Scan Spyware on Twitter
Saturday, March 25, 2017

Bookmark and Share



affilred


        Download

Type: browser hijacer, adware

Alias: adware.affilred

Description: Affilred is a browser hijacker adware that blocks access to numerous web sites and redirects a web browser to predefined Internet resources. It automatically runs on every Windows startup. Affilred creates lots of files in different locations, so it is quite difficult to get rid of.

affilred

Warning: A spy-ware removal software uses certain rules for detection and removal of spy-ware, malware, ad-ware and trojan from your PC. ScanSpyware.Net provides this information "AS IS" without warranty of any kind. Your use of this information is at your own risk. We strictly restrict you from using this information if you are not sure about what you are doing.


Recommendation 1: We recommend you to take a backup of Windows Registry before following these manual spyware removal instructions to fix your PC. You can do this by either creating a Restore Point using System Restore Utility in Windows System Tools or using the Export feature of regedit.exe.


Recommendation 2: By trying to remove spy-ware from your PC without getting any help from an expert may produce unexpected results. In case you suspect that your PC is infected with some spy-ware, ad-ware, malware or virus, just follow the instructions available at http://how-to.scanspyware.net/diagnose-and-fix.html to contact us for abolutely FREE help.


Files

  • C:\Windows\System32\axe.exe
  • C:\Windows\1903cr.exe
  • C:\Windows\mshotfix.exe
  • C:\Windows\msupdate.exe
  • C:\Windows\twain_32.exe
  • C:\Windows\System32\wsman32.exe
  • C:\cab.exe
  • C:\Windows\System32\comnt32.dll
  • C:\exec.exe
  • C:\Windows\System32\iprotect.exe
  • C:\Windows\System32\security32.exe
  • C:\spooler.exe
  • C:\registry.pif
  • C:\winsecure.exe
  • C:\Windows\System32\memorymanager.pif
  • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\default.scr
  • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\usbwin32.exe
  • C:\criticalupdate.exe
  • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\highspeed-cable.exe
  • C:\Documents and Settings\user-account-name\Local Settings\Temp\kgjwc.exe

Registry Keys

  • HKEY_CLASSES_ROOT\CLSID\{1BB87441-6B7F-4B60-885C-B7AF9F9AFDE3}
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{1BB87441-6B7F-4B60-885C-B7AF9F9AFDE3}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{77566C2A-2987-44BC-AC81-A02D19EE271B}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C0DADD7E-D3F1-430D-B735-39DC6033592C}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB87441-6B7F-4B60-885C-B7AF9F9AFDE3}
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1BB87441-6B7F-4B60-885C-B7AF9F9AFDE3}
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ASecurity32
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ASecurity32
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASecurity32
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASecurity32
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ASecurity32
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASecurity32

Registry Values

  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\RegistryMonitor
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Microsoft Cab Manager
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Windows Security Manager
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Microsoft Security Update
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Microsoft Security Hot Fix Update
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Security Manager
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Windows Security Manager
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MS_Critical_Update

Registry Data

  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\LOAD, (REG_SZ:Memory Manager), (REG_SZ:)

Clsids

  • {1BB87441-6B7F-4B60-885C-B7AF9F9AFDE3}