_3512_1848_2256_79.41.tst
[%PROFILE_TEMP%]\656432_1968_580_3636_79.41.tst
[%PROFILE_TEMP%]\66306_1016_224_2100_79.41.tst
[%PROFILE_TEMP%]\66326_1332_348_612_79.41.tst
[%PROFILE_TEMP%]\66362_2568_212_3020_79.41.tst
[%PROFILE_TEMP%]\66534_2360_200_3400_79.41.tst
[%PROFILE_TEMP%]\6YQoWs.exe
[%PROFILE_TEMP%]\7340640_616_2024_2116_79.41.tst
[%PROFILE_TEMP%]\787048_2568_212_3896_79.41.tst
[%PROFILE_TEMP%]\983876_2992_580_3020_79.41.tst
[%PROFILE_TEMP%]\984042_2992_580_3184_79.41.tst
[%PROFILE_TEMP%]\btgrab.inf
[%PROFILE_TEMP%]\ceQau6.exe
[%PROFILE_TEMP%]\E2f8oD.exe
[%PROFILE_TEMP%]\GLF35GLF35.EXE
[%PROFILE_TEMP%]\ICD2.tmp\m67m.inf
[%PROFILE_TEMP%]\ICD6.tmp\elite.inf
[%PROFILE_TEMP%]\ICD6.tmp\elite.ocx
[%PROFILE_TEMP%]\istsv_.exe
[%PROFILE_TEMP%]\kmGc9H.exe
[%PROFILE_TEMP%]\localNrd.inf
[%PROFILE_TEMP%]\ma11x1dd12111v.game
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\polmx.exe
[%PROFILE_TEMP%]\polmx2.inf
[%PROFILE_TEMP%]\polmx3.exe
[%PROFILE_TEMP%]\poltt.cab
[%PROFILE_TEMP%]\poltt.exe
[%PROFILE_TEMP%]\poltt.inf
[%PROFILE_TEMP%]\pre.exe
[%PROFILE_TEMP%]\temp.fr????\istsvc.exe
[%PROFILE_TEMP%]\THI1E47.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI2855.tmp\btgrab.inf
[%PROFILE_TEMP%]\THI30CA.tmp\polall1m.exe
[%PROFILE_TEMP%]\THI3263.tmp\polall1m.exe
[%PROFILE_TEMP%]\THI3B2A.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI3E66.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI411B.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI4313.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI4EFD.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI50FB.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI598C.tmp\btgrab.inf
[%PROFILE_TEMP%]\THI5A06.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI62BF.tmp\polall1t.exe
[%PROFILE_TEMP%]\THI62BF.tmp\twaintec.cab
[%PROFILE_TEMP%]\ts_8_new.exe
[%PROFILE_TEMP%]\xI8bHF.exe
[%PROFILE_TEMP%]\Y7TDSp.exe
[%PROGRAM_FILES%]\epicenter\snuninst.exe
[%SYSTEM%]\0.exe
[%SYSTEM%]\aaa00000.dll
[%SYSTEM%]\aaa00000.sys
[%SYSTEM%]\big5_gb2312.exe
[%SYSTEM%]\bpara.dll
[%SYSTEM%]\Cache\us4.0-2.exe
[%SYSTEM%]\cpoepnkf.exe
[%SYSTEM%]\dllhost32.exe
[%SYSTEM%]\elitedoolsav.dat
[%SYSTEM%]\laesbpfl.exe_
[%SYSTEM%]\m1ax1d1213216143v.exe
[%SYSTEM%]\my_update.exe
[%SYSTEM%]\oiimvtre.exe
[%SYSTEM%]\polall1m.exe
[%SYSTEM%]\start32.exe
[%SYSTEM%]\systf.dll
[%SYSTEM%]\TheMatri1HasYou.exe
[%SYSTEM%]\ujscvhfh.exe
[%SYSTEM%]\vbefsspc.exe
[%SYSTEM%]\winsrv32.exe
[%SYSTEM%]\xplugin.dll
[%SYSTEM%]\xvlqqfbx.exe
[%WINDOWS%]\1.exe
[%WINDOWS%]\109uninst.exe
[%WINDOWS%]\alchem.exe
[%WINDOWS%]\BTGrab.dll
[%WINDOWS%]\Downloaded Program Files\m67m.inf
[%WINDOWS%]\etb\etl
[%WINDOWS%]\etb\nt_hide79.dll
[%WINDOWS%]\etb\pokapoka79.exe
[%WINDOWS%]\etb\xml\adult.tbr
[%WINDOWS%]\etb\xml\images\50kwincash2.bmp
[%WINDOWS%]\etb\xml\images\casino.bmp
[%WINDOWS%]\etb\xml\images\dating.bmp
[%WINDOWS%]\etb\xml\images\findemails.bmp
[%WINDOWS%]\etb\xml\images\ringtones.bmp
[%WINDOWS%]\etb\xml\images\searchpeople.bmp
[%WINDOWS%]\etb\xml\images\virus.bmp
[%WINDOWS%]\inf\btgrab.inf
[%WINDOWS%]\inf\localNrd.inf
[%WINDOWS%]\localNRD.dll
[%WINDOWS%]\mousepad12.exe
[%WINDOWS%]\ms044779575-1262006.exe
[%WINDOWS%]\polmx.exe
[%WINDOWS%]\preinsln.exe
[%WINDOWS%]\TEMP\b.com
[%WINDOWS%]\temp\backups\backup-20060602-131510-617.inf
[%WINDOWS%]\TEMP\bl4ck.com
[%WINDOWS%]\TEMP\ma11x1dd12111v.game
[%WINDOWS%]\thin.exe
[%WINDOWS%]\videoc.ocx
[%WINDOWS%]\win32105-1264779572006.exe
[%PROFILE_TEMP%]\conscorr.exe
[%PROFILE_TEMP%]\msshed32.exe
[%PROFILE_TEMP%]\suicidetb.exe
[%PROFILE_TEMP%]\temporary directory 1 for jcrea250[1].zip\setup.exe
[%PROFILE_TEMP%]\thi14a5.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi15e8.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi174f.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi1832.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi1f8d.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi2357.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi23f0.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi261a.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi261a.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi261a.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi2e2b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi334f.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi36e.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi390d.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi3a0.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi3c79.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi400a.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4020.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi406.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4941.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4a64.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4e3b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4e88.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi5249.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi5291.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi542b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi565d.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi5755.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi58e1.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi5c06.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6513.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi659c.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi67dd.tmp\btgrab.dll
[%PROFILE_TEMP%]\thi67dd.tmp\btgrab.inf
[%PROFILE_TEMP%]\thi686d.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi69c9.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6b86.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6ea2.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi734b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi76c9.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi7caf.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi7fc9.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi7fd.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi98a.tmp\polall1m.exe
[%PROFILE_TEMP%]\thia59.tmp\polall1m.exe
[%PROFILE_TEMP%]\thib58.tmp\polall1m.exe
[%PROFILE_TEMP%]\thib6f.tmp\polall1m.exe
[%SYSTEM%]\12345.exe
[%SYSTEM%]\akazafex.exe
[%SYSTEM%]\avtapi.exe
[%SYSTEM%]\deinst_qfe002.exe
[%SYSTEM%]\elitefmj32.exe
[%SYSTEM%]\elitekck32.exe
[%SYSTEM%]\elitexdx32.exe
[%SYSTEM%]\hrbogl.exe
[%SYSTEM%]\ixsso.exe
[%SYSTEM%]\mirindaspk.exe
[%SYSTEM%]\mssaru.exe
[%SYSTEM%]\msshed32.exe
[%SYSTEM%]\PID.EXE
[%SYSTEM%]\systp.exe
[%SYSTEM%]\w3b384d1.dll
[%SYSTEM%]\w3b69adb.dll
[%SYSTEM%]\wfusqayn.exe
[%SYSTEM%]\wiascr.exe
[%SYSTEM%]\wmicsmgr.dll
[%SYSTEM%]\zrupga.exe
[%SYSTEM%]\zshf5459.dll
[%WINDOWS%]\btgrab.dll
[%WINDOWS%]\conscorr.exe
[%WINDOWS%]\dmvkx.exe
[%WINDOWS%]\down.exe
[%WINDOWS%]\file1.exe
[%WINDOWS%]\file2.exe
[%WINDOWS%]\INF\CDLMAIL.EXE
[%WINDOWS%]\INF\system_oper.exe
[%WINDOWS%]\INF\SYS_REQ.EXE
[%WINDOWS%]\java\classes\cmmon.scr
[%WINDOWS%]\java\classes\explorer.scr
[%WINDOWS%]\java\classes\smsss.scr
[%WINDOWS%]\localnrd.dll
[%WINDOWS%]\mstray.exe
[%WINDOWS%]\odbint.dll
[%WINDOWS%]\polmx3.exe
[%WINDOWS%]\Sloopy7.exe
[%WINDOWS%]\syskey.ini
[%WINDOWS%]\system32\win.ini.t00
[%WINDOWS%]\system\coreak.dll
[%WINDOWS%]\system\evjpfd.exe
[%WINDOWS%]\system\fabmax.exe
[%WINDOWS%]\system\ihpxtg.exe
[%WINDOWS%]\system\odrosh.exe
[%WINDOWS%]\system\oocdngv.exe
[%WINDOWS%]\system\qmdkkp.exe
[%WINDOWS%]\system\xewobv.exe
[%WINDOWS%]\system\xwxnwhcw.exe
[%WINDOWS%]\system\ypojlw.exe
[%WINDOWS%]\temp\alchem.exe
[%WINDOWS%]\temp\polmx.exe
[%WINDOWS%]\temp\polmx3.exe
[%WINDOWS%]\temp\thi677c.tmp\polall1t.exe
[%WINDOWS%]\terra.exe
[%INTERNET_CACHE%]\Content.IE5\4LM3S9IZ\L2[1].exe
[%INTERNET_CACHE%]\content.ie5\K3TRUY71\tool3[1].txt
[%INTERNET_CACHE%]\content.ie5\VYSFJHOX\ms1[1].txt
[%PROFILE_TEMP%]\1245934_4056_580_3468_79.41.tst
[%PROFILE_TEMP%]\1311928_2992_580_2720_79.41.tst
[%PROFILE_TEMP%]\131658_2360_200_2420_79.41.tst
[%PROFILE_TEMP%]\131658_2360_200_2448_79.41.tst
[%PROFILE_TEMP%]\131736_1332_348_1076_79.41.tst
[%PROFILE_TEMP%]\131802_3512_1848_3668_79.41.tst
[%PROFILE_TEMP%]\1376672_4056_580_3668_79.41.tst
[%PROFILE_TEMP%]\1835924_4056_580_1172_79.41.tst
[%PROFILE_TEMP%]\1901206_236_224_3244_79.41.tst
[%PROFILE_TEMP%]\1966774_4056_580_2888_79.41.tst
[%PROFILE_TEMP%]\2097914_1300_580_4064_79.41.tst
[%PROFILE_TEMP%]\262708_236_224_1640_79.41.tst
[%PROFILE_TEMP%]\328360_3512_1848_3552_79.41.tst
[%PROFILE_TEMP%]\590892_1968_580_1572_79.41.tst
[%PROFILE_TEMP%]\6226776_2992_580_2932_79.41.tst
[%PROFILE_TEMP%]\656248_616_2024_3032_79.41.tst
[%PROFILE_TEMP%]\656268_3512_1848_2256_79.41.tst
[%PROFILE_TEMP%]\656432_1968_580_3636_79.41.tst
[%PROFILE_TEMP%]\66306_1016_224_2100_79.41.tst
[%PROFILE_TEMP%]\66326_1332_348_612_79.41.tst
[%PROFILE_TEMP%]\66362_2568_212_3020_79.41.tst
[%PROFILE_TEMP%]\66534_2360_200_3400_79.41.tst
[%PROFILE_TEMP%]\6YQoWs.exe
[%PROFILE_TEMP%]\7340640_616_2024_2116_79.41.tst
[%PROFILE_TEMP%]\787048_2568_212_3896_79.41.tst
[%PROFILE_TEMP%]\983876_2992_580_3020_79.41.tst
[%PROFILE_TEMP%]\984042_2992_580_3184_79.41.tst
[%PROFILE_TEMP%]\btgrab.inf
[%PROFILE_TEMP%]\ceQau6.exe
[%PROFILE_TEMP%]\E2f8oD.exe
[%PROFILE_TEMP%]\GLF35GLF35.EXE
[%PROFILE_TEMP%]\ICD2.tmp\m67m.inf
[%PROFILE_TEMP%]\ICD6.tmp\elite.inf
[%PROFILE_TEMP%]\ICD6.tmp\elite.ocx
[%PROFILE_TEMP%]\istsv_.exe
[%PROFILE_TEMP%]\kmGc9H.exe
[%PROFILE_TEMP%]\localNrd.inf
[%PROFILE_TEMP%]\ma11x1dd12111v.game
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\polmx.exe
[%PROFILE_TEMP%]\polmx2.inf
[%PROFILE_TEMP%]\polmx3.exe
[%PROFILE_TEMP%]\poltt.cab
[%PROFILE_TEMP%]\poltt.exe
[%PROFILE_TEMP%]\poltt.inf
[%PROFILE_TEMP%]\pre.exe
[%PROFILE_TEMP%]\temp.fr????\istsvc.exe
[%PROFILE_TEMP%]\THI1E47.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI2855.tmp\btgrab.inf
[%PROFILE_TEMP%]\THI30CA.tmp\polall1m.exe
[%PROFILE_TEMP%]\THI3263.tmp\polall1m.exe
[%PROFILE_TEMP%]\THI3B2A.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI3E66.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI411B.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI4313.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI4EFD.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI50FB.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI598C.tmp\btgrab.inf
[%PROFILE_TEMP%]\THI5A06.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI62BF.tmp\polall1t.exe
[%PROFILE_TEMP%]\THI62BF.tmp\twaintec.cab
[%PROFILE_TEMP%]\ts_8_new.exe
[%PROFILE_TEMP%]\xI8bHF.exe
[%PROFILE_TEMP%]\Y7TDSp.exe
[%PROGRAM_FILES%]\epicenter\snuninst.exe
[%SYSTEM%]\0.exe
[%SYSTEM%]\aaa00000.dll
[%SYSTEM%]\aaa00000.sys
[%SYSTEM%]\big5_gb2312.exe
[%SYSTEM%]\bpara.dll
[%SYSTEM%]\Cache\us4.0-2.exe
[%SYSTEM%]\cpoepnkf.exe
[%SYSTEM%]\dllhost32.exe
[%SYSTEM%]\elitedoolsav.dat
[%SYSTEM%]\laesbpfl.exe_
[%SYSTEM%]\m1ax1d1213216143v.exe
[%SYSTEM%]\my_update.exe
[%SYSTEM%]\oiimvtre.exe
[%SYSTEM%]\polall1m.exe
[%SYSTEM%]\start32.exe
[%SYSTEM%]\systf.dll
[%SYSTEM%]\TheMatri1HasYou.exe
[%SYSTEM%]\ujscvhfh.exe
[%SYSTEM%]\vbefsspc.exe
[%SYSTEM%]\winsrv32.exe
[%SYSTEM%]\xplugin.dll
[%SYSTEM%]\xvlqqfbx.exe
[%WINDOWS%]\1.exe
[%WINDOWS%]\109uninst.exe
[%WINDOWS%]\alchem.exe
[%WINDOWS%]\BTGrab.dll
[%WINDOWS%]\Downloaded Program Files\m67m.inf
[%WINDOWS%]\etb\etl
[%WINDOWS%]\etb\nt_hide79.dll
[%WINDOWS%]\etb\pokapoka79.exe
[%WINDOWS%]\etb\xml\adult.tbr
[%WINDOWS%]\etb\xml\images\50kwincash2.bmp
[%WINDOWS%]\etb\xml\images\casino.bmp
[%WINDOWS%]\etb\xml\images\dating.bmp
[%WINDOWS%]\etb\xml\images\findemails.bmp
[%WINDOWS%]\etb\xml\images\ringtones.bmp
[%WINDOWS%]\etb\xml\images\searchpeople.bmp
[%WINDOWS%]\etb\xml\images\virus.bmp
[%WINDOWS%]\inf\btgrab.inf
[%WINDOWS%]\inf\localNrd.inf
[%WINDOWS%]\localNRD.dll
[%WINDOWS%]\mousepad12.exe
[%WINDOWS%]\ms044779575-1262006.exe
[%WINDOWS%]\polmx.exe
[%WINDOWS%]\preinsln.exe
[%WINDOWS%]\TEMP\b.com
[%WINDOWS%]\temp\backups\backup-20060602-131510-617.inf
[%WINDOWS%]\TEMP\bl4ck.com
[%WINDOWS%]\TEMP\ma11x1dd12111v.game
[%WINDOWS%]\thin.exe
[%WINDOWS%]\videoc.ocx
[%WINDOWS%]\win32105-1264779572006.exe
[%PROFILE_TEMP%]\conscorr.exe
[%PROFILE_TEMP%]\msshed32.exe
[%PROFILE_TEMP%]\suicidetb.exe
[%PROFILE_TEMP%]\temporary directory 1 for jcrea250[1].zip\setup.exe
[%PROFILE_TEMP%]\thi14a5.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi15e8.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi174f.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi1832.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi1f8d.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi2357.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi23f0.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi261a.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi261a.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi261a.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi2e2b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi334f.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi36e.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi390d.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi3a0.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi3c79.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi400a.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4020.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi406.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4941.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4a64.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4e3b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4e88.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi5249.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi5291.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi542b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi565d.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi5755.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi58e1.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi5c06.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6513.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi659c.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi67dd.tmp\btgrab.dll
[%PROFILE_TEMP%]\thi67dd.tmp\btgrab.inf
[%PROFILE_TEMP%]\thi686d.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi69c9.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6b86.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6ea2.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi734b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi76c9.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi7caf.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi7fc9.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi7fd.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi98a.tmp\polall1m.exe
[%PROFILE_TEMP%]\thia59.tmp\polall1m.exe
[%PROFILE_TEMP%]\thib58.tmp\polall1m.exe
[%PROFILE_TEMP%]\thib6f.tmp\polall1m.exe
[%SYSTEM%]\12345.exe
[%SYSTEM%]\akazafex.exe
[%SYSTEM%]\avtapi.exe
[%SYSTEM%]\deinst_qfe002.exe
[%SYSTEM%]\elitefmj32.exe
[%SYSTEM%]\elitekck32.exe
[%SYSTEM%]\elitexdx32.exe
[%SYSTEM%]\hrbogl.exe
[%SYSTEM%]\ixsso.exe
[%SYSTEM%]\mirindaspk.exe
[%SYSTEM%]\mssaru.exe
[%SYSTEM%]\msshed32.exe
[%SYSTEM%]\PID.EXE
[%SYSTEM%]\systp.exe
[%SYSTEM%]\w3b384d1.dll
[%SYSTEM%]\w3b69adb.dll
[%SYSTEM%]\wfusqayn.exe
[%SYSTEM%]\wiascr.exe
[%SYSTEM%]\wmicsmgr.dll
[%SYSTEM%]\zrupga.exe
[%SYSTEM%]\zshf5459.dll
[%WINDOWS%]\btgrab.dll
[%WINDOWS%]\conscorr.exe
[%WINDOWS%]\dmvkx.exe
[%WINDOWS%]\down.exe
[%WINDOWS%]\file1.exe
[%WINDOWS%]\file2.exe
[%WINDOWS%]\INF\CDLMAIL.EXE
[%WINDOWS%]\INF\system_oper.exe
[%WINDOWS%]\INF\SYS_REQ.EXE
[%WINDOWS%]\java\classes\cmmon.scr
[%WINDOWS%]\java\classes\explorer.scr
[%WINDOWS%]\java\classes\smsss.scr
[%WINDOWS%]\localnrd.dll
[%WINDOWS%]\mstray.exe
[%WINDOWS%]\odbint.dll
[%WINDOWS%]\polmx3.exe
[%WINDOWS%]\Sloopy7.exe
[%WINDOWS%]\syskey.ini
[%WINDOWS%]\system32\win.ini.t00
[%WINDOWS%]\system\coreak.dll
[%WINDOWS%]\system\evjpfd.exe
[%WINDOWS%]\system\fabmax.exe
[%WINDOWS%]\system\ihpxtg.exe
[%WINDOWS%]\system\odrosh.exe
[%WINDOWS%]\system\oocdngv.exe
[%WINDOWS%]\system\qmdkkp.exe
[%WINDOWS%]\system\xewobv.exe
[%WINDOWS%]\system\xwxnwhcw.exe
[%WINDOWS%]\system\ypojlw.exe
[%WINDOWS%]\temp\alchem.exe
[%WINDOWS%]\temp\polmx.exe
[%WINDOWS%]\temp\polmx3.exe
[%WINDOWS%]\temp\thi677c.tmp\polall1t.exe
[%WINDOWS%]\terra.exe

SillyDl Folders:
[%WINDOWS%]\elitetoolbar
[%WINDOWS%]\etb

SillyDl Registry Keys:
HKEY_CLASSES_ROOT\btgrabdll.btgrabdllobj
HKEY_CLASSES_ROOT\btgrabdll.btgrabdllobj.1
HKEY_CLASSES_ROOT\CLSID\{00000000-F09C-02B4-6EC2-AD0300000000}
HKEY_CLASSES_ROOT\clsid\{0a1d22c3-37be-470c-9c29-e3074ee0574b}
HKEY_CLASSES_ROOT\clsid\{28caeff3-0f18-4036-b504-51d73bd81abc}
HKEY_CLASSES_ROOT\clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def}
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}
HKEY_CLASSES_ROOT\clsid\{ed103d9f-3070-4580-ab1e-e5c179c1ae41}
HKEY_CLASSES_ROOT\interface\{59ebb576-ceb0-42fa-9917-da6254a275ad}
HKEY_CLASSES_ROOT\interface\{665abe65-2c16-4341-b4b8-01ff799e8f4c}
HKEY_CLASSES_ROOT\typelib\{8e0d8965-b97b-468d-8306-a05929e439c1}
HKEY_CURRENT_USER\software\btgrab
HKEY_LOCAL_MACHINE\software\elitum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-F09C-02B4-6EC2-AD0300000000}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar
HKEY_LOCAL_MACHINE\software\ohbbackup
HKEY_CLASSES_ROOT\clsid\{00000000-f09c-02b4-6ec2-ad0300000000}
HKEY_CLASSES_ROOT\clsid\{333872c4-92d6-4396-8542-64ab96518950}
HKEY_CLASSES_ROOT\clsid\{45a26e38-f931-4c6f-8106-fbb8534fb0af}
HKEY_CLASSES_ROOT\clsid\{855875b5-93f3-429d-ff34-660b206d897c}
HKEY_CLASSES_ROOT\clsid\{fcaddc14-bd46-408a-9842-cdb57890086b}
HKEY_CLASSES_ROOT\microsoft.wmicsmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-f09c-02b4-6ec2-ad0300000000}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{28caeff3-0f18-4036-b504-51d73bd81abc}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{855875b5-93f3-429d-ff34-660b206d897c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ed103d9f-3070-4580-ab1e-e5c179c1ae41}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fcaddc14-bd46-408a-9842-cdb57890086b}

SillyDl Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer
HKEY_CURRENT_USER\software\microsoft\internet explorer
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
HKEY_LOCAL_MACHINE\software\microsoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\internet explorer
HKEY_CURRENT_USER\software\microsoft\internet explorer
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run, zshf5459=rundll32.exe w3b384d1.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing SillyDl:

you can run trial version of ExterminateIt, or remove SillyDl manually.

To completely manually remove SillyDl malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.

Also Be Aware of the Following Threats:
MsWin.A Trojan Removal instruction
Claria.WebSecureAlert Adware Information
NCast Adware Removal instruction
Removing IntraKey Spyware
SpywareStrike Trojan Symptoms

posted by belviacalawayrageby at 7:11 PM

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home