Troj/Small-AP

Category:	Viruses and Spyware
Type:	Trojan
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Aliases

TrojanClicker.Win32.Small.aj

Characteristics

Reduces system security

Affected Operating Systems

Recovery Instructions:

Please follow the instructions for removing Trojans.

You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_CURRENT_USER entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\
Trust Providers\Software Publishing\Trust Database\0\
ppcimdnnnjbeahepfabjipfginloedkg egckak = "CDT inc."

HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\
Trust Providers\Software Publishing\Trust Database\0\
goicfboogidikkejccmclpieicihhlpo ejemdn = "MediaTickets"

HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\
Trust Providers\Software Publishing\Trust Database\0\
goicfboogidikkejccmclpieicihhlpo bihgbp = "Integrated Search Technologies"

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
MinLevel = "Code Download"

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Security_RunActiveXControls = dword:01000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Security_RunScripts = dword:01000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Safety Warning Level = "SucceedSilent"

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\blazefind.com\* = dword:00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\clickspring.net\* = dword:00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\flingstone.com\* = dword:00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\mt-download.com\* = dword:00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\my-internet.info\* = dword:00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\searchbarcash.com\* = dword:00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\searchmeup.cc\* = dword:00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\searchmiracle.com\* = dword:00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\skoobidoo.com\* = dword:00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\slotch.com\* = dword:00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\xxxtoolbar.com\* = dword:00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\Ranges\Range1\* = dword:00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\Ranges\Range1\:Range = "69.31.87.223"

and delete them if they exist.

Locate the following HKEY_CURRENT_USER entries and modify as indicated:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Trust Warning Level = "No Security"

right-click it and select 'Modify'. Replace "No Security" with "Medium" or "High". Click OK.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\
1004 = dword:00000000

right-click it and select 'Modify'. Replace "0" with "1". Click OK.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\
1201 = dword:00000000

right-click it and select 'Modify'. Replace "0" with "1". Click OK.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\
1C00 = dword:00000300

right-click it and select 'Modify'. Replace "300" with "30000". Click OK.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\
CurrentLevel = dword:00010000

right-click it and select 'Modify'. Replace "10000" with "0". Click OK.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\
Flags = dword:0000009b

right-click it and select 'Modify'. Replace the current entry with with "47". Click OK.

Locate the HKEY_LOCAL_MACHINE entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap\Domains\blazefind.com\* = dword:00000002

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains\clickspring.net\* = dword:00000002

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains\flingstone.com\* = dword:00000002

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains\mt-download.com\* = dword:00000002

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains\my-internet.info\* = dword:00000002

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains\searchbarcash.com\* = dword:00000002

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains\searchmeup.cc\* = dword:00000002

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains\searchmiracle.com\* = dword:00000002

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains\skoobidoo.com\* = dword:00000002

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains\slotch.com\* = dword:00000002

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Domains\xxxtoolbar.com\* = dword:00000002

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Ranges\Range1\* = dword:00000002

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ ZoneMap\Ranges\Range1\:Range = "69.31.87.223"

and delete them if they exist.

Locate the HKEY_USER entries:

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
MinLevel = "Code Download"

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Security_RunActiveXControls = dword:01000000

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Security_RunScripts = dword:01000000

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Safety Warning Level = "SucceedSilent"

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Trust Warning Level = "No Security"

and delete them if they exist.

Close the registry editor.

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/Small-AP

Aliases

Characteristics

Affected Operating Systems

Recovery Instructions:

Free Mac Anti-Virus

Popular topics