Virus WebHancer / TrojanDownloader.XS / Downloader.MisleadApp


[Updated on: 08/07/08 18:45 PM ]

Nama dr Virus WebHancer ternyata banyak sekali menurut dr 4 Antivirus sebagai berikut : TrojanDownloader.XS / Downloader.MisleadApp / Trojan Horse Downloader.Generic7.TOM / Trojan Horse Downloader.Generic7.SFR / Trojan Horse Downloader.Generic7.TFC / CoolWWWSearch / CoolWebSearch

Pada hari Kamis, 26 Juni 2008 lalu Gw bangun pagi2 kira2 jam 8 (Itu dah cukup pagi krn biasa bangun jam 10. Hehehe) krn ingin main game. Setelah itu Gw langsung mandi dan dll, kira2 jam 9.24 Gw nyalain komp, pertama kali saat sampe ke dekstop yg keluar yaitu SpyBots Alert bilang ada yg nambah Regedit Gw langsung bingung mang ada apa kok baru buka komp langsung gini, ya dah gw biarin. Setelah itu nongol lagi dengan bilang ada yg mau nambah StartUp, gw langsung deny change, enak aj masak ada program yg baru boot panas slese minta tambah StartUp, aneh itu. Trus nongol lagi ada yg mau tambah regedit trus gw liat di system tray kok ada Windows Update, ya dah gw biarin lagi. Eh gak tau nya dia bilang ada yg mau tambah StartUp dr “C:\Program Files\webHancer\Programs” wah gw langsung deny itu perubahan langsung gw buka ke alamat itu gw scan pake Norton ternyata bener itu virus…
WebHancer
Setelah itu ada Alert dr Windows Security Center
windowssecuritycenter
——
windowssecuritycenter
Setelah Gw mulai gak yakin ma inet Gw langsung Diskonek dr inet krn itu spyware. Gak lama kemudian spyware itu mulai aktif dan merubah Background gw
wallpaper
Dan gw dah gak bisa buka task manager gw. Langsung Gw liat StartUp gw. Unchek itu.
msconfig
gw langsung scan pake SpyBots tp anehnya setelah slese nyescannya, gw fix selected problem tetep aja begitu alias spyware masih ada
spybot-search-destroy
Yg paling parah Gw liat di History nya Norton ternyata dia baru tau virus itu baru kemarin. cpd.
norton
Setelah malam hari Gw disuruh papah Gw pake AVG Free Anti-Spyware pertamanya Gw menolak gara2 waktu pake AVG versi lama komp gw kurang RAM nya jd reboot melulu. hehehe. Eh ternyata dengan versi baru ini sudah bisa bergabung sama Norton ya dah bsk pagi-nya gw scan pake AVG gila ketemu banyak banget regeditnya
avg
Setelah itu gw install Comodo Firewall krn dia sangat berguna di saat2 kayak gini (walaupun dah telat sebenarnya) dan gw liat2 isi “C:\Windows” dan gw View Detail sama Arrange Icons By jd modified biar bisa liat yg aneh2, dan gw menemukan banyak data yaitu:
C:\WINDOWS\444.471
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\xplugin.dll
C:\WINDOWS\directx32.exe
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\time.exe
C:\WINDOWS\qttasks.exe –> Masih diragukan krn ini file dr Quicktime
C:\WINDOWS\Temp~DFDF5.tmp
dan semuanya itu dr waktu yg sama, gambar dibawah diambil 06/07/08 dan semua sudah gw masukin jd 1 folder biar gak jalan lgi di “C:\Windows”
feeling

Tp data2 yg gw dpt itu semuanya bener itu emang file2 virus itu juga dan yg 444.471 sudah diakui sama Comodo Firewall krn gw reboot ternyata file itu minta konek inet dan diakui kemarin oleh Norton
444.471

Nih data2 dr AV gw :
C:\WINDOWS\iedll.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\notepad32.exe
C:\WINDOWS\mssys.exe
C:\WINDOWS\x.exe
C:\WINDOWS\default.htm
C:\WINDOWS\users32.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\avpcc.dll
C:\WINDOWS\window.exe
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\clrssn.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\waol.exe
C:\WINDOWS\y.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\cpan.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\winajbm.dll
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\accesss.exe
C:\WINDOWS\mrofinu1974.exe
C:\Program Files\webHancer
C:\Documents and Settings\user\Local Setting\Temp\2btii.exe

Dr SpyBots :
CoolWWWSearch: [SBI $21C4E0C1] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{17DA0C9E-4A27-4AC5-BB75-5D24B8CDB972}

CoolWWWSearch: [SBI $856E2E0D] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF021F40-3E14-23A5-CBA2-717765721306}

CoolWWWSearch: [SBI $05AABB3F] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}

CoolWWWSearch: [SBI $53B1EFC5] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880}

CoolWWWSearch: [SBI $B9E15D79] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}

CoolWWWSearch: [SBI $8A4A2DFC] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D38A51A-23C9-48A1-A33C-48675AA2B494}

CoolWWWSearch: [SBI $7FD71731] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E}

CoolWWWSearch: [SBI $997CFB38] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972}

CoolWWWSearch.008k: [SBI $4BF722AC] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD9BC004-8331-4457-B830-4759FF704C22}

CoolWWWSearch.008k: [SBI $B9F681B7] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{587DBF2D-9145-4c9e-92C2-1F953DA73773}

CoolWWWSearch.008k: [SBI $7935A70E] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD9BC004-8331-4457-B830-4759FF704C22}

CoolWWWSearch.Aff.Iedll: [SBI $450485B1] Executable (File, nothing done)
C:\WINDOWS\iedll.exe

CoolWWWSearch.Aff.Iedll: [SBI $8C04C923] Executable (File, nothing done)
C:\WINDOWS\loader.exe

CoolWWWSearch.Aff.Winshow: [SBI $21A0F4E7] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2DDF680-9905-4DEE-8C64-0A5DE7FE133C}

CoolWWWSearch.Aff.Winshow: [SBI $EDDBEA88] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}

CoolWWWSearch.Aff.Winshow: [SBI $049CBFB9] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}

CoolWWWSearch.Aff.Winshow: [SBI $D5551A55] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}

CoolWWWSearch.BlowSearch: [SBI $2F81B0E2] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{79369D5C-2903-4B7A-ADE2-D5E0DEE14D24}

CoolWWWSearch.Bootconf: [SBI $805EA7D4] Executable (File, nothing done)
C:\WINDOWS\msupdate.exe

CoolWWWSearch.Dreplace: [SBI $07DD1156] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{086AE192-23A6-48D6-96EC-715F53797E85}

CoolWWWSearch.Dreplace: [SBI $EE9A4467] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{086AE192-23A6-48D6-96EC-715F53797E85}

CoolWWWSearch.Gonnasearch: [SBI $503651AA] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{799A370D-5993-4887-9DF7-0A4756A77D00}

CoolWWWSearch.Gonnasearch: [SBI $10F83C44] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A55581DC-2CDB-4089-8878-71A080B22342}

CoolWWWSearch.Gonnasearch: [SBI $640CC338] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{E7AFFF2A-1B57-49C7-BF6B-E5123394C970}

CoolWWWSearch.Gonnasearch: [SBI $F8BC1ACA] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{150FA160-130D-451F-B863-B655061432BA}

CoolWWWSearch.Leftovers: [SBI $54B61FCC] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00110011-4B0B-44D5-9718-90C88817369B}

CoolWWWSearch.Leftovers: [SBI $D28FD146] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2}

CoolWWWSearch.Leftovers: [SBI $D0C96F1F] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1}

CoolWWWSearch.Leftovers: [SBI $3BC88477] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2}

CoolWWWSearch.Leftovers: [SBI $BDF14AFD] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00110011-4B0B-44D5-9718-90C88817369B}

CoolWWWSearch.SmartSearch: [SBI $D0FDF930] Executable (File, nothing done)
C:\WINDOWS\notepad32.exe

CoolWWWSearch.Svcinit: [SBI $222D2525] Executable (File, nothing done)
C:\WINDOWS\mssys.exe

CoolWWWSearch.WCADW: [SBI $EBBDAA3B] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B847676D-72AC-4393-BFFF-43A1EB979352}

CoolWWWSearch.WinRes: [SBI $252DB9D3] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2D38A51A-23C9-48a1-A33C-48675AA2B494}

CoolWWWSearch.WinSearch: [SBI $BAFE8D4B] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CC1C91A-AE8B-4373-A5B4-28BA1851E39A}

CoolWWWSearch.Yexe: [SBI $E7391681] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3}

ToolbarCC: [SBI $E20BEABD] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1}

Smitfraud-C.gp: [SBI $7D81C16D] Executable (File, nothing done)
C:\WINDOWS\x.exe

Smitfraud-C.gp: [SBI $29222CE9] Web page (File, nothing done)
C:\WINDOWS\default.htm

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $FD4267D3] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $B2E55F62] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr

ClientMan: [SBI $7157E101] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}

ClientMan: [SBI $439564A3] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}

CoolWWWSearch.GonnaSearch: [SBI $11FB4FFB] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{150FA160-130D-451F-B863-B655061432BA}

CoolWWWSearch.GonnaSearch: [SBI $8D4B9609] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7AFFF2A-1B57-49C7-BF6B-E5123394C970}

Smitfraud-C.: [SBI $13E62E68] Executable (File, nothing done)
C:\WINDOWS\users32.exe

Smitfraud-C.: [SBI $6CA15C70] Executable (File, nothing done)
C:\WINDOWS\winmgnt.exe

Smitfraud-C.: [SBI $B10DB83E] Library (File, nothing done)
C:\WINDOWS\avpcc.dll

Smitfraud-C.: [SBI $CDB2E61E] Executable (File, nothing done)
C:\WINDOWS\window.exe

Smitfraud-C.: [SBI $2F25FB5A] Executable (File, nothing done)
C:\WINDOWS\systemcritical.exe

Smitfraud-C.: [SBI $C1D3236A] Executable (File, nothing done)
C:\WINDOWS\clrssn.exe

Smitfraud-C.: [SBI $3814E202] Executable (File, nothing done)
C:\WINDOWS\systeem.exe

Smitfraud-C.: [SBI $18599D31] Library (File, nothing done)
C:\WINDOWS\xxxvideo.hta

Smitfraud-C.: [SBI $F6F1FE46] Executable (File, nothing done)
C:\WINDOWS\waol.exe

Smitfraud-C.: [SBI $4801815D] Executable (File, nothing done)
C:\WINDOWS\y.exe

Smitfraud-C.: [SBI $9D6DEEA6] Executable (File, nothing done)
C:\WINDOWS\olehelp.exe

Smitfraud-C.: [SBI $68E08DD7] Executable (File, nothing done)
C:\WINDOWS\win32e.exe

Smitfraud-C.: [SBI $D1D74B75] Executable (File, nothing done)
C:\WINDOWS\win64.exe

Smitfraud-C.: [SBI $33A479D9] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6}

Smitfraud-C.: [SBI $4A940688] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}

Smitfraud-C.: [SBI $DE45734E] Library (File, nothing done)
C:\WINDOWS\astctl32.ocx

Smitfraud-C.: [SBI $9E628A33] Library (File, nothing done)
C:\WINDOWS\cpan.dll

Smitfraud-C.: [SBI $DF8A3C1C] Library (File, nothing done)
C:\WINDOWS\mtwirl32.dll

Smitfraud-C.: [SBI $434EE262] Library (File, nothing done)
C:\WINDOWS\winajbm.dll

Smitfraud-C.generic: [SBI $DD263D45] Executable (File, nothing done)
C:\WINDOWS\iexplorer.exe

Smitfraud-C.generic: [SBI $A897AB4F] Executable (File, nothing done)
C:\WINDOWS\accesss.exe

Keterangan2 virus dr SpyBots :

Company:
Product: ClientMan
Threat: Malware/Possibly spyware
Functionality
Unknown
Description
Unknown how it gets onto a computer, or what the exact damage it does is, but it is surely bad, as it automatically forces ZoneAlarm to accept its connect, without giving the user a choice.

Company:
Product: CoolWWWSearch
Threat: Hijacker
Description
This piece of malware hijacks the IE start page and redirects to its own sites. This will then lead to a malicious web search page causing popup windows while using IE. The sites may also advertise trojans and/or install them directly without user consent.

Company: CoolWWWSearch
Product: CoolWWWSearch.008k
Threat: Hijacker
Company privacy URL:
_none_
Functionality
not stated
Description
gets installed through security holes and trojans
hooks up to IE and Explorer
also helps other trojans and hijackers to get onto the system
Privacy Statement
None

Product: CoolWWWSearch.Aff.Winshow

Product: CoolWWWSearch.BlowSearch

Product: CoolWWWSearch.BootConf

Company:
Product: Smitfraud-C.
Threat:
Description
This program installs itself through the internet and creates new desktop wallpaper. This wallpaper looks like a Windows 98 blue screen and contains a warning that the computer is infected with viruses, that one should download run a virus scanner and that the computer wouldn’t work in normal mode. In addition to this one gets a desktop icon leading to a pretended anti virus application named PSGuard. Scanning the computer with this software will return a virus found (that was installed by this software itself). In order to remove this virus one has to download the full version for about 20 EUR.
Another unpleasant effect of Smitfraud-C. is that some configuration options in the Control Panel will no longer be available. This way it stops the user from changing the wallpaper and forces him to keep the blue screen. Overall Smitfraud-C is a very sneaky software trying to sell PSGuard by frightening less experienced users.

Company:
Product: CoolWWWSearch.Dreplace
Threat: Hijacker
Description
Part of the CoolWWWSearch hijackers. It installs itself without any permission in background. It hooks itself to the Internet Explorer and redirects it´s searches and/or homepage to CoolWWWSearch websites, which harbor other malware or fraudware

Company:
Product: CoolWWWSearch.GonnaSearch
Threat: Trojan
Functionality
supposed to be a browser helper object with search functions for the Internet Explorer
Description
This trojan horse gets installed in background, it runs in various deceptive form in background, allows other malware and trojans to enter the computer and promotes malicious security software.

Company:
Product: CoolWWWSearch.Leftovers
Threat: Hijacker
Description
Part of the CoolWWWSearch hijackers. It installs itself without any permission in background. It hooks itself to the Internet Explorer and redirects it´s searches and/or homepage to CoolWWWSearch websites, which harbor other malware or fraudware. ToolbarCC appears to be a part of this hijacker.

Company:
Product: CoolWWWSearch.SmartSearch
Threat: Hijacker
Company URL:
_xxx.magicsearch.XX_
Company product URL:
_xxx.magicsearch.XX_
Description
It redirects your Internet Explorer start page and search page, to XXX.magicsearch.Xx and tries to download files from the internet. Autorun entries are created to load the downloaded files on every Windows start.

Product: CoolWWWSearch.Svcinit

Company: CoolWWWSearch
Product: CoolWWWSearch.WCADW
Threat: Hijacker
Company privacy URL:
_none_
Functionality
not stated
Description
Browserhijacker that redirects the browser and adds its own bookmarks to the IE favorites
gets installed through trojans, also helps in installation of more trojans
Privacy Statement
None

Company:
Product: CoolWWWSearch.WinRes
Threat: Hijacker
Description
Part of the CoolWWWSearch hijackers. It installs itself without any permission in background. It hooks itself to the Internet Explorer and redirects its searches and/or homepage to CoolWWWSearch websites, which habor other malware or fraudware.

Product: CoolWWWSearch.WinSearch

Product: CoolWWWSearch.Yexe

Company:
Product: Microsoft.WindowsSecurityCenter.TaskManager
Threat: Security
Functionality
The Windows Taskmanager can be disabled through policy settings by administrators.
Description
This will be shown if someone disabled your Taskmanager. In an office or educational environment the system administrator may have done this. In a private environment this is either done by yourself or malicious software. Please check if these settings are actually wanted.

Company:
Product: WindowsSecurityCenter_disabled
Threat: Security
Functionality
if the Windows Security Center is disabled this entry will be shown
Description
Malware can disable the Windows Security Center to make your System more vulnerable.
If you have other security software suit installed, this may also deactivate the Windows Security Center to avoid double warning messages.

Company:
Product: Smitfraud-C.gp
Threat: Malware
Description
Smitfraud-C.gp is a collection of Smitfraud-C. variants. These variants usually get installed by exploits, social engineering or bundled with other malware. They also download other malware and trojan horses. Symptoms include unknwon browser helper objects, fake security messages, fake security software, pop up advertising, browser redirects or hijacking.

Product: ToolBarCC

Company:
Product: Smitfraud-C.generic
Threat: Trojan
Description
Smitfraud-C.generic is a collection of generic rules for the detection of Smitfraud-C. which installs itself without user consent, fakes legit software, downloads and installs additional malware and/or trojan horses.1

Company:
Product: Win32.Small.ny
Threat: Trojan
Description
Win32.Small.ny disguises as IEXPLORER.EXE in the Windows directory. It connects to a russian server and runs in background without user consent. May be used to establish a botnet.

Dr AVG :
“Scan “”Scan whole computer”” was finished.”
“Infections found:”;”6″
“Infected objects removed or healed”;”6″
“Not removed or healed.”;”0″
“Spyware found:”;”0″
“Spyware removed:”;”0″
“Not removed:”;”0″
“Warnings count:”;”31″
“Information count:”;”0″
“Scan started:”;”Friday, June 27, 2008, 6:51:58 AM”
“Total object scanned:”;”0″
“Time needed:”
“Errors encountered:”;”0″

“Infections”
“File”;”Infection”;”Result”
“C:\WINDOWS\system32\iftuyszv.exe”;”Trojan horse Downloader.Generic7.TOM”;”Moved to Virus Vault”
“C:\WINDOWS\system32\iftuyszv.exe (1700)”;”Trojan horse Downloader.Generic7.TOM”;”Reboot is required to finish the action”
“C:\Documents and Settings\user\Local Settings\Temp\snpp.exe:\$CF\netrax06\netrax061083.exe”;”Trojan horse Downloader.Generic7.SFR”;”Moved to Virus Vault”
“C:\Documents and Settings\user\Local Settings\Temp\snpp.exe”;”Trojan horse Downloader.Generic7.SFR”;”Moved to Virus Vault”
“C:\Documents and Settings\user\runUpdater.exe”;”Trojan horse Downloader.Generic7.TFC”;”Moved to Virus Vault”
“C:\WINDOWS\lfn.exe”;”Trojan horse Downloader.Generic7.TOM”;”Moved to Virus Vault”

“Warnings”
“File”;”Infection”;”Result”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFD2825E-0785-40C5-9A41-518F53A8261F}”;”Found Adware.TitanShieldAntispyware”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8333C319-0669-4893-A418-F56D9249FCA6}”;”Found Adware.TitanShieldAntispyware”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}”;”Found Adware.TitanShieldAntispyware”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}”;”Found Adware.TitanShieldAntispyware”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}”;”Found Adware.NewDotNet”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C78AB3F-A857-482e-80C0-3A1E5238A565}”;”Found Adware.Isearch”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11904CE8-632A-4856-A7CC-00B33FE71BD8}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00110011-4B0B-44D5-9718-90C88817369B}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D38A51A-23C9-48a1-A33C-48675AA2B494}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C4DA27D-4D52-4465-A089-98E01BB725CA}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{150FA160-130D-451F-B863-B655061432BA}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88D758A3-D33B-45FD-91E3-67749B4057FA}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{086AE192-23A6-48D6-96EC-715F53797E85}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A6F42CAD-2559-48DF-AF30-89E480AF5DFA}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE7C3CF0-4B15-11D1-ABED-709549C10000}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF021F40-3E14-23A5-CBA2-717765721306}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2B2B5A1-B48C-4886-A318-723916A01024}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7AFFF2A-1B57-49C7-BF6B-E5123394C970}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FD9BC004-8331-4457-B830-4759FF704C22}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880}”;”Found Adware.Generic”;”Moved to Virus Vault”
“HKLM\SOFTWARE\Classes\WR”;”Found Adware.Generic”;”Moved to Virus Vault”

“C:\WINDOWS\portsv.exe”;”Trojan horse Agent.XHW”;”Moved to Virus Vault”
“C:\WINDOWS\portsv.exe (2880)”;”Trojan horse Agent.XHW”;””

Dr a-squared HiJackFree :
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} detected: Trace.Registry.CWS.PayForTraffic.net
Key: HKEY_CLASSES_ROOT\clsid\{9afb8248-617f-460d-9366-d71cdeda3179} detected: Trace.Registry.FunWebProducts
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\FunWebProducts\Settings\Yahoo –> SessionCount detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\FunWebProducts\Settings\Yahoo –> SessionTimestamp detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Macrogaming\SweetIM –> simapp_id detected: Trace.Registry.Sweet IM
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Cache –> http://www.sweetim.com/simiebar/toolbar30.xml detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar\tb_items –> sim_highlight_btn_id detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar\tb_items –> sim_main_btn_id detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar\tb_items –> sim_main_menu_feedback_item detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar\tb_items –> sim_main_menu_forum_item detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar\tb_items –> sim_main_menu_home_item detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar\tb_items –> sim_main_menu_privacy_item detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar\tb_items –> sim_main_menu_search_item detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar\tb_items –> sim_search_btn_id detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar\tb_items –> sim_search_combo detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar\tb_items –> sim_search_menu_google_srch_item detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar\tb_items –> sim_search_menu_MSN_srch_item detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar\tb_items –> sim_search_menu_sim_srch_item detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar\tb_items –> sim_search_menu_yahoo_srch_item detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar\tb_items –> sim_sweetim_btn detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> KeepHistory detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> lastVersionMsg detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> OldOS detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> OpenNew detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> PopStop detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> RunSearchAutomatically detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> RunSearchDragAutomatically detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> Scope detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> serverpath detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> ShowFindButtons detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> ShowHighlightButton detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> TBBreak detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> TBPos detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> TBShow detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> TBWidth detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> toolbar_id detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> toolbar_version detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> ToolbarIsFailed detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> uninstallMsg detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> UpdateAutomatically detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> updateMsg detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> updateUrl detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> updateXML detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> urlAfterUninstall detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> urlAfterUpdate detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> UserAgent detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_USERS\S-1-5-21-861567501-1770027372-1801674531-1003\Software\SWEETIE\Toolbar –> versionError detected: Trace.Registry.SweetIMBarForIE
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar –> {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} detected: Trace.Registry.SweetIMBarForIE
C:\Documents and Settings\user\Cookies\user@bs.serving-sys[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\user\Cookies\user@serving-sys[2].txt detected: Trace.TrackingCookie

Baca Informasi artikel SpyBots
Baca ini Saran Tentang Virus

Advertisements

6 Responses to Virus WebHancer / TrojanDownloader.XS / Downloader.MisleadApp

  1. W-cH's says:

    sepertinya di dalam artikel ini, anda memposting tentang banyak virus.

    ya.. lebih bagus bagaimana kalau di pisah-pisah

    sebagai catatan saja, windows security center palsu tidak termasuk dalam payload webhancer.

    webhancer seharusnya bekerja dengan diam-diam

    jika anda memerlukan remover, ini website removernya, asli dari webhancer:
    http://www.webhancer.com lalu lihat bagian removal
    perhatian bagu pengguna win nt dan 2000. lebih baik anda mencari alternatif lain

    jika anda ingin menginstalnya, terserah. anda tinggal mengklik download di website itu :-D. Paket software termasuk webhancer dan pengukur kecepatan internet+statistik.

    sebenarnya webhancer berguna untuk mengumpulkan informasi tentang aktifitas browsing anda, meliputi :
    -berapa lama waktu yang anda perlukan untuk terhubung di website itu
    -berapa kali anda gagal dan berhasil untuk terhubung
    -anda pergi ke mana saja sebelum dan setelah melihat website itu
    -kemungkinan akan merekam barang apa saja yang dibeli melalui onlne shopping
    -dan lain-lain, seperti program mata-mata

    program ini dapat didistribusikan melalui bundling program-program.
    tetapi ketika webhancer ini akan menginstal dirinya, user akan diberi tahu.
    menurut pengakuan websitenya.

    Terima Kasih.

    Albertus ChW : “sepertinya di dalam artikel ini, anda memposting tentang banyak virus.” tp itu webhancer kan bagi spybots itu coolwebsearch dan kata spybots dia mendownload trojan lain, berarti bagi gw itu 1 tim. “www.webhancer.com” Kata pak yahoo itu ada bahaya download. “tetapi ketika webhancer ini akan menginstal dirinya, user akan diberi tahu.” Mana mungkin gw aja baru buka komp ma inet langsung kena. Terima Kasih juga atas data2nya

    W-cH’s : “tetapi ketika webhancer ini akan menginstal dirinya, user akan diberi tahu.” Mana mungkin gw aja baru buka komp ma inet langsung kena.
    ==> Perhatian, itu menurut websitenya.
    mungkin saja bisa diinstal karena ada trojan downloader

    Albertus ChW : “==> Perhatian, itu menurut websitenya.
    mungkin saja bisa diinstal karena ada trojan downloader” Perhatikan tp itu webhancer kan bagi spybots itu coolwebsearch dan kata spybots dia mendownload trojan lain, berarti bagi gw itu 1 tim.

  2. AlexM says:

    Your blog is interesting!

    Keep up the good work!

    Albertus ChW : Thanks 4 coming n ur praise

  3. Elisha Broks says:

    This post gave us an important Brainstorm session of all the probabilities we can make use of on our blog.

  4. dafil says:

    coba pake iobit360 sok….pasti ke deteksi.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: