Hi, *Affect OS:* Windows NT4, 2000, XP, 2003 *Attack From:* Remote *Impact:* Gain System Privileges *Type:*Adware <http://www.spywareguide.com/category_show.php?id=5> Program that delivers advertisements on your PC.
Note that many websites have their own advertising, unrelated to adware. Adware is any software application in which advertising is displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen and sometimes through text links or in integrated search results. Adware may or may not track personal information. It may also gather information anonymously or in aggregate only. Users should check the EULA and Privacy policy to ensure if the adware on their machines conforms to their standards. *Description:* CashDeluxe is a Trojan that runs in the background, falsely alerting the user that the computer is infected with spyware. This trojan will then advise the user to download an affiliated rogue Anti-Spyware product. Other acivities that this Trojan will carry out include downloading and installing other malicious files. *Solution:* Remove CashDeluxe: 1. Click "Start", "Run" then type in "regedit.exe" and hit enter. 2. Locate the following registry key and delete it: *Hive: *HKEY_LOCAL_MACHINE *Path: *SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\ *Key: *DeluxeNetwork 3. Reboot your system. 4. Locate and delete: %SystemRoot%\system32\cuid32.bin %SystemRoot%\system32\updf1.dll *Disclaimer:* The information in the database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. *Comment*: This adware program is often times installed with other trojans. The major threat this infection poses rests in the Browser Helper Objects section in the registry. These values point to winapi32.dll which lies in the system32 folder -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
