Your computer's memory Spyware lurking in your computer's memory can attack your computer or steal personal information. Internet Explorer Setting Modification Many viruses and spyware programs change Internet Explorer settings, including the home page, trusted Web sites, proxy server settings, and menu extensions. New Startup Program Malicious applications usually add or modify autostart entries in the Windows registry to automatically launch every time the computer starts. Hosts File Modification The Hosts file matches domain names with IP addresses. Many malicious programs modify the Hosts file so that the Web browser is redirected to infected, non-existent, or fake Web sites. New Internet Explorer Plugin Spyware programs often install unwanted Internet Explorer plugins, including toolbars and Browser Helper Objects. ActiveX and other downloaded software ActiveX controls and other programs that are downloaded and installed from the Internet are common sources of malware and spyware infection. Windows shell configuration settings Suspicious new Window shell execution hooks, open commands, shell extensions, and shell folder changes may indicate the presence of spyware. Such modifications can allow spyware to slow down or hijack Windows Explorer and keep track of the programs you use. New Service Windows services are processes that have special functions and typically run continuously in the background with full administrative access. Malicious programs sometimes install themselves as services to stay hidden. Security Policy Modification Modifications in Windows Security Policy can allow unwanted applications to run and change system settings. Layered Service Provider A Layered Service Provider (LSP) can manipulate inbound and outbound network traffic. Malicious programs can use LSPs to intercept network communication and gain network access. Shortcut Links File System Spyware may lurk on any disk, drive, or removable media attached to your computer. Registry Bad Internet Browser Cookies Add / Remove Programs Your computer's memory contains spyware that could try to steal personal information from you. Path: Filename: Your Internet Explorer Home Page Your Internet Explorer home page has changed to a web site different from what you had previously set. Unless removed, "Web browser hijackers" may repeatedly change your home page to another Web site. Value: Internet Explorer Home Page for this Computer Your Default Internet Explorer Home Page Default Internet Explorer Home Page for this Computer Your Internet Explorer Search Page The Search feature in Internet Explorer has changed. The correct page may no longer open when you click the Search button or type the address of a Web site in the address bar. Internet Explorer Search Page for this Computer Your Default Internet Explorer Search Page Default Internet Explorer Search Page for this Computer Your Internet Explorer Search Bar Internet Explorer Search Bar for this Computer Web Site Address of Your Internet Explorer Search Assistant Web Site Address of this Computer's Internet Explorer Search Assistant Your Customized Web Site Address for the Search Feature in Internet Explorer Customized Web Site Address for the Search Feature in this Computer's Internet Explorer Default Web Site Address for Your Internet Explorer Search Assistant Default Web Site Address of this Computer's Internet Explorer Search Assistant Web Site Address Key for Your Search Feature in Internet Explorer Web Site Address Key for Your Computer's Search Feature in Internet Explorer Default Web Site Address Prefix The default Web site address prefix has changed. Spyware may alter this setting to reroute all of your attempts to open Web sites, and hackers can use such changes run software on your computer. Web Site Address Prefix Default Web Site Address Prefix File Transfer Protocol (FTP) Web Site Address Prefix Default Gopher Web Site Address Prefix Home Page Address Prefix Mosaic Web Site Address Prefix "About" Protocol Handler Your "About" protocol handler has changed. By setting your home page to "about:blank," spyware can then deliver advertisements, pop-up messages, and more dangerous forms of spyware to your computer. Internet Explorer Home Page Changed The default home page for Internet Explorer specified in IERESET.INF has changed. Spyware can use the settings in this file to change your Web browser settings when you select "Reset Web Settings" in Internet Explorer. Internet Explorer Search Page The default search page for Internet Explorer specified in IERESET.INF has changed. Spyware can use the settings in this file to change your Web browser settings when you select "Reset Web Settings" in Internet Explorer. Your Style Sheet Your default Internet Explorer style sheet settings have changed. Spyware can make such changes to modify how Web pages look and behave when opened with Internet Explorer. Your Computer's Style Sheet Web Site Address of Your Internet Search Feature Local Page Web Site Address of the Search Feature in Your Internet Explorer Web Site Address of the Search Feature in Your Computer's Internet Explorer Your Internet Explorer Local Page Your Computer's Internet Explorer Local Page Proxy Server: The proxy server settings for Internet Explorer have changed. By modifying your proxy server settings, spyware can intercept, alter, or mask the contents of Web pages before you see them. Proxy server is currently enabled New "Safe" Web Site A new Web site now appears on Internet Explorer's list of safe web sites. Internet Explorer does not enforce any security restrictions when dealing with Web sites on this hidden list. Spyware may add untrustworthy Web sites to the list and then download dangerous software from those Web sites onto your computer. URL: New "Trusted" Web Site A new Web site now appears on your computer's local list of trusted Web sites. Internet Explorer enforces only minimal security restrictions when dealing with trusted Web sites to simplify tasks like downloading software. Spyware may add untrustworthy Web sites to the list and then download dangerous software from those Web sites onto your computer. URL: A new Web site now appears on Internet Explorer's list of trusted Web sites on your Local Intranet. Internet Explorer enforces only minimal security restrictions when dealing with trusted Web sites to simplify tasks like downloading software. Spyware may add untrustworthy Web sites to the list and then download dangerous software from those Web sites onto your computer. URL: A new Web site now appears on Internet Explorer's list of trusted Web sites. Internet Explorer enforces only minimal security restrictions when dealing with trusted Web sites to simplify tasks like downloading software. Spyware may add untrustworthy Web sites to the list and then download dangerous software from those Web sites onto your computer. URL: A new Web site now appears on your Internet list of trusted Web sites. Internet Explorer enforces only minimal security restrictions when dealing with trusted Web sites to simplify tasks like downloading software. Spyware may add untrustworthy Web sites to the list and then download dangerous software from those Web sites onto your computer. URL: A new Web site now appears on Internet Explorer's list of restricted Web sites. Internet Explorer enforces the strictest security restrictions on restricted Web sites, regarding them as untrustworthy by default. Spyware may add the Web sites of popular computer security companies to this list in an attempt to prevent you from downloading new security software that can stop dangerous spyware. URL: Context Menu Item: A new option now appears on the list that opens when you right-click a menu in Internet Explorer. If made without your consent, such changes may indicate the presence of spyware on your computer. Menu Option: URL: Security Setting: "Do not save encrypted pages to disk" DISABLED With this security restriction disabled, Internet Explorer can save encrypted Web pages on your computer. As a result, a hacker or spyware could save and then examine Web pages that you have opened through a seemingly secure connection (HTTPS). "Do not save encrypted pages to disk" DISABLED Security Setting: "Enable integrated Windows authentication" DISABLED An Internet Explorer security setting has changed. This new setting may allow spyware to circumvent your Web browser's security restrictions. "Enable integrated Windows authentication" DISABLED Security Setting: "Warn about invalid site certificates" DISABLED Trustworthy Web sites maintain valid site certificates to prevent other Web site from assuming their identity. Spyware often tries to infiltrate your computer from Web sites that lack valid site certificates. With this setting disabled, Internet Explorer will not issue a warning when you open a Web site lacking a valid site certificate. "Warn about invalid site certificates" DISABLED Security Setting: "Warn if submitted forms get redirected" DISABLED An Internet Explorer security setting has changed. As a result, you may not notice if spyware sends personal information you have submitted on a form to a Web site different from the intended destination. "Warn if submitted forms get redirected" DISABLED Security Setting: "Warn when changing between secure and not secure modes" DISABLED An Internet Explorer security setting has changed. As a result, you may not notice when spyware redirects you from a secure Web site (https) to an unsecured Web site (http). "Warn when changing between secure and not secure modes" DISABLED Security Setting: "Empty Temporary Internet Files folder when closing browser" DISABLED An Internet Explorer security setting has changed. This new setting may allow spyware to examine files you have opened and temporarily stored on your computer while browsing the Internet. "Empty Temporary Internet Files folder when closing browser" DISABLED Security Setting: "Enable Profile Assistant" DISABLED "Enable Profile Assistant" DISABLED Security Setting: "Allow software to run or install even with an invalid signature" ENABLED You should not install or run software without a valid digital signature because you have no way of knowing if you should trust the publisher of the software. An invalid signature often indicates that someone has tampered with legitimate software (often to incorporate dangerous features) or does not want to take responsibility for circulating spyware. With this setting disabled, Internet Explorer will not issue a warning when you attempt to install or run this kind of suspicious software. "Allow software to run or install even with an invalid signature" ENABLED Security Setting: "Check signatures of downloaded programs" DISABLED You should not install or run software without a valid digital signature because you have no way of knowing if you should trust the publisher of the software. An invalid signature often indicates that someone has tampered with legitimate software (often to incorporate dangerous features) or does not want to take responsibility for circulating spyware. With this setting disabled, Internet Explorer will not check if the software you download has a valid digital signature. "Check signatures of downloaded programs" DISABLED Security Setting: "Allow active content from CD-ROMs to run on my computer" ENABLED Active content refers to software written in the Java, JavaScript, or ActiveX programming language that runs automatically when opened with your Web browser. Spyware delivered as active content within files on a CD-ROM can harm your computer unless you disable this security setting. "Allow active content from CD-ROMs to run on my computer" ENABLED Security Setting: "Allow active content in files to run on my computer" ENABLED Active content refers to software written in the Java, JavaScript, or ActiveX programming language that run automatically when opened with your Web browser. Spyware delivered as active content within files can harm your computer unless you disable this security setting. "Allow active content in files to run on my computer" ENABLED Registry An new entry added to your computer's registry will load a suspicious program automatically the next time you start your computer. Registry Key: Registry Name: Program: Win.ini A change in your WIN.INI initialization file will make a suspicious program load automatically the next time you start your computer. File: Program: System.ini A change in your SYSTEM.INI initialization file will make a suspicious program load automatically the next time you start your computer. Startup Group A new shortcut added to the Startup group in your Start button menu will make a suspicious program load automatically the next time you start your computer. Shortcut: Program: Hosts File Changed Your Hosts file, which your computer uses to find Web sites on the Internet, contains a suspicious new entry. Web browser hijackers and some phishing fraud schemes can exploit your hosts file to feign the appearance of web sites you trust to collect your personal information. Host: IP Address: Comments: Internet Explorer Browser Helper Object (BHO) Internet Explorer has added a new Browser Helper Object. These miniature programs load automatically and normally deliver extra capabilities for the benefit of Internet Explorer, such as customizing menus or controlling Internet traffic. Some spyware can assume the role of a Browser Helper Object to monitor or manipulate which Web sites you open. Plug-in File: GUID: Internet Explorer Toolbar Internet Explorer has added a new toolbar. Dangerous spyware may lurk within a seemingly useful toolbar. Explorer Bar for Internet Explorer Internet Explorer has added a new Explorer bar. The Search Companion that opens alongside Internet Explorer when you click the Search button is an example of an Explorer bar. Dangerous spyware may lurk within a seemingly useful Explorer bar. Internet Explorer Web Site Search Hook Internet Explorer has added a new Web Site Search hook. Internet Explorer uses search hooks to translate unusual Web site addresses, and some spyware may use search hooks to open untrustworthy Web sites for you. You have downloaded and installed new software from a web site through Internet Explorer. This software permits the installation of still other software components with even more access to your computer without your approval (so-called "drive-by downloads"). Once enough downloaded components have accumulated on your computer, very dangerous software can start running without your permission. Description: Source URL: Component File(s): Windows Explorer Shell Execution Hook A Shell Execution Hook helps hackers keep track of what software you run. Description: Component File(s): Windows Explorer Shell Open Command A new "Windows shell open" option now appears on the list that opens when you right-click a menu in Windows Explorer. If made without your consent, such changes may indicate the presence of spyware on your computer. Menu Item: Component File(s): Windows Explorer Context Menu Handler A new "context menu handler" option now appears on the list that opens when you right-click a menu in Windows Explorer. If made without your consent, such changes may indicate the presence of spyware on your computer. Menu Item: Component File(s): GUID: Windows Explorer Approved Shell Extension Your computer has just installed a new "approved shell extension." Windows maintains a list of approved shell extensions to protect your computer from damage inflicted by malfunctioning software or software seeking to harm your computer. If made without your consent, such changes may indicate the presence of spyware on your computer. Description: Component File(s): GUID: Windows Explorer Shell Folder Setting The configuration of a Windows shell folder, which allows Windows to find program files and your personal folders, has changed. If made without your consent, such changes may indicate the presence of spyware on your computer. Description: Folder Location: New Windows Service Found Windows Service programs can run even when you have not logged in, often with administrative access to your computer. Spyware can use Windows Services to hijack your computer for illegal purposes. Display Name: Program: Windows Update Currently Disabled You must enable the Windows Update feature to get new downloads from the Microsoft Web site. Many of these downloads solve new security problems discovered in Windows and exploited by spyware and hackers. Windows Update Currently Disabled Windows Update Service Currently Disabled The Windows Update service automatically downloads and installs new improvements from the Microsoft Web site as they become available. Since many of these downloads solve new security problems discovered in Windows and exploited by spyware and hackers, you should keep the Windows Update service enabled at all times. Windows Update Service Currently Disabled Windows Restrictions on Run Settings Currently Disabled Windows allows you to restrict what software you can run from this computer. By enabling this feature, you can help prevent certain forms of spyware from harming your computer. Windows Restrictions on Run Settings Currently Disabled Registry Tool Restrictions You have configured but not activated restrictions on your registry tool. These settings determine if you can run REGEDIT and related Window operating system registry management software. Certain kinds of dangerous software disable REGEDIT so that you cannot undo changes made to the registry. General Subtype Policies General Subtype Policies "Do not allow anonymous enumeration of Security Accounts Manager (SAM) accounts and shares" DISABLED Your version of Microsoft Windows use a Security Account Manager (SAM) database to store login and security information for people using the computer. To prevent hackers or spyware from gaining access to the SAM database and harming your computer, you should keep this Windows feature enabled at all times. "Do not allow anonymous enumeration of Security Accounts Manager (SAM) accounts and shares" DISABLED "Let 'EVERYONE' permissions apply to anonymous users" ENABLED You should never give strangers access to your computer. Spyware and hackers can take advantage of the slightest opening to begin prying into the contents of your computer, so you should keep this Windows feature enabled at all times. "Let 'EVERYONE' permissions apply to anonymous users" ENABLED "Sharing and security model for local accounts" NOT SET TO MAKE "local users authenticate as guests" You should never give strangers access to your computer. If people connecting to your computer do not even need to identify themselves as guests, then you risk allowing spyware and hackers to examine the contents of your computer without your knowledge. You should make "local users authenticate as guests" at all times. "Sharing and security model for local accounts" NOT SET TO MAKE "local users authenticate as guests" "Restrict local accounts using blank passwords to console login only" DISABLED You should never give strangers access to your computer. By restricting what people can do with your computer without submitting a password (a "blank" password means no password at all), you can help prevent hackers and spyware from gaining a foothold on your computer that they may later exploit. You should "restrict local accounts using blank passwords to console login only" at all times. "Restrict local accounts using blank passwords to console login only" DISABLED "Do not require CTRL-ALT-DELETE to unlock" ENABLED Requiring everyone to press the Ctrl, Alt, and Delete keys on your keyboard simultaneously to unlock your computer prevents spyware and hackers from easily working on your computer without your knowledge. To help protect your computer, you should keep this feature disabled at all times. "Do not require CTRL-ALT-DELETE to unlock" ENABLED Your computer currently does not require Active Authentication to unlock the screen saver. The Active Authentication setting determines if you must submit your login name and password to unlock the screen saver. To help prevent spyware and hackers from gaining access to your computer in your absence, you should always require Active Authentication to unlock a password-protected screen saver. Your computer currently does not require Active Authentication to unlock the screen saver. This computer lets you log in automatically using a hard-coded, unencrypted password stored in the Windows registry. Spyware and hackers can find and use an unencrypted password stored in the Windows registry to open and examine the contents of your computer. To help protect your computer, you should either encrypt the password or disable this automatic login system. This computer lets you to log in automatically using a hard-coded, unencrypted password stored in the Windows registry. Layered Service Provider Warning Your computer's network configuration contains a new Layered Service Provider. Spyware can exploit Layered Service Providers (LSPs) to gain basic network access to your computer and enable unusual custom communication systems for nefarious purposes. Registry Name: File Location: File Name: (TBD) (TBD) File Location: Trackware This type of software secretly collects information about the Web sites you visit or how you use your computer, and then sends the results to other computers through the Internet. The recipients may use the information gathered for purposes as simple as marketing or as dangerous as identity theft. Please remove this software immediately to protect your privacy. Adware This type of software displays advertisements, and often comes packaged with software used for some other purpose, such as file sharing. "Free" software may include adware to generate revenue for the author and offset development costs. Unfortunately, some adware also secretly collects information about the Web sites you visit or how you use your computer, and then sends the results to other computers through the Internet. The recipients may use the information gathered for purposes as simple as marketing or as dangerous as identity theft. Please remove this software immediately to protect your privacy. Cookie Your Web browser automatically creates small files called "cookies" to keep track of information needed when visiting particular Web sites. Companies can secretly use these files to track how often you visit a particular Web site or gather other information about the Web sites you visit. To keep your online habits private, you can remove the cookies used by the most common advertising companies. Please do not remove cookies that help you easily log into the Web sites you frequently use. Cookies associated with unfamiliar web sites you should remove to help protect your privacy. Dialer This kind of software secretly configures Windows to start a dial-up network connection to a telephone number that charges you for the call. Because you may not notice your computer making the call or see the charge until receiving your telephone bill, the criminals responsible have time to escape before you can dispute the charge with your credit card or telephone company. Remove this dialer software immediately to prevent this form of crime. Security Weakness Your current security settings make your computer susceptible to attack by viruses, spyware, or hackers. Please change your security settings to correct this problem. General This suspicious new program or change to your settings has characteristics similar to known dangers, but does not precisely match a defined category or type. Although suspicious, this new software or change may serve a legitimate purpose. Please investigate further before taking steps to correct this possible problem. Keylogger This software allows other people to record which keys you press on your keyboard and the information that appears on your screen. Some varieties even secretly grant other people complete access to your computer through the Internet. Criminals use key loggers to steal your passwords, credit card or financial account numbers, and other sensitive private information. Remove this software immediately to prevent the theft of your personal information. Trojan Like the legendary Trojan horse used by ancient Greek warriors to slip inside the walls of Troy, Trojan horse programs seem harmless (or even useful) until opened. This software then secretly performs some nefarious task, like monitoring how you use your computer, stealing personal information from your hard drive, or even taking control your computer to attack others. Remove this Trojan horse program immediately to keep your computer and personal information safe. Suspect Although not definitively identified, this software has characteristics similar to those of dangerous known spyware. Although it resembles spyware, this software may serve a legitimate purpose. Please investigate this software further before deciding to remove it. Hijacker This kind of software changes your Web browser's current settings, such as the address of your home page, safeguards against unwanted Web browser cookies, or Web page content controls. Please remove this Web browser hijacker to help keep your computer and personal information safe. Parasite This kind of spyware hides itself within seemingly harmless software to get onto your computer without your informed consent for undisclosed purposes. Please remove this parasite software to help keep your computer free of unwanted programs and potentially dangerous spyware. Browser Helper Object These miniature programs load automatically and normally deliver extra capabilities for the benefit of Internet Explorer, such as customizing menus or controlling Internet traffic. Some spyware can assume the role of a Browser Helper Object to monitor or manipulate which Web sites you open. Unless legitimate software installed this browser helper object for a necessary purpose, you should remove this browser helper object. Layered Service Provider Your computer's network configuration contains a new Layered Service Provider. Spyware can exploit Layered Service Providers to gain basic network access to your computer and enable unusual custom communication systems for nefarious purposes. Unless legitimate software installed this new Layered Service Provider for a necessary purpose, you should remove this new Layered Service Provider. URL Shortcut This new shortcut to a Web address found in your Internet Browser or on your computer's desktop may have resulted from the installation of legitimate software or spyware. Please make sure that this shortcut does not serve a legitimate purpose before removing the shortcut. Peer To Peer This kind of software lets you easily exchange files with others through the Internet. Unfortunately, hackers can easily take advantage of this software to sneak spyware disguised as desirable software onto your computer. Please remove this peer-to-peer software to keep your computer and personal information safe. Worm Much like a computer virus, a computer worm clogs your computer with copies of itself. Unlike a virus, a worm does not depend on inserting these copies into another program or file, and worms need not wait for you to use an infected file to wreak havoc. Many worms also take advantage of networks to spread copies of themselves quickly onto many computers, overwhelming your network connection in the process. Please remove this computer worm to keep your computer and personal information safe. Downloader A software downloader coordinates the installation of software on your computer without your informed consent. Please remove this software downloader to help keep your computer free of unwanted programs and potentially dangerous spyware. Virus A computer virus is a kind of software that inserts copies of itself into other programs or files. Some viruses can slow down your computer by clogging your computer's memory and hard drive with copies of itself, while others may do something malicious (like crash your computer or erase your hard drive) at a preset time or under predetermined conditions. Please remove this virus to keep your computer and personal information safe. EULAWare This software comes with a suspicious End User License Agreement. Such a license agreement may permit updates to the software or license without notifying you, and may stipulate that you agree in advance to any future changes made, for example. Other untrustworthy license agreements may broadly permit the software to transmit any type of information to a server, and such data may include personal information about you. Please review the End User License Agreement (EULA) in detail if you wish to keep this software, or else remove the software from your computer. CWS Variant A particularly complex set of Browser hijacker variants that require innovative detect and remove techniques We strongly recommend that you remove this item as it is part of an application that could seriously damage your system or threaten your privacy Security Weakness Your current security software settings make your computer susceptible to attack by spyware or hackers. Please change your security settings to correct this problem. Security Weakness Your current security software settings make your computer very susceptible to attack by spyware or hackers. Please change your security settings to correct this problem immediately.