Home > New Threats > Remove Vapsup – Overview and Removal Guide

Remove Vapsup – Overview and Removal Guide

July 6th, 2009
Goto comments Leave a comment

quick-look

Vapsup
Win32/Vapsup, FakeAlert-R.dll
 ★★★★★★★★★☆ 
Trojan
1. Records keystrokes and send the logs to a third party
  2. Masquerades as a legitimate program and hides itself from you as the user.
  3. Can change your PC’s security settings, allowing adware to be installed.
  4. Saps system function and stays resident in the background.

Click here for your removal guide.

overview-white

If you have found this site, it’s because your computer is probably infected with the Vapsup Trojan threat.

First things first, don’t panic!

Vapsup is one of the more prevalent malware threats on the Internet today and can have serious implications both for your PC’s security and your online life. Although dangerous, Vapsup is easily detected and removed using a legitimate anti-malware tool. Everything that you need to remove this threat can be found here: Automatic Malware Removal Guide.

What is Vapsup, and What Does It Do?

Vapsup falls into the Trojan category of the malware family. Trojans do a great job in pretending that they are legitimate programs and normally install themselves onto your computer by piggy-backing off the downloads of untrusted freeware or shareware programs. Trojans carry what are known as payloads – groups of malicious programs that install themselves onto your computer that serve unwanted ads right up to recruiting your PC as part of a botnet — allowing your PC to be controlled by a third party.

Vapsup has two major functions. Firstly, it installs an adware program that serves the user with unwanted popup ads or redirects requests to popular web pages to phishing sites or other sites of commercial nature. Secondly, it installs spyware onto your PC that records keystrokes and sends the file logs to an unknown recipient, somewhere on the Internet. If this sounds dangerous, it’s becasue it is! This type of malware is a major driver of online identity theft and can readily compromize your online security as well as your usernames, passwords and other personal information.

What Should You Do Now?

Vapsup is a dangerous malware threat and can have serious effects on your online and offline life – It is strongly recommended that you get rid of this Trojan immeditately.

Our easy to follow guide will take you through the steps that you’ll need to follow to permanently delete this threat from your computer.

Click here for your removal guide.

removal-options

Automatic Removal (Recommended)

Using a dedicated anti-malware tool is the quickest, easiest and most convenient way of removing this threat as well as the added benefit of protecting your computer from future infections.

Our simple six-step guide will have your computer back to you as good as new in less than ten minutes so you can spend less time worrying about malware and more time enjoying your PC and the Internet.

Click here for your removal guide.

 

related-articles4

Four Ways Trojans Work To Compromise Your Online Safety

 

threat-properties

Registry Keys Created

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41B2F79F-05DE-4D34-85C5-6040D42351C9}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41B2F79F-05DE-4D34-85C5-6040D42351C9}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41B2F79F-05DE-4D34-85C5-6040D42351C9}\ProgID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41B2F79F-05DE-4D34-85C5-6040D42351C9}\Programmable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41B2F79F-05DE-4D34-85C5-6040D42351C9}\TypeLib
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41B2F79F-05DE-4D34-85C5-6040D42351C9}\VersionIndependentProgID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{723C510E-A9D3-4F98-865D-2EFEE8093DE7}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{723C510E-A9D3-4F98-865D-2EFEE8093DE7}\ProxyStubClsid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{723C510E-A9D3-4F98-865D-2EFEE8093DE7}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{723C510E-A9D3-4F98-865D-2EFEE8093DE7}\TypeLib
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BD955A9-816E-4C5F-964C-94B22EA7F0F1}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BD955A9-816E-4C5F-964C-94B22EA7F0F1}\ProxyStubClsid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BD955A9-816E-4C5F-964C-94B22EA7F0F1}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BD955A9-816E-4C5F-964C-94B22EA7F0F1}\TypeLib
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{024793DD-3BF8-4364-B800-676427A8263E}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{024793DD-3BF8-4364-B800-676427A8263E}\1.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{024793DD-3BF8-4364-B800-676427A8263E}\1.0\0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{024793DD-3BF8-4364-B800-676427A8263E}\1.0\0\win32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{024793DD-3BF8-4364-B800-676427A8263E}\1.0\FLAGS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{024793DD-3BF8-4364-B800-676427A8263E}\1.0\HELPDIR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41B2F79F-05DE-4D34-85C5-6040D42351C9

Registry Values Created

  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41B2F79F-05DE-4D34-85C5-6040D42351C9}\VersionIndependentProgID]
    • (Default) = “QXK.Olive”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41B2F79F-05DE-4D34-85C5-6040D42351C9}\TypeLib]
    • (Default) = “{024793DD-3BF8-4364-B800-676427A8263E}”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41B2F79F-05DE-4D34-85C5-6040D42351C9}\ProgID]
    • (Default) = “QXK.Olive”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41B2F79F-05DE-4D34-85C5-6040D42351C9}\InprocServer32]
    • (Default) = “[file and pathname of the sample #1]“
    • ThreadingModel = “Apartment”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41B2F79F-05DE-4D34-85C5-6040D42351C9}]
    • (Default) = “QXK Olive”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{723C510E-A9D3-4F98-865D-2EFEE8093DE7}\TypeLib]
    • (Default) = “{024793DD-3BF8-4364-B800-676427A8263E}”
    • Version = “1.0″
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{723C510E-A9D3-4F98-865D-2EFEE8093DE7}\ProxyStubClsid32]
    • (Default) = “{00020424-0000-0000-C000-000000000046}”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{723C510E-A9D3-4F98-865D-2EFEE8093DE7}\ProxyStubClsid]
    • (Default) = “{00020424-0000-0000-C000-000000000046}”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{723C510E-A9D3-4F98-865D-2EFEE8093DE7}]
    • (Default) = “Iarmt”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BD955A9-816E-4C5F-964C-94B22EA7F0F1}\TypeLib]
    • (Default) = “{024793DD-3BF8-4364-B800-676427A8263E}”
    • Version = “1.0″
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BD955A9-816E-4C5F-964C-94B22EA7F0F1}\ProxyStubClsid32]
    • (Default) = “{00020420-0000-0000-C000-000000000046}”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BD955A9-816E-4C5F-964C-94B22EA7F0F1}\ProxyStubClsid]
    • (Default) = “{00020420-0000-0000-C000-000000000046}”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BD955A9-816E-4C5F-964C-94B22EA7F0F1}]
    • (Default) = “_IarmtEvents”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{024793DD-3BF8-4364-B800-676427A8263E}\1.0\0\win32]
    • (Default) = “[file and pathname of the sample #1]“
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{024793DD-3BF8-4364-B800-676427A8263E}\1.0\HELPDIR]
    • (Default) = “”
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{024793DD-3BF8-4364-B800-676427A8263E}\1.0\FLAGS]
    • (Default) = “0″
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{024793DD-3BF8-4364-B800-676427A8263E}\1.0]
    • (Default) = “armt TL”
  1. No comments yet.
Privacy Statement & General DisclaimerComputer Blogs - BlogCatalog Blog Directoryblogarama - the blog directoryBlog Directory