Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Trojan-Backdoor.optix Analysis Report
Threat Submitted On: 9/18/2008 6:43:03 PM
Threat Analysed On: 9/18/2008 11:43:03 PM
Threat Updated On: 1/27/2011 5:04:42 PM
Type : Trojan-Backdoor
Symptoms of optix
  • Performs malicious activities.
  • Fetches the user’s sensitive information.
  • Enables the attacker to control the system remotely.
Information
Alias : backdoor.win32.optix.topp
Md5 Hash : [f80f70631ffa09e3f81787147a8a7e08]
File Size : (700416 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: pcgwin32.li5
Path : %allusersprofile%\application data\ji82l

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1b2dca1b860fe5a5e127d42d42eb54d7 ( 2581 bytes)
71acaff83960ac75479389cadb69f8ca ( 2581 bytes)
File: builder.exe
Path : %homepath%\desktop\optix_pro_1.3\optix_pro_1.3\builder

Md5Hash :b7c6b51da47ae1b34655a6c20d53be15 ( 594944 bytes)
File: setup.cgi
Path : %homepath%\desktop\optix_pro_1.3\optix_pro_1.3\builder\cgilogger

Md5Hash :86be38f00562db610b793b264700a9bb ( 15968 bytes)
File: subseven.cgi
Path : %homepath%\desktop\optix_pro_1.3\optix_pro_1.3\builder\cgilogger

Md5Hash :479625ab7b54c65ae34c9a1bafeab345 ( 78356 bytes)
File: client.exe
Path : %homepath%\desktop\optix_pro_1.3\optix_pro_1.3\client

Md5Hash :e46d85346a40cd7d613aa58cdaa59c00 ( 407040 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :48059bc53c65c5451acbc0b88aa5c5ce ( 18434 bytes)
File: lsass.exe
Path : %systemdrive%

Md5Hash :a7aa0403dc1885aacfde0fd9fc22c10c ( 647168 bytes)
File: keygen.exe
Path : %temp%

Md5Hash :4062bd67fb32774bad5fbabdc9fa385a ( 828229 bytes)
File: 4908fc534416a3b73fa1228cbdfb030d.exe
Path : %windir%

Md5Hash :4908fc534416a3b73fa1228cbdfb030d ( 594944 bytes)
File: msiexe16.exe
Path : %windir%

Md5Hash :dc6e3d9e112c6320bc2472153893e4bb ( 1532217 bytes)
File: msiexec16.exe
Path : %windir%

Md5Hash :e90fc5f7b097c4c6d64889d1bb4dbed5 ( 1704259 bytes)
File: directx.exe
Path : %windir%\olefiles

Md5Hash :3698c33da06ad8006890be97b9cf560c ( 67584 bytes)
File: optixpro.exe
Path : %windir%

Md5Hash :48fdeb85003b1dc5936f5ce7f44a912e ( 595294 bytes)
File: spooll32.exe
Path : %windir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
5fb137ac653e45452e35561401939eb4 ( 892928 bytes)
662fa7ea0ccfb1df0ea66f96b61d9556 ( 892930 bytes)
8018976214af64d7ffb13c61352c4195 ( 1962504 bytes)
File: 87457248c381fea2d898ff08f4c7d542.exe
Path : %windir%\system32

Md5Hash :87457248c381fea2d898ff08f4c7d542 ( 218116 bytes)
File: algsyst32winx.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
5b223624ba0caa8f072b101af2f5c25f ( 991232 bytes)
d024942754d00e608e03ded15b913563 ( 991232 bytes)
File: befad35bb6969fbcad5462f17ea7481d.exe
Path : %windir%\system32

Md5Hash :befad35bb6969fbcad5462f17ea7481d ( 218112 bytes)
File: bot.exe
Path : %windir%\system32

Md5Hash :630ac369be8144bb12527ffa634911d2 ( 71756 bytes)
File: chciago.exe
Path : %windir%\system32

Md5Hash :38bc29080f99ca22ebda28a4a8c3d0a0 ( 340199 bytes)
File: chicago.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
2f4c0a95a4ea81bd886208db20d9868b ( 340187 bytes)
de80559c9959639b6186e8dad78c4d4d ( 340183 bytes)
File: coldbloded.exe
Path : %windir%\system32

Md5Hash :ec4fee5d5dfc803547005846c6a2d488 ( 357199 bytes)
File: cshost.exe
Path : %windir%\system32

Md5Hash :6f2d22316e5c99bc5f743c99e0cb75f8 ( 1654643 bytes)
File: extrac32x.exe
Path : %windir%\system32

Md5Hash :eb1bbda647c4b2e9ddf6c30c3d862721 ( 2055717 bytes)
File: fghtre5.exe
Path : %windir%\system32

Md5Hash :e2a52a849d75be364e2d772285d3418c ( 905216 bytes)
File: gotu_stub.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
34e4e173fa601ee6abbb2ea3dab20ada ( 340199 bytes)
8080ec6e7180205783e343eba6390178 ( 340211 bytes)
File: hatkut.exe
Path : %windir%\system32

Md5Hash :72aecdf7beb5db82260834a7dfff5d0d ( 357199 bytes)
File: iexplorer.exe
Path : %windir%\system32

Md5Hash :6f2d22316e5c99bc5f743c99e0cb75f8 ( 1654643 bytes)
File: iowa.exe
Path : %windir%\system32

Md5Hash :d3dc7d37031ce22ea3e9efe6518c08da ( 7781 bytes)
File: kernel32.exe
Path : %windir%\system32

Md5Hash :446a1ddde3e8874b23bf1f5e1500c081 ( 560128 bytes)
File: mpldfg.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
02c20e69ecef7b61a7bf967732c5e045 ( 1561401 bytes)
565bb6aa8441c64c2cdfdfd818351275 ( 340191 bytes)
72aecdf7beb5db82260834a7dfff5d0d ( 357199 bytes)
ae6836a020799632f30862c27fc5fe2f ( 323595 bytes)
File: mshost16.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
7611650e34f21801986c47c69b8b6c17 ( 495873 bytes)
8c6467b0254bde2770dfdd7a4e23155d ( 1120513 bytes)
97b0e50dfb497719ca3cc41565cdeec7 ( 1120513 bytes)
fbd44eed025a577027187adb6c37f348 ( 496385 bytes)
File: msiexec16.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
02c20e69ecef7b61a7bf967732c5e045 ( 1561401 bytes)
224fcabe71a43a39c7f9dc8a825fff36 ( 402489 bytes)
4062bd67fb32774bad5fbabdc9fa385a ( 828229 bytes)
4671d3a928ae1180d39cd0a7758c637b ( 510327 bytes)
510924258364effd283cbf5926046b01 ( 454139 bytes)
592319defa2b266bfc90f21fb12066ee ( 1456203 bytes)
62f091a5ab441276e61f3c1f2476c8d5 ( 1700117 bytes)
6df60eba421a8280053e7f8134de4be6 ( 1980015 bytes)
71664f0151d69576e0b2c8ac353dd6ba ( 340195 bytes)
718c9424cba20ff040c587a7f3d7180b ( 539409 bytes)
727b456e2e96eb54d2cf999b8bc09651 ( 1506375 bytes)
7e32f8b00ec2e03bd1712ed9bb2d2fba ( 828131 bytes)
881785e9b28db254213020ad9958b2db ( 340269 bytes)
8c29c8308e7f9f20c9052586780e1d35 ( 970752 bytes)
966ac708e44712244bd2b8e7cb00aaa5 ( 1464675 bytes)
a000af75c9e3a540dc3485df8f0fc05f ( 340227 bytes)
a08556248281bc126467229fceaac07b ( 2371799 bytes)
ae9ae033f2dc144ea636c338c571f8f9 ( 1224704 bytes)
b0f49c858a6656fa445775f409dd19c0 ( 828131 bytes)
c0238d42a7a04a9bcb0cfa2b133fcf5d ( 441419 bytes)
c08b8f29900d17520e6e0651bc9f4404 ( 469219 bytes)
c381480ba5e8046ff59fc3ccabfc7cb4 ( 371509 bytes)
db72723c8b6d02f9f463cfe0cc7aa9af ( 733535 bytes)
efe25744beadd7989b3d6f8ff5c34428 ( 441419 bytes)
f71b971e0f0cb6099991e0a7d9efb07a ( 1544453 bytes)
fc976a3b678220782c31f38b7efae3d3 ( 459317 bytes)
fec793cd90eedf3afe7e2c5eacc180cd ( 1548077 bytes)
File: msn.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
2dd2482419371271c32c423a6685e0df ( 1675937 bytes)
ce29823a27719462a3bead2353148170 ( 295043 bytes)
File: msn_messenger.exe
Path : %windir%\system32

Md5Hash :71f8cf22b7c1dec001930b987731356f ( 1040384 bytes)
File: needle1.exe
Path : %windir%\system32

Md5Hash :aac7e2b4e8efa1e5de9095fb4e2ae424 ( 340327 bytes)
File: needle2.exe
Path : %windir%\system32

Md5Hash :aac7e2b4e8efa1e5de9095fb4e2ae424 ( 340327 bytes)
File: pavchck32.exe
Path : %windir%\system32

Md5Hash :c638b8d10d48ab99eb63e663401ba9b5 ( 469216 bytes)
File: pavupdate.exe
Path : %windir%\system32

Md5Hash :c638b8d10d48ab99eb63e663401ba9b5 ( 469216 bytes)
File: photo23
Path : %windir%\system32

Md5Hash :e33e26685145925863f2456adf1af196 ( 294969 bytes)
File: plugin32.dll
Path : %windir%\system32

Md5Hash :5d5c7d7a98e01b5342db946a3fb52b96 ( 74240 bytes)
File: regscanr.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
6ad1bd83a5d681d159d607117a9076c0 ( 114498 bytes)
76a9f3564c2200caac98ed5ee299711f ( 114496 bytes)
File: scvhost.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
4b1718894a7bcf4879b67dd7cd289eee ( 983040 bytes)
6e2c64728b87429ae0a6c0bf9d071d00 ( 340153 bytes)
f2f27d56ee7176a681ce3fd45206434c ( 983042 bytes)
File: sound blaster updater.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
757e6ec77ad4d5f813d33d286f57a396 ( 638985 bytes)
b23774b5fff3e0f18166c60ef09ac675 ( 638989 bytes)
File: sound mixer.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
757e6ec77ad4d5f813d33d286f57a396 ( 638985 bytes)
b23774b5fff3e0f18166c60ef09ac675 ( 638989 bytes)
File: spooll32.exe
Path : %windir%\system32

Md5Hash :2569482d005632dafbae24a793650c69 ( 1067522 bytes)
File: svch0st.exe
Path : %windir%\system32

Md5Hash :e919843c452d7568c9f5779ac66e7601 ( 373021 bytes)
File: syst32winxy.exe
Path : %windir%\system32

Md5Hash :82b6d5ca79439deb2e9b06253936a078 ( 1032192 bytes)
File: taken excerpt.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
81f1cb8978be210eba15872f42ae596f ( 340187 bytes)
85c71ed6e271e0657509666cd87cea32 ( 340179 bytes)
File: updt.exe
Path : %windir%\system32

Md5Hash :2f5b67ab47d89f01dec8106f6a0ec402 ( 417399 bytes)
File: wincfg.exe
Path : %windir%\system32

Md5Hash :c8bb5ca1b1e74255e38b47aede05cb4a ( 102142 bytes)
File: winfax
Path : %windir%\system32

Md5Hash :e223ddd897dc7234022799da11ecf960 ( 1130496 bytes)
File: wink.exe
Path : %windir%\system32

Md5Hash :ea8e2812ea692cd10150af072b2dd629 ( 290899 bytes)
File: winshel32.exe
Path : %windir%\system32

Md5Hash :0f8f2ecf0ae7f3208ee316d2bdfbac87 ( 333925 bytes)
File: wintopsg.exe
Path : %windir%\system32

Md5Hash :ab6be94ebad3cee73278f21573ab16e1 ( bytes)
File: wmmiexe.exe
Path : %windir%

Md5Hash :ad734b54ecef800acf098efa12c438fb ( 45568 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
005da5ab8def8b253ffb438930c4043f ( 1039360 bytes)
02321cebe6f7b7d348f69b05b0308706 ( 340145 bytes)
02927e472897601086314003b7e533ee ( 965855 bytes)
02c20e69ecef7b61a7bf967732c5e045 ( 1561401 bytes)
02e0f8b065e9662f1e86daee6d57f074 ( 846009 bytes)
03f6bf174adfdf8620d25094109b896d ( 740367 bytes)
05b7429d5e94e5851a25341ebf417b2d ( 828473 bytes)
06415974468e4e3d433d9272a36dbd9f ( 1757696 bytes)
068fba66bddb912034627068024d1d39 ( 737355 bytes)
0707ed650b1832a47104a17acd6bdaed ( bytes)
0740ec16f0efa4b1091004cf430c262a ( 1302568 bytes)
07b92f8c03052b68580cc5731873eb54 ( 452608 bytes)
07ea46363996006a0c07ca0cec168424 ( 1048576 bytes)
07fb7a6d293e2536026ea26899a37637 ( 828197 bytes)
08eea2d664915d893258730e9649a85a ( 398963 bytes)
09a7e2a92990690cca3c7dc29f6a8010 ( 1093632 bytes)
0a784f6051d27950eb903a78126e2649 ( 1202283 bytes)
0aa544692d381793b1aaa9ef29a12e4c ( 743174 bytes)
0c17455586c9b4b3a72a4c0049f1d764 ( 841835 bytes)
0d0fe1d447c207145ec31a8a2c4f65a2 ( 340153 bytes)
0e3527fef8aa9431d7a6b12e5c3359d7 ( 10073 bytes)
0e4797bc5f394b0921005f28d1374a32 ( 958464 bytes)
0f8f2ecf0ae7f3208ee316d2bdfbac87 ( bytes)
10d5ff9b85e1782918de0b95af0e4298 ( 782336 bytes)
10daadc46be6bf09a61e4ac4548ef25e ( 466657 bytes)
10f206ddb9059999336a44a606934808 ( 408083 bytes)
1117a3aa6f09ce0d31a778aa868bfd79 ( 99844 bytes)
112e8eb127e1ddbb3507d1364353abaa ( 417329 bytes)
1193f20433dda6f9872ad418e6a4652f ( 464195 bytes)
12a8207bff4e93d26f3a06a873e6dd12 ( 829440 bytes)
139b739f156cf5c2e2e9465f700fb02c ( 51668 bytes)
1418a4398f56bfba7659b80e2421a98a ( 64512 bytes)
1467ae8694acf171bc1e3799d3c7cee5 ( 529758 bytes)
15eebe5d6aeb6f07746a6364f2420100 ( 973824 bytes)
15fd91a080d0807e0b565770dd870b6e ( 1120513 bytes)
1657f2a68019c2a98270164e5d47b00a ( 1656320 bytes)
17bc9039b0bfb0baf9242d91575f77b2 ( 546140 bytes)
19896449290f36630dc04ebd4d7444d4 ( 740356 bytes)
1a8ce1664418d22a593c11ab6670430a ( 1225064 bytes)
1b33f92d070ef09e9594f487e30671a2 ( 480188 bytes)
1be715526ee3cf0edaf3d9cdbb1492d2 ( 829031 bytes)
1d60f27275fa4db821541331f823aa71 ( 1018880 bytes)
1ec1d0e6fda23d6d7af300cc5c6d41e9 ( 340191 bytes)
1eda88fbcd99059b5576a211c2f026bc ( 876544 bytes)
1f44c24558fddb23a116b132487bd08e ( 1528935 bytes)
20d577b4bf5186e1ae5c1df87ed83fc9 ( 331537 bytes)
223ea3b96614c39175d8cd8c9f96d626 ( 334653 bytes)
224fcabe71a43a39c7f9dc8a825fff36 ( 402489 bytes)
2569482d005632dafbae24a793650c69 ( bytes)
26f443eba1ccfe682405b9ac8a68af3f ( 396800 bytes)
2737ba942912e4178a67db85f450de7d ( 1116263 bytes)
27b91728de5cd6b271b0c34366fab991 ( 340463 bytes)
28858ea9000759e7e902007c259dd699 ( 700416 bytes)
28c1595b654c268041f8fcfed490e255 ( 413227 bytes)
29319b4b3ca07dae5a642e922b6fa560 ( 880640 bytes)
2989d6e3e5446f7ed1c4724892932d3f ( 828081 bytes)
29cede57795dcc4035bc40230043dd92 ( 851968 bytes)
2aa776223b3f11959335fe835d5fd12d ( 696413 bytes)
2b68857c046c4d75ada413817204f168 ( 909312 bytes)
2b7ad0b9bf7568f40f11dbe6e5caad7f ( 1676515 bytes)
2b7c48a4
Also creates the following files on user's System which are also created by Genuine Software :-
Note:
These file(s) can be kept as they are also created by genuine Software.
File : explorer.exe
Path : %windir%\system32

Md5Hash :39beb6fa3918358f9431cc1389eecbb0 ( 340235 bytes)
File : flip.exe
Path : %windir%\system32

Md5Hash :31939c2da11fb594087f8d7cb1a73880 ( 8666 bytes)
File : rundll.exe
Path : %windir%\system32

Md5Hash :ae46927cc23b2d3ebc54fb20600d2cf6 ( 18436 bytes)
File : server.exe
Path : %windir%\system32

Md5Hash :912c991f8f78f4d51b42373cba5e95a3 ( 67584 bytes)
File : taskmgr.exe
Path : %windir%\system32

Md5Hash :79f8fe2938309a168b520f8842949204 ( 733184 bytes)
File : videodriver.exe
Path : %windir%\system32

Md5Hash :237ed7bfe3b82c5ac3c5e77b327e3d7a ( 38912 bytes)
File : [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
237ed7bfe3b82c5ac3c5e77b327e3d7a ( 38912 bytes)
a7537531c712e4b4646ab9155fcb1faa ( 331264 bytes)
b7c6b51da47ae1b34655a6c20d53be15 ( 594944 bytes)
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
Microsoft Synchronization Manager = "bot.exe"
|__ Value Added :
a7aa0403dc1885aacfde0fd9fc22c10c = "%SYSTEMDRIVE%\data\a7aa0403dc1885aacfde0fd9fc22c10c.exe"
|__ Value Added :
carl = "%windir%\system32\chicago.exe"
|__ Value Added :
directx = "[REG_EXPAND_SZ, value: %WINDIR%\olefiles\directx.exe]"
|__ Value Added :
drive32 = "%windir%\system32\videodriver.exe"
|__ Value Added :
glsetit32 = "%windir%\system32\cshost.exe"
|__ Value Added :
glsetit32 = "%windir%\system32\hatkut.exe"
|__ Value Added :
glsetit32 = "%windir%\system32\msiexec16.exe"
|__ Value Added :
GLSetIT32 = "%WINDIR%\system32\msn.exe"
|__ Value Added :
glsetit32 = "%windir%\system32\msn_messenger.exe"
|__ Value Added :
glsetit32 = "%windir%\system32\needle2.exe"
|__ Value Added :
glsetit32 = "%windir%\system32\sound mixer.exe"
|__ Value Added :
hacker = "%windir%\system32\taken excerpt.exe"
|__ Value Added :
hackor = "%windir%\system32\taken excerpt.exe"
|__ Value Added :
internalsystray = "%windir%\system32\kernel32.exe"
|__ Value Added :
ivery = "%windir%\system32\coldbloded.exe"
|__ Value Added :
kelly = "%windir%\system32\chicago.exe"
|__ Value Added :
lsacntrl = "%WINDIR%\system32\befad35bb6969fbcad5462f17ea7481d.exe"
|__ Value Added :
Microsoft Synchronization Manager = "bot.exe"
|__ Value Added :
mshost16 = "%windir%\system32\mshost16.exe"
|__ Value Added :
msitry = "%windir%\msiexe16.exe"
|__ Value Added :
msn32x = "%windir%\system32\msiexec16.exe"
|__ Value Added :
optixpro = "%windir%\optixpro.exe"
|__ Value Added :
PAVCHck = "%WINDIR%\system32\pavchck32.exe"
|__ Value Added :
Registry Scanner = "%WINDIR%\system32\regscanr.exe"
|__ Value Added :
RunDLL = "%WINDIR%\system32\rundll.exe"
|__ Value Added :
ShelWin32 = "%WINDIR%\system32\winshel32.exe"
|__ Value Added :
sutter = "%windir%\system32\chciago.exe"
|__ Value Added :
svch0st = "%windir%\system32\svch0st.exe"
|__ Value Added :
taskmgr = "%windir%\system32\taskmgr.exe"
|__ Value Added :
vscanner = "%WINDIR%\spooll32.exe"
|__ Value Added :
vscanner = "%windir%\system32\spooll32.exe"
|__ Value Added :
wincfg = "%windir%\system32\wintopsg.exe"
|__ Value Added :
winfax = "%windir%\system32\winfax"
|__ Value Added :
winn = "%windir%\system32\wink.exe"
|__ Value Added :
winupdate = "%windir%\system32\updt.exe"
|__ Value Added :
glsetit32 = "%windir%\system32\hatkut.exe"
|__ Value Added :
glsetit32 = "%windir%\system32\msiexec16.exe"
|__ Value Added :
glsetit32 = "%windir%\system32\msn.exe"
|__ Value Added :
ivery = "%windir%\system32\coldbloded.exe"
|__ Value Added :
Microsoft Synchronization Manager = "bot.exe"
|__ Value Added :
mshost16 = "%windir%\system32\mshost16.exe"
|__ Value Added :
msn32x = "%windir%\system32\msiexec16.exe"
|__ Value Added :
PAVCHck = "%WINDIR%\system32\pavchck32.exe"
|__ Value Added :
Registry Scanner = "%WINDIR%\system32\regscanr.exe"
|__ Value Added :
svch0st = "%windir%\system32\svch0st.exe"
|__ Value Added :
winn = "%windir%\system32\wink.exe"
|__ Value Added :
winupdate = "%windir%\system32\updt.exe"
Creates the following child process(s) on execution:

services.exe

%windir%\system32\svchost.exe -k netsvcs

Creates the Following MUTEX(s) on user's System:-
ral143ba53b
143ba53b::wk

NOTE:

1. %allusersprofile% Refers to the windows all users profile folder. By default it is 'C:\Documents and Settings\All Users'
2. %homepath% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
4. %workingdir% Refers to the current directory in which user is working.
5. %systemdrive% Refers to the windows System drive folder. By default it is 'C:\'
6. %temp% Refers to the windows temp folder. By default it is 'C:\Documents and Settings\[user]\Local Settings\Temp'
7. %windir% Refers to the windows root folder. By default it is 'C:\Windows'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.