Exterminate It! Antimalware

malpedia

Known threats:700,086 Last Update:March 16, 12:51

Quick browse

Scan Your PC!

Testimonials

Over the past six months I had a lot of trouble surfing the Internet and working on my PC. I tried different free and pay antivirus software, but they were all of little help. I scanned with Exterminate It! It turned out that my computer was infected by five different viruses and Trojans, and your tool found them all! Now my PC is perfectly fine. I am really impressed.

Exterminate It is also very simple to use, which is essential for computer novices like me. I like it so much that I recommend it to my family and friends.

Vale R.

Small

Aliases of Small (AKA):

[Kaspersky]Backdoor.Dumador.c, Small.122.c, Small.126, Small.128.b, Backdoor.Small.bb, Backdoor.Win32.Small.nz, Trojan-Proxy.Win32.Small.du, Trojan-Dropper.Win32.Small.axn, Trojan.Win32.Small.ir, Trojan-Dropper.Win32.Small.axq, Trojan-Dropper.Win32.Small.avw, Trojan-Clicker.Win32.Small.cn, Trojan-Downloader.Win32.Small.ds
[Eset]Win32/Dumaru.A2 worm, Win32/Small.P trojan, Win32/Small.BB trojan
[McAfee]Generic Dropper
[F-Prot]W32/Backdoor.ALRW
[Panda]Trj/PSW.Narod, Trojan Horse, Trojan Horse.LC, Trj/Small.N, Bck/Small.J, Small.127, M_Jmp.128
[CA]Win32.Bambo, Win32/ABCD911!Trojan, Win32/Small.BX!Downloader, Win32/Small.A!Trojan, Win32/Small.D!Trojan, Win32/Small.AV!Dropper, Win32/Small.N!Joiner, Win32.Small.K, Win32/Small.K!Dropper, Backdoor/Small.P, Win32/Small.a!Trojan, Win32/Small.M!Joiner, Backdoor/Small.BB!Server, Win32.Fasbeaf.A, Small 122, Small 126, Small 128
[Other]Troj/PWS-ALX, W32/Smalltroj.AAGB, Troj/Agent-EDB, Suspicious_F.gen.dropper, Mal/Packer, TrojanDropper:Win32/Small!49F8, Troj/Mdrop-BPE, W32/DLoader.BDR, TROJ_SMALL.DS, Downloader

How to Remove Small from Your Computer^

To completely purge Small from your computer, you need to delete the files, folders, Windows registry keys and registry values associated with Small. These files, folders and registry elements are respectively listed in the Files, Folders, Registry Keys and Registry Values sections on this page.

For instructions on deleting the Small registry keys and registry values,
see How to Remove Small from the Windows Registry.

For instructions on deleting the Small files and folders,
see How to Delete Small Files (.exe, .dll, etc.)

How to Delete Small Files (.exe, .dll, etc.)^

The files and folders associated with Small are listed in the Files and Folders sections on this page.

To delete the Small files and folders:

  1. Using your file explorer, browse to each file and folder listed in the Folders and Files sections.
    2. Note: The paths use certain special folders (conventions) such as [%PROGRAM_FILES%]. Please note that these conventions are depending on Windows Version / Language. These conventions are explained here.
  2. Select the file or folder and press SHIFT+Delete on the keyboard.
  3. Click Yes in the confirm deletion dialog box.
    4. IMPORTANT: If a file is locked (in use by some application), its deletion will fail (the Windows will display a corresponding message).You can delete such locked files with the RemoveOnReboot utility. To delete a locked file, right-click on the file, select Send To->Remove on Next Reboot on the menu and restart your computer. You can install the RemoveOnReboot utility from here.
[%WINDOWS%]\winupdate.exe
[%SYSTEM%]\ldcore.dll
[%WINDOWS%]\winupdt.exe
[%PROFILE_TEMP%]\esamxwrocn.tmp
[%PROFILE_TEMP%]\rcnaosxwme.tmp
[%PROFILE_TEMP%]\arnsmecxwo.exe
[%PROFILE_TEMP%]\csomranewx.exe
[%PROFILE_TEMP%]\aswexcmnor.tmp
[%PROFILE_TEMP%]\wreaxmoscn.exe
[%PROFILE_TEMP%]\mwraenosxc.tmp
[%PROFILE_TEMP%]\ocaxnmewrs.tmp
[%PROFILE_TEMP%]\wscnrmaxeo.tmp
[%PROFILE_TEMP%]\scwoanerxm.exe
[%PROFILE_TEMP%]\caeorsxmnw.exe
[%PROFILE_TEMP%]\sowxnamrce.exe
[%PROFILE_TEMP%]\anmscexwro.tmp
[%PROFILE_TEMP%]\wrecxmoasn.exe
[%PROFILE_TEMP%]\anrcmsxeow.exe
[%PROFILE_TEMP%]\cwenorasmx.tmp
[%PROFILE_TEMP%]\wonremxsca.tmp
[%PROFILE_TEMP%]\mxswcareno.exe
[%PROFILE_TEMP%]\sxrawmocen.tmp
[%PROFILE_TEMP%]\rexsmnwaco.tmp
[%PROFILE_TEMP%]\onreaswcxm.tmp
[%PROFILE_TEMP%]\anemxcorws.exe
[%PROFILE_TEMP%]\srencwmxao.exe
[%PROFILE_TEMP%]\anmercoswx.exe
[%PROFILE_TEMP%]\rexnsowmca.tmp
[%PROFILE_TEMP%]\axsonrmwce.tmp
[%PROFILE_TEMP%]\mewscnorxa.exe
[%PROFILE_TEMP%]\axenwrmcso.tmp
[%PROFILE_TEMP%]\mroxecnaws.tmp
[%PROFILE_TEMP%]\crnswxaemo.tmp
[%PROFILE_TEMP%]\ramwecsxno.exe
[%PROFILE_TEMP%]\rswocmenxa.tmp
[%PROFILE_TEMP%]\mnxacoresw.exe
[%PROFILE_TEMP%]\ocnrwxaems.tmp
[%PROFILE_TEMP%]\aswxemrnoc.tmp
[%PROFILE_TEMP%]\mwreaxcnos.tmp
[%PROFILE_TEMP%]\oncmawxsre.tmp
[%PROFILE_TEMP%]\axncsrwemo.tmp
[%SYSTEM%]\ctfmon.exe
[%PROGRAM_FILES%]\Rjwbrz\Fruatd.exe
[%PROGRAM_FILES%]\mIRC\mirc.exe
[%SYSTEM%]\mousecntl32.exe
[%PROFILE_TEMP%]\wnk16.exe
[%PROFILE_TEMP%]\wnke.exe
[%SYSTEM%]\rundll32.exe
[%PROGRAM_FILES%]\Internet Explorer\iexplore.exe
[%SYSTEM%]\svchost.exe
[%SYSTEM%]\kernels8.exe
[%PROFILE_TEMP%]\metasploit.exe
[%SYSTEM_DRIVE%]\extras\mirc\mirc.exe
[%WINDOWS%]\Explorer.exe
[%SYSTEM%]\csrsc.exe
[%SYSTEM%]\tmp_0f.dll
[%PROFILE_TEMP%]\Temp1_DVDXCOPY_v1[1].5.2_by_Core.zip\keygen.exe
[%PROFILE_TEMP%]\nsfDE26.tmp\MNProgress.dll
[%PROFILE_TEMP%]\nsx873C.tmp\MNProgress.dll
[%PROFILE_TEMP%]\nsd8EFC.tmp\MNProgress.dll
[%PROFILE_TEMP%]\pbrm.exe
[%SYSTEM%]\qch29sr.dll
[%SYSTEM%]\ckvo0.dll
[%COMMON_APPDATA%]\NOS\Adobe_Downloads\arh.exe
[%PROFILE_TEMP%]\AutoRun.exe
[%PROGRAM_FILES%]\Telecom Italia\WanMiniport1st\srvany.exe
[%PROGRAM_FILES%]\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
[%SYSTEM%]\fileroller.exe
[%WINDOWS%]\soundman.exe
[%SYSTEM%]\drivers\Zgmh.exe
[%PROGRAM_FILES_COMMON%]\PCSuite\DataLayer\DataLayer.exe
[%PROGRAM_FILES%]\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[%PROGRAM_FILES%]\Nokia\Nokia PC Suite 6\PcSync2.exe
[%PROGRAM_FILES_COMMON%]\Nokia\MPAPI\MPAPI3s.exe
[%PROFILE_TEMP%]\04848.exe
[%PROFILE_TEMP%]\48364.exe
[%PROFILE_TEMP%]\78636.exe
[%PROFILE_TEMP%]\26113.exe
[%PROFILE_TEMP%]\84821.exe
[%PROFILE_TEMP%]\71115.exe
[%PROFILE_TEMP%]\63510.exe
[%PROFILE_TEMP%]\34688.exe
[%PROFILE_TEMP%]\24407.exe
[%PROFILE_TEMP%]\47168.exe
[%PROFILE_TEMP%]\34433.exe
[%PROFILE_TEMP%]\eraseme_06623.exe
[%PROFILE_TEMP%]\eraseme_34158.exe
[%PROFILE_TEMP%]\eraseme_51067.exe
[%PROFILE_TEMP%]\eraseme_71422.exe
[%PROFILE_TEMP%]\70523.exe
[%PROFILE_TEMP%]\40847.exe
[%PROFILE_TEMP%]\15683.exe
[%PROFILE_TEMP%]\40534.exe
[%PROFILE_TEMP%]\52463.exe
[%PROFILE_TEMP%]\58383.exe
[%PROFILE_TEMP%]\eraseme_76015.exe
[%PROFILE_TEMP%]\eraseme_32283.exe
[%PROFILE_TEMP%]\65756.exe
[%PROFILE_TEMP%]\80241.exe
[%PROFILE_TEMP%]\53700.exe
[%APPDATA%]\Move Networks
[%LOCAL_SETTINGS%]\Move Networks

How to Remove Small from the Windows Registry^

The Windows registry stores important system information such as system preferences, user settings and installed programs details as well as the information about the applications that are automatically run at start-up. Because of this, spyware, malware and adware often store references to their own files in your Windows registry so that they can automatically launch every time you start up your computer.

To effectively remove Small from your Windows registry, you must delete all the registry keys and values associated with Small, which are listed in the Registry Keys and Registry Values sections on this page.

IMPORTANT: Because the registry is a core component of your Windows system, it is strongly recommended that you back up the registry before you begin deleting keys and values. For information about backing up the Windows registry, refer to the Registry Editor online help.

To remove the Small registry keys and values:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK.
    The Registry Editor window opens. This window consists of two panes. The left pane displays folders that represent the registry keys arranged in hierarchical order. The right one lists the registry values of the currently selected registry key.
  3. To delete each registry key listed in the Registry Keys section, do the following:
    • Locate the key in the left pane of the Registry Editor window by sequentially expanding the folders according to the path indicated in the Registry Keys section. For example, if the path of a registry key is
      HKEY_LOCAL_MACHINE\software\FolderA\FolderB\KeyName1
      sequentially expand the HKEY_LOCAL_MACHINE, software, FolderA and FolderB folders.
    • Select the key name indicated at the end of the path (KeyName1 in the example above).
    • Right-click the key name and select Delete on the menu.
    • Click Yes in the Confirm Key Delete dialog box.
  4. To delete each registry value listed in the Registry Values section, do the following:
    • Display the value in the right pane of the Registry Editor window by sequentially expanding the folders in the left pane according to the path indicated in the Registry Values section and selecting the specified key name. For example, if the path of a registry value is
      HKEY_LOCAL_MACHINE\software\FolderA\FolderB\KeyName2,valueC=
      sequentially expand the HKEY_LOCAL_MACHINE, software, FolderA and FolderB folders and select the KeyName2 key to display the valueC value in the right pane.
    • In the right pane, select the value name indicated after a comma at the end of the path (valueC in the example above).
    • Right-click the value name and select Delete on the menu.
    • Click Yes in the Confirm Value Delete dialog box.
Registry Keys
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_a-load
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\a-load
Registry Values
[HKEY_CURRENT_USER\software\microsoft\internet explorer\security]host=206.51.229.118
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs= [%SYSTEM%]\ldcore.dll
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop]host=206.51.229.118
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]win aggior=[%WINDOWS%]\winupdt.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]win aggiornamento=[%WINDOWS%]\winupdate.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs=[%SYSTEM%]\ldcore.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs= [%SYSTEM%]\ldcore.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Firewall auto setup=[%PROFILE_TEMP%]\winlogon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] msntorms=(EMPTY)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] wke_share.exe=(EMPTY)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] msntorms=(EMPTY)

Trojan

A trojan is a program that is disguised as legitimate software but is designed to carry out some harmful actions on the infected computer.

Unlike viruses and worms, trojans don’t replicate but they can be just as destructive.

These days trojans are very common. Trojans are divided into a number different categories based on their function or type of damage.

Be Aware of the Following Trojan Threats:

Delalot, Vxidl.AHR, Bancos.HLJ, Bancos.HZK, Trakia.

Adware

Software that is designed to launch advertisements, frequently pop-up ads, on a user’s computer and/or to redirect search results to promotional Web sites. Adware programs are often built into freeware or shareware programs, where the adware creates an indirect ‘charge’ for using the free program. Sometimes a trojan can silently download an adware program from a Web site and install it onto a user’s machine.

Hacker tools, or Browser Hijackers, can also download an adware program by exploiting a web browser’s vulnerability. Browser Hijackers may tamper with the browser settings, redirect incorrect or incomplete URLs to unwanted Web sites, or change the default home page. They can also re-direct a user’s searches to “pay-to-view” (often pornographic) Web sites.

Typically, many adware programs do not leave any marks of their presence in the system: they are not listed on Start | Programs; they add no icons to the system tray; and they don’t show up on the task list. In addition, adware programs seldom provide an uninstallation procedure, and attempts at manually removing them frequently result in failure of the original carrier program.

Be Aware of the Following Adware Threats:

Voter, HXDL, UCmore, KVNab, TrojanDownloader.Win32.Small.bw.

Spyware

Spyware is designed to gather data from a computer and transfer it to a third party without the consent or knowledge of the computer’s owner. This includes collecting confidential information (passwords, credit card numbers, PIN numbers, etc.), monitoring key strokes, gathering e-mail addresses, or tracking surfing habits. Such resource-consuming activities slow down the system and generally impact the computer’s performance.

“Spyware” is an umbrella term for a diverse group of malware-related programs, rather than a clear-cut category. Most spyware definitions apply not only to adware, pornware and ‘riskware’ programs, but to many trojans as well.

Be Aware of the Following Spyware Threats:

KClient, MsnSpy, SentryPC, QatarIT.QTK, Banker.ju.

Worm

Worms are generally considered to be a subset of viruses, but have key differences. Unlike a virus, a worm is a computer program that replicates, but does not infect other files. Instead, a worm installs itself on a computer and then looks for a way to spread to other computers.

From a user’s perspective, there are noticeable differences. The longer a virus goes undetected, the more files it will infect on the victim computer. By contrast, there is just a single instance of the worm code on the computer.

Like viruses, worms are often subdivided according to the methods they use to infect a system. E-mail worms are distributed as attachments to e-mail messages. IM worms are attached to messages sent with instant messaging programs (such as IRC or ICQ). P2P (peer-to-peer) worms use file-sharing networks to spread. Network worms spread directly over the LAN (Local Area Network) or across the Internet, often exploiting a specific vulnerability.

Be Aware of the Following Worm Threats:

Rbot.aeu, Antix.ANSI.Bomb, VBS.Solow.C, Kipis!generic, ANSI.Bombing.

Backdoor

Of all trojans, backdoor trojans pose the greatest danger to users’ PCs because they give their authors remote control over infected computers. They are downloaded, installed, and run silently, without the user’s consent or knowledge. Upon installation, backdoor trojans can be instructed to send, receive, execute and delete files, gather and transfer confidential data from the computer, log all activity on the computer, and perform other harmful activities.

Be Aware of the Following Backdoor Threats:

Win32.VB.hu, MP, Sensive, IRC.Zapchast, TPE.like.

Downloader

A type of trojan. The primary purpose of downloaders is to install malicious code on a user’s computer. However, they can enable other malicious uses. For example, they can be used to continually download new versions of malicious code, adware, or “pornware.” They are also used frequently used to exploit the vulnerabilities of Internet Explorer.

Downloaders are typically written in script languages such as VBS or JavaScript.

Be Aware of the Following Downloader Threats:

Ozzy, Agent.ek, Delf.aeo, Win32.Girigat.4937!Dropper, ESP.

Hacker Tool

Hacker tools are utilities designed to help hackers gain control of remote computers in order to use them as zombies (in DoS attacks, for example), download other malicious programs into those computers, or use them for other malicious purposes.

Be Aware of the Following Hacker Tool Threats:

Furier, CWS.Time, Thrap, Anna, VB.bf.

DoS

A DoS (Denial of Service) attack is designed to disrupt or stop the normal running of a Web site, server, or other network resource. Hackers or malware writers resort to various ways to achieve this. A DoS attack can commonly result in a server being flooded with more network traffic than it is capable of processing. This hinders or prevents the server’s normal operation and sometimes causes its complete failure.

Unlike a DoS attack, a DDoS attack employs multiple PCs. The hacker or malware writer normally uses one infected computer - “master” - to centrally coordinate the attack across other, so-called “zombie”, computers. Typically, the malware writer gains control of both master and zombie computers by exploiting a weakness in an application or the operating system on those computers, in order to install a trojan or other malicious code.

Be Aware of the Following DoS Threats:

Power.Pump, Sentinel.4625!Corrupted, Intended.Nuke.Pox, FDoS.Shiv, MultiDJ.

How Did My PC Get Infected with Small?^

The following are the most likely reasons why your computer got infected with Small:

  • Your operating system and Web browser's security settings are too lax.
  • You are not following safe Internet surfing and PC practices.

Downloading and Installing Freeware or Shareware

Small-charge or free software applications may come bundled with spyware, adware, or programs like Small. Sometimes adware is attached to free software to enable the developers to cover the overhead involved in created the software. Spyware frequently piggybacks on free software into your computer to damage it and steal valuable private information.

Using Peer-to-Peer Software

The use of peer-to-peer (P2P) programs or other applications using a shared network exposes your system to the risk of unwittingly downloading infected files, including malicious programs like Small.

Visiting Questionable Web Sites

When you visit sites with dubious or objectionable content, trojans-including Small, spyware and adware, may well be automatically downloaded and installed onto your computer.

Detecting Small^

The following symptoms signal that your computer is very likely to be infected with Small:

PC is working very slowly

Small can seriously slow down your computer. If your PC takes a lot longer than normal to restart or your Internet connection is extremely slow, your computer may well be infected with Small.

New desktop shortcuts have appeared or the home page has changed

Small can tamper with your Internet settings or redirect your default home page to unwanted web sites. Small may even add new shortcuts to your PC desktop.

Annoying popups keep appearing on your PC

Small may swamp your computer with pestering popup ads, even when you're not connected to the Internet, while secretly tracking your browsing habits and gathering your personal information.

E-mails that you didn't write are being sent from your mailbox

Small may gain complete control of your mailbox to generate and send e-mail with virus attachments, e-mail hoaxes, spam and other types of unsolicited e-mail to other people.

TOP10 AlertsTop 100 Alerts
  1. GlobalUpdate
  2. MyWebSearch
  3. Linkury
  4. SearchPage
  5. Tencent.QQ
  6. MultiPlug
  7. BaiduSearchBar
  8. Iminent
  9. DoSearch
  10. Tuto4PC
LATEST 10 FilesLatest Files
  1. AskToolbarInstaller-ATU3-TMP[4].7z
  2. AskToolbarInstaller-ATU3-TMP[3].7z
  3. AskToolbarInstaller-ATU3-TMP[2].7z
  4. AskToolbarInstaller-ATU3-TMP[1].7z
  5. @H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi
  6. @DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi
  7. Mathron.tst
  8. 71A2DEA6-C609-690D-90FB-F8C5C2EE3664.exe
  9. mbtFF51.scr
  10. mbtFDB2.scr
SEARCHED AS:
  • vundo.a2

© 2008-2023 Curio Systems GmbH
Prinzregentenstr. 54
München, 80538
Germany