Exterminate It! Antimalware

malpedia

Known threats:700,086 Last Update:March 16, 12:51

Testimonials

After scanning my computer many times using big name anti-virus and malware programs I still had several problems. Finally Exterminate It found multiple infections from NetSky. I sent Exterminate It a sample and the next day I received an e-mail instructing me to update and rescan. After following the instructions ZAP the worm/trojan was gone. My computer seems to be completly back to normal now. Good Job Exterminate It!

Melvin

PennyBee- Registry Keys List

This is a complete list of PennyBee registry keys collected by Exterminate It!. If you find any of these registry keys on your PC, your computer is very likely to be infected with the PennyBee - pua.

IMPORTANT: Because the registry is a core component of your Windows system, it is strongly recommended that you back up the registry before you begin deleting keys and values. For information about backing up the Windows registry, refer to the Registry Editor online help.
  • HKEY_LOCAL_MACHINE\SOFTWARE\QuickSearch
  • HKEY_CLASSES_ROOT\AppID\zdengine.EXE
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdengine
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PennyBeeW_RASMANCS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PennyBeeW_RASAPI32
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zdwfp
  • HKEY_CLASSES_ROOT\zdengineLib.WFPController.1
  • HKEY_CLASSES_ROOT\zdengineLib.WFPController
  • HKEY_CLASSES_ROOT\zdengineLib.ReadOnlyManager.1
  • HKEY_CLASSES_ROOT\zdengineLib.ReadOnlyManager
  • HKEY_CLASSES_ROOT\zdengineLib.LSPLogic.1
  • HKEY_CLASSES_ROOT\zdengineLib.LSPLogic
  • HKEY_CLASSES_ROOT\zdengineLib.DataTableHolder.1
  • HKEY_CLASSES_ROOT\zdengineLib.DataTableHolder
  • HKEY_CLASSES_ROOT\zdengineLib.DataTableFields.1
  • HKEY_CLASSES_ROOT\zdengineLib.DataTableFields
  • HKEY_CLASSES_ROOT\zdengineLib.DataTable.1
  • HKEY_CLASSES_ROOT\zdengineLib.DataTable
  • HKEY_CLASSES_ROOT\zdengineLib.DataController.1
  • HKEY_CLASSES_ROOT\zdengineLib.DataController
  • HKEY_CLASSES_ROOT\zdengineLib.DataContainer.1
  • HKEY_CLASSES_ROOT\zdengineLib.DataContainer
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zdengine
  • HKEY_CURRENT_USER\Software\PennyBee
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PennyBee
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\PennyBee.exe
  • HKEY_CURRENT_USER\Software\InstallPath\Status
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cegoe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PennyBee.exe
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MZA
  • HKEY_CLASSES_ROOT\zcengineLib.WFPController.1
  • HKEY_CLASSES_ROOT\zcengineLib.WFPController
  • HKEY_CLASSES_ROOT\zcengineLib.ReadOnlyManager.1
  • HKEY_CLASSES_ROOT\zcengineLib.ReadOnlyManager
  • HKEY_CLASSES_ROOT\zcengineLib.LSPLogic.1
  • HKEY_CLASSES_ROOT\zcengineLib.LSPLogic
  • HKEY_CLASSES_ROOT\zcengineLib.DataTableHolder.1
  • HKEY_CLASSES_ROOT\zcengineLib.DataTableHolder
  • HKEY_CLASSES_ROOT\zcengineLib.DataTableFields.1
  • HKEY_CLASSES_ROOT\zcengineLib.DataTableFields
  • HKEY_CLASSES_ROOT\zcengineLib.DataTable.1
  • HKEY_CLASSES_ROOT\zcengineLib.DataTable
  • HKEY_CLASSES_ROOT\zcengineLib.DataController.1
  • HKEY_CLASSES_ROOT\zcengineLib.DataController
  • HKEY_CLASSES_ROOT\zcengineLib.DataContainer.1
  • HKEY_CLASSES_ROOT\zcengineLib.DataContainer
  • HKEY_CLASSES_ROOT\ShjencueitLib.TinNogjyotmi.1
  • HKEY_CLASSES_ROOT\ShjencueitLib.TinNogjyotmi
  • HKEY_CLASSES_ROOT\ShjencueitLib.RawYahacbarny.1
  • HKEY_CLASSES_ROOT\ShjencueitLib.RawYahacbarny
  • HKEY_CLASSES_ROOT\ShjencueitLib.KastEmubise.1
  • HKEY_CLASSES_ROOT\ShjencueitLib.KastEmubise
  • HKEY_CLASSES_ROOT\ShjencueitLib.CeeVomyacif.1
  • HKEY_CLASSES_ROOT\ShjencueitLib.CeeVomyacif
  • HKEY_CLASSES_ROOT\ShjencueitLib.AkodBahuebyvk.1
  • HKEY_CLASSES_ROOT\ShjencueitLib.AkodBahuebyvk
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zcwfp
  • HKEY_CLASSES_ROOT\AppID\zcengine.EXE
  • HKEY_CURRENT_USER\Software\AppdataLow\Software\pennybee
  • HKEY_CURRENT_USER\Software\AppdataLow\Software\pennybeePro
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\spw3016
  • HKEY_CLASSES_ROOT\XisdadLib.UseQakviwpy.1
  • HKEY_CLASSES_ROOT\XisdadLib.UseQakviwpy
  • HKEY_CLASSES_ROOT\XisdadLib.QhesOxutuvup.1
  • HKEY_CLASSES_ROOT\XisdadLib.QhesOxutuvup
  • HKEY_CLASSES_ROOT\XisdadLib.GeciNevokin.1
  • HKEY_CLASSES_ROOT\XisdadLib.GeciNevokin
  • HKEY_CLASSES_ROOT\XisdadLib.ByarVarluki.1
  • HKEY_CLASSES_ROOT\XisdadLib.ByarVarluki
  • HKEY_CLASSES_ROOT\XisdadLib.AloMilgakui.1
  • HKEY_CLASSES_ROOT\XisdadLib.AloMilgakui
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\PennyBeeW
  • HKEY_CLASSES_ROOT\DiixexeqwLib.XyeoRasmuloada.1
  • HKEY_CLASSES_ROOT\DiixexeqwLib.XyeoRasmuloada
  • HKEY_CLASSES_ROOT\DiixexeqwLib.TuaGydsol.1
  • HKEY_CLASSES_ROOT\DiixexeqwLib.TuaGydsol
  • HKEY_CLASSES_ROOT\DiixexeqwLib.PicgAleatfoxg.1
  • HKEY_CLASSES_ROOT\DiixexeqwLib.PicgAleatfoxg
  • HKEY_CLASSES_ROOT\DiixexeqwLib.NisGaxwajaok.1
  • HKEY_CLASSES_ROOT\DiixexeqwLib.NisGaxwajaok
  • HKEY_CLASSES_ROOT\DiixexeqwLib.EyfSotwopd.1
  • HKEY_CLASSES_ROOT\DiixexeqwLib.EyfSotwopd
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pennybee
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Okunc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ohaogku
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nitqotorep
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Joskavse
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Idoooybc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Daffi
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bommuo
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zcengine
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\rdf3019
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDCD2F6A-6F0B-4D75-8343-B6189C043B52}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB2B3B8D-146C-4BBA-AFC5-C44B2FD16803}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\egw3017
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADB80B4C-3EEA-4798-8799-ADD3651A9338}
  • HKEY_CLASSES_ROOT\ModebuulLib.UjomUdamna.1
  • HKEY_CLASSES_ROOT\ModebuulLib.UjomUdamna
  • HKEY_CLASSES_ROOT\ModebuulLib.NyvHuopluqat.1
  • HKEY_CLASSES_ROOT\ModebuulLib.NyvHuopluqat
  • HKEY_CLASSES_ROOT\ModebuulLib.KueXegihajge.1
  • HKEY_CLASSES_ROOT\ModebuulLib.KueXegihajge
  • HKEY_CLASSES_ROOT\ModebuulLib.CejAomowloce.1
  • HKEY_CLASSES_ROOT\ModebuulLib.CejAomowloce
  • HKEY_CLASSES_ROOT\ModebuulLib.CefDoemde.1
  • HKEY_CLASSES_ROOT\ModebuulLib.CefDoemde
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wpennybeed
  • HKEY_CLASSES_ROOT\NongobLib.VoiMufhum.1
  • HKEY_CLASSES_ROOT\NongobLib.VoiMufhum
  • HKEY_CLASSES_ROOT\NongobLib.PakbTujbemkoid.1
  • HKEY_CLASSES_ROOT\NongobLib.PakbTujbemkoid
  • HKEY_CLASSES_ROOT\NongobLib.EecIrepraw.1
  • HKEY_CLASSES_ROOT\NongobLib.EecIrepraw
  • HKEY_CLASSES_ROOT\NongobLib.BebtGabhedfek.1
  • HKEY_CLASSES_ROOT\NongobLib.BebtGabhedfek
  • HKEY_CLASSES_ROOT\NongobLib.AruCupcoin.1
  • HKEY_CLASSES_ROOT\NongobLib.AruCupcoin
  • HKEY_CLASSES_ROOT\NefelimLib.YbuSenvakmi.1
  • HKEY_CLASSES_ROOT\NefelimLib.YbuSenvakmi
  • HKEY_CLASSES_ROOT\NefelimLib.WoqSoortyiy.1
  • HKEY_CLASSES_ROOT\NefelimLib.WoqSoortyiy
  • HKEY_CLASSES_ROOT\NefelimLib.VedvZaunnij.1
  • HKEY_CLASSES_ROOT\NefelimLib.VedvZaunnij
  • HKEY_CLASSES_ROOT\NefelimLib.ToyVaooaaod.1
  • HKEY_CLASSES_ROOT\NefelimLib.ToyVaooaaod
  • HKEY_CLASSES_ROOT\NefelimLib.PimrBehtabza.1
  • HKEY_CLASSES_ROOT\NefelimLib.PimrBehtabza
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pennybee Runner
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\pennybee
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pennybeepro