> Spyware Encyclopedia Page 88 > MoneyTree

MoneyTree removal

Spyware MoneyTree Information
Name: MoneyTree Category: Dialer Date: 2003-08-14 Coded in: Visual C Dangerous: Yes

MoneyTree is Dialer which is malware.
MoneyTree is an ActiveX control used to download premium-rate dialers, generally for porn sites. Dialers are used by a bunch of web sites, such as hotactiondating.com Installing it is highly not recommended.

This Dialer is also known as:

•Active Alert.
• All-In-One Telcom.
• Backdoor.Blarul.b - named by Kaspersky.
• Bck/Blarul.A - named by Panda.
• Dial/DyFuCA-A - named by a.
• DyFuCA_BH Module.
• Internet Optimizer.
• InternetOptimizer.
• Internet-Optimizer.
• MoneyTree/DyFuCa.
• MoneyTree/MultiDist.
• MoneyTree/NSLite.
• MoneyTree/NSUpdate.
• MoneyTree/UniDist.
• Proclaim Telcom.
• Spyware/Dyfuca - named by Panda.
• Spyware/SafeSurf - named by Panda.
• TrojanDownloader.Win32.Dyfuca.ac - named by a.
• TrojnDownloder.Win32.Dyfuc.k.
• TrojanDownloader.Win32.Dyfuca.d - named by Kaspersky.
• TrojanDownloader.Win32.Dyfuca.j - named by Kaspersky.
• TrojanDownloader.Win32.Dyfuca.q - named by Kaspersky.
• Win32/Blarul.B trojan - named by Eset.

>> Delete MoneyTree automatically - Download Spyware Doctor

MoneyTree Removal Instructions
Kill the following processes 5bc2a0cc5720bf5f1b1c54bbbfc7f612.exe, 644cb054e1fe6e18505d548f93bfb90b.exe, aaec91ad3637826c6879a51ebd7b9e31.exe, actalert.exe, blss.exe, installer.exe, optimize.exe, stmtdlr.exe, safesurfing.exe, ssuninstall.exe, ssupdate.exe, msg2090.tmp10730720494655.exe, view_sex_now.exe
Unregister the following DLLs and reboot iopti130.dll, istbar.dll, nem207.dll, nem210.dll, nem214.dll, safesurfing.dll, ssurf022.dll, trojandownloader.win32.dyfuca.aa.dll, trojandownloader.win32.dyfuca.j.dll, trojandownloader.win32.dyfuca.k.dll, trojandownloader.win32.dyfuca.q.dll, trojandownloader.win32.dyfuca.r.dll, trojandownloader.win32.dyfuca.t.dll, trojandownloader.win32.dyfuca.w.dll, trojandownloader.win32.dyfuca.z.dll, wsem210.dll, wsem300.dll. opti130.dll in Windows\system32\ opti130.dll in Windows\system\
Delete these registry entries HKEY_CLASSES_ROOT\clsid\{405fd721-04ef-4ef2-ab96-fb31d32d4643} HKEY_CLASSES_ROOT\clsid\{a0f0d762-d1de-43af-b70e-d87864743eb3} HKEY_CLASSES_ROOT\clsid\{bf279130-3f58-4e26-8043-cd5688a4d4c9} HKEY_CLASSES_ROOT\clsid\{c89bb48c-15d9-4f4f-803e-95d90f62be62} HKEY_CLASSES_ROOT\clsid\{e8edb60c-951e-4130-93dc-faf1ad25f8e7} HKEY_CLASSES_ROOT\clsid\{fc87a650-207d-4392-a6a1-82adbc56fa64} HKEY_CLASSES_ROOT\interface\{563e5df0-2c1c-4513-bbf5-d380536bb8fc} HKEY_CLASSES_ROOT\interface\{9f2c17ac-9aa4-4c3a-82c7-ea7bcf00f03d} HKEY_CLASSES_ROOT\interface\{ca7ccb52-6922-47e5-b784-3a3f82c51863} HKEY_CLASSES_ROOT\interface\{f332d106-2ef3-45c4-baf2-0f739d76b26a} HKEY_CLASSES_ROOT\multidist.multidistctrl.1 HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{f7f808f0-6f7d-442c-93e3-4a4827c2e4c8} HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc} HKEY_CLASSES_ROOT\typelib\{11b6f65d-7b8d-43cb-9aae-17234a1db33a} HKEY_CLASSES_ROOT\typelib\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} HKEY_CLASSES_ROOT\typelib\{96b01a48-1317-4a87-91f7-10116f755705} HKEY_CLASSES_ROOT\typelib\{d8e25c53-9508-4f5c-9249-d98d438891d5} HKEY_CLASSES_ROOT\typelib\{f7f808f0-6f7d-442c-93e3-4a4827c2e4c8} HKEY_CLASSES_ROOT\unidist.unidistctrl.1 HKEY_CURRENT_USER\software\fci HKEY_LOCAL_MACHINE\software\classes\clsid\{f7f808f0-6f7d-442c-93e3-4a4827c2e4c8} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{e8edb60c-951e-4130-93dc-faf1ad25f8e7} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{fc87a650-207d-4392-a6a1-82adbc56fa64} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/muldist.ocx HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/unidist.ocx HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\windows\downloaded program files\muldist.ocx HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\windows\downloaded program files\unidist.ocx
Remove the following files 5bc2a0cc5720bf5f1b1c54bbbfc7f612.exe, 644cb054e1fe6e18505d548f93bfb90b.exe, aaec91ad3637826c6879a51ebd7b9e31.exe, actalert.exe, blss.exe, cln4380.tmp, installer.exe, iopti130.dll, istbar.dll, nem207.dll, nem210.dll, nem214.dll, optimiser.msg, optimize.exe, safesurfing.dll, safesurfing.exe, ssurf022.dll, trojandownloader.win32.dyfuca.aa.dll, trojandownloader.win32.dyfuca.j.dll, trojandownloader.win32.dyfuca.k.dll, trojandownloader.win32.dyfuca.q.dll, trojandownloader.win32.dyfuca.r.dll, trojandownloader.win32.dyfuca.t.dll, trojandownloader.win32.dyfuca.w.dll, trojandownloader.win32.dyfuca.z.dll, view_sex_now.exe, wsem210.dll, wsem300.dll. stmtdlr.exe in Program Files\dialers\ muldist.inf, muldist.ocx, nsliteupdatectrl class, nsupdatelitectrl class, unidist.inf, unidist.ocx in Windows\downloaded program files\ opti130.dll in Windows\system32\ opti130.dll, ssuninstall.exe, ssupdate.exe in Windows\system\ msg2090.tmp10730720494655.exe in Windows\temp\

Bookmark MoneyTree page

Previous Spyware: Remove Monator 3.5

Next Spyware: Remove MoneyTree.DyFuCA