Trojan.Mayachok 1

Try to clean the file in the folder Windows->system32->drivers->etc->hosts
Although unlikely to help, try to reinstall the browser before this polnostu removing it, in short purecoverage the best I can...
To dig deeper into the registry
If you will not find anything reinstall Windows, I have problems with no anti-virus solve.

And Enable proxy servers with them,the Internet speed will become several times more and everything like that it is generally Yuk it up., the proxy servers can slow down, but not to accelerate the speed of the Internet.

STALKER OF FREEDOM
Now I'm scanning the computer AVZ,hopefully will help you with the browser to sit it is impossible,lag, really,and nothing download impossible.
it is generally Yuk it up., the proxy servers can slow down, but not to accelerate the speed of the Internet.
So I think so too,how you have to be an idiot to write it,and not provide that they slow down the Internet speed and also in the browser settings can include them for free,by the way there is still written that their proxy cost 10 rubles a day x) by the Way,googled where it was found that the beacon 1 Trojan steals money from wallets,if I'm on the current Windows never came on the purse and just wrote his number and password,he can steal my penny?(well, not penny...RR 5 there is a maximum lies :D and,maybe more,will look at the dollar,say.Everything looked.I have in the account 12 rubles 85 kopecks :3)
By the way wanted to download antivirusnuu tool Kaspersky - Kaspersky Removal Tul(Sorry,that in Russian,the incentive language input only through the chat switches) So even the website of Kaspersky is not running.IE also can't get to one site.Downloaded ognelis(udivitelno,but the page load use Firefox somehow worked)To use Firefox instead of the pages displays their source code.Chrome not loading just a single page,even the visual tab and the Google :D
By the way,STALKER OF FREEDOM,I wanted to ask,but you've seen the Beacon 1?
And finally,I read somewhere(on the PG blogs) that this virus has infected more than 20 thousand sites on the Internet,and usually sneaks onto PC in the form of driver for your video card or a webcam,but to me it came in the form of a patch,in the most unexpected form,that is to say :(
edit.More googling,looks like you were right,it can be removed by digging and the registry.
Here the method of disposal,he is not yet checked,it's late,there is all information about it.
Trojan.Mayachok.1 - What is it and how to deal with it?
Manual removal Trojan.Mayachok.1

trojan.win32.ddox.ci is a trojan.mayachok.1, trojan.mayachok.550, trojan.win32.cidox trojan.win32.zapchast.feh, trojan:Win32/Vundo.OD, trojan.Win32.Mondere, remove trojan.Generic.KDV.169924

Found the form of trojan.mayachok.550. The principle of removal of the same.

What is a Trojan.Mayachok.1 (aka trojan.win32.ddox.ci is a trojan.win32.cidox trojan.win32.zapchast.feh, trojan:Win32/Vundo.OD, trojan.Win32.Mondere trojan.Generic.KDV.169924)? The descriptions of the Dr resource.Web is:

Quote
The Trojan, which steals money from the accounts of clients of mobile operators, offering users reply to an incoming SMS message.


Trojan.Mayachok.1 is the file .dll is dynamic - link library that once installed is loaded into the address space of the memory of all running processes (the installation process ends with a forced reboot), so when you scan with system antivirus in normal mode, the Trojan is often seen user like sitting in various files and moving from one file to another. It may seem that Trojan.Mayachok.1 infect files, but actually it is not.

What happens after infection? Description of the habits of malware by Dr.Web in sufficient detail so won't repeat myself, from myself I will only add that often the victim is faced with the following challenges:

// Substitution of required pages for internet.com Rostelecom Channel overloaded, Confirm the identity of the account and the like;

// Complete inability to get online with any browser, or instead of the normal site loading opening pages is the appearance of the source code;

// Lock run different programs in normal mode, in safe, usually works.

So found out we do have a Trojan.Mayachok.1 How to treat? No need to download a large variety of antivirus software and can spend hours checking in the hope that will help any of this - neither one or the other. There is such a possibility, but in some cases, the Trojan though, and is determined by the antivirus, but it turns out he couldn't handle the next tests we see it again and again. Do not despair, all is actually very simple:

1. Open registry editor: press start => Run enter command: regedit, press enter. Then we find a branch:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
parameter AppInit_DLLs

Look at the value of this parameter. If you see an entry similar to this:
AppInit_DLLs = C:\windows\system32\tvhihgf.dll

(except tvhihgf.dll the file name can consist of any of the seven other Latin characters) - delete it (the file name make a note of that then it's easy to find). The parameter AppInit_DLLs leave, remove only the value.

Incorrect action when editing the registry may severely damage your system!




2. Reboot. Is mandatory time!

3. Searched this file on the disk and also deleted. This is our Trojan.Mayachok.1.

4. Find and delete created simultaneously with the tvhihgf.dll or later (look by date) files with the file extension .from tmp directory C:\windows\system32 and C:\windows\SYSWOW64 (on 64 bit systems). This backup Trojan.Mayachok.1.



5. Again reboot and enjoy unhindered access to favorite sites.

Attention! Before you delete any entry in the AppInit_DLLs, be sure to Google it, because this parameter may be prescribed and it is a legitimate program. If the AppInit_DLLs are some of the files - to find information on each, and remove only Trojan is the key.


For users of x64 bit systems:

The Trojan is in the directory C:\windows\SYSWOW64

Registry editor, responsible for 32-bit components in 64 bit systems, is located in the directory C:\windows\SysWOW64
To run it through the menu start - to Carry you need to specify the full path:
%SystemRoot%\SysWOW64\regedit.exe



By default on x64 bit systems, the editor is started from the directory C:\windows te is responsible for 64 bit components. It also has a 32 bit section - HKLMSOFTWAREWow6432Node, that is, you need to check including branch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows

*********************************************************************************************
Frequently asked questions

I removed the key from the registry, but did not remember and did not record the name of the Trojan file. Now how to find it?

Using windows search, locate any created on the date of the infected files with the file extension .dll in the folder %windir%system32 and %windir%\SYSWOW64. Trojan.Mayachok.1 has a name consisting of seven lowercase Latin letters, and size 42 to 56 kb. All the suspicious files check for service virustotal.com. The Trojan file will be defined by antiviruses. Also, when you search on Google, the name Trojans .dll will have no match (rarely happens 1-2 matches, and usually they are on topics where it is mentioned Trojan.Mayachok.1).

And temporary files can delete with the command (paste in a command prompt):
del %windir%\system32\*.tmp /q

press enter.

For 64 bit systems:
del %windir%\syswow64\*.tmp /q


How to use windows search?

In the folder menu, select View - the Explorer - Search, or press F3 or ctrl and E

I by mistake deleted the Trojan from the registry key with AppInit_DLLs. What happens now?

The performance of the system is not affected. If this option is in addition to Trojan records present other, such as writing legal software, their functionality may be broken, so such programs should be reinstalled. Normally, when you install just select the repair option (repair).

When you try to make changes to the registry I get the message access Denied

First of all, make sure that you are running under an administrator account (perform actions as administrator). Expand the registry subkey that you want to make changes. From the context menu or the menu edit, select Permissions. Click Advanced tab Owner. Assign yourself as the new owner. On the tab Security owner must be assigned to the right - full access.

As necessary, answers to questions will be added, ask them in this thread.
*********************************************************************************************

If you find it difficult to understand yourself, visit one of these online resources providing free online antivirus help, in the author's opinion credible. The author has no relations to these resources

edit(11.02.12|11:33) Guys,the way really works,finally went with a favourite Opera, by the Way,I gave the virus its name pavwgoa.dll

YYYYY
YYYYY wrote:
By the way,I gave the virus its name pavwgoa.dll
Unique to the virus