Spyware Name: Begin2Search |
Removal this Spyware by Spyware Vaccine |
Removal instructions |
Kill the following processes
emqvdm.exe
host.exe
Unregister the following DLLs and reboot Windows\system32\winb2s32.dll
|
Delete these registry entries HKEY_CLASSES_ROOT\clsid\{07e9cdf4-20d2-46b1-b681-663968f527ce}
HKEY_CLASSES_ROOT\clsid\{09c14745-90fd-42d1-9276-4924d7dbc274}
HKEY_CLASSES_ROOT\clsid\{4d568f0f-8ac9-40ab-88b7-415134c78777}
HKEY_CLASSES_ROOT\clsid\{52fe5233-367c-4efb-bdd7-0be4d212c107}
HKEY_CLASSES_ROOT\clsid\{7c5e5671-7a1d-4ae8-91f0-496adf2825f7}
HKEY_CLASSES_ROOT\interface\{6fe4aadf-edac-4037-9164-0b60179a4f12}
HKEY_CLASSES_ROOT\interface\{94984402-b480-45c7-ad2d-84e5eb52cfcd}
HKEY_CLASSES_ROOT\interface\{a797a41d-f9f0-4a32-b9b5-af927cb5ae54}
HKEY_CLASSES_ROOT\interface\{b12508ad-ca55-4238-8db3-55808ba6915a}
HKEY_CLASSES_ROOT\interface\{bf7cb2c3-55b6-44c1-9615-920d004c27f7}
HKEY_CLASSES_ROOT\interface\{f912c325-5b26-4ad6-bf39-84370833e972}
HKEY_CLASSES_ROOT\typelib\{081de2f6-927b-4aa9-88c1-f531c9387383}
HKEY_CLASSES_ROOT\winb2s.amo \winb2s.dbi.1
HKEY_CLASSES_ROOT\winb2s.amo.1
HKEY_CLASSES_ROOT\winb2s.dbi
HKEY_CLASSES_ROOT\winb2s.dbi.1 \winb2s.dbi.1
HKEY_CLASSES_ROOT\winb2s.iiittt.1
HKEY_CLASSES_ROOT\winb2s.iiittt\winb2s.dbi.1
HKEY_CLASSES_ROOT\winb2s.momo.1
HKEY_CLASSES_ROOT\winb2s.momo\winb2s.dbi.1
HKEY_CLASSES_ROOT\winb2s.ohb.1
HKEY_CLASSES_ROOT\winb2s.ohb\winb2s.dbi.1
HKEY_CURRENT_USER\software\aaa_soft
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{07e9cdf4-20d2-46b1-b681-663968f527ce}\winb2s.dbi.1
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{52fe5233-367c-4efb-bdd7-0be4d212c107}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4d568f0f-8ac9-40ab-88b7-415134c78777}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/winb2s32.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\emqvdm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\windows\system32\winb2s32.dll
|
Remove the following files Desktop\download movies.url
Desktop\gambling board.url
Desktop\hot sexy mamma.url
Desktop\kill spyware.url
Desktop\kill viruses.url
Desktop\rate me.url
emqvdm.exe
host.exe
Windows\downloaded program files\winb2s32.inf
Windows\system32\b2s_cache\100.bin
Windows\system32\b2s_cache\but.bin
Windows\system32\b2s_cache\msg.bin
Windows\system32\winb2s32.dll
|
Remove the following directories Windows\system32\b2s_cache
|
