Custom Cleaners are usually required for two specific cases of computer infection: Infections for which most antivirus or spyware scanners do not initially provide automatic cures, and for infections that have been designed to evade all cleaning attempts. For such infections, specialists write custom programs for their customers. The patent pending cleaning process starts by sending technicians a snapshot of what is on the computer system, such as what processes are running, what programs are starting up with the computer, browser helper objects that may be present, and a few other key features for them to analyze. The technician can then create a customized cleaner for that computer and that computer only. This is custom code that creates a program that is sent to the original computer to specifically cure, clean and delete any infection present.

The top 10 infections were:

1. Trojan.PWS.Alanchum:
Trojan.PWS.Alanchum loads on system startup and injects itself into Windows processes. Downloads and executes remote files. Alanchum can disable your antivirus software, or crash a scanner once one of the infected files is touched.

2. Trojan.Downloader.1242
(Wininet Infection)
Trojan.Downloader.1242 infects the system’s wininet file. This is a critical system file. When this infection first came out, there were a few companies that found out the hard way that the infection was not easy to clean. If handled improperly, the cleaning of this infection could cause problems with a computer system, such as not being able to boot into safe mode, or if handled very poorly, not being able to boot at all. Our research team worked diligently on this infection and was able to create a cleaner that would clean the infection with no side effect to the systems functionality.

3. Adware.Look2Me
Adware.Look2Me loads in the Windows Shell (Explorer.exe) as well as Winlogon and a few other vital processes. It has watcher files that ensure the “safety” of the infection. If a part of it gets removed, it will replace it. It can prevent the cleaning of itself, as well as any other infection by restricting the ability of antivirus and anti-spyware programs and not allowing them to load the processes that they need to clean the infection. Adware.Look2Me was active for much of 2006.

4. Trojan.DnsChange
Trojan.DnsChange has the functionality to access the internet and communicate with a remote server via HTTP. It modifies the Windows Registry by changing DNS entries, so that it can communicate with remote servers. It can download files from a remote server and may execute them. DnsChange may modify the Window’s System Restore Area, causing it to create infected restore points.

5. Trojan.Virtumod
Trojan.Virtumod is downloaded by other Trojans and generates popup advertisements on the infected computer. It also installs itself into the infected computers registry and injects itself into the computer’s shell (explorer.exe) so that it can silently run on the infected computer.

6. Trojan.Popuper
Trojan.Popuper Spyware installs malicious files as well as rogue anti-spyware and antivirus applications. Popuper creates a system tray icon that tells the user that they are infected and prompts them to install a variety of rogue protection software. Trojan.Popuper can be installed in a number of ways, most commonly through a false codec package like Media-Codec, PCodec, IntCodec, ZipCodec and SoftCodec. There are also other applications that it masquerades as, such as Public Messenger, Safety Bar, Safety Alerter 2006, and X Password Manager. Some of the rogue protection software that Trojan.Popuper has installed includes; AntiVermins, WinFixer, Spyware Heal, MalwareWiped, SpyMarshal, and VirusBurst.

7. BackDoor.IRC.Sdbot.151:
Backdoor.IRC.Sdbot.151 downloads other virus infections. This virus opens a back door on the system to allow other malicious infections. The backdoor trojan harvests personal data and transmits it to remote computers.

8. AntiSpywareBox.com Hijacker:
AntiSpywareBox.com Browser Hijacker will hijack a user’s browser to AntiSpywareBox.com and install a rogue anti-spyware application. It will display popups for the rogue application as well as false system error messages to make it appear that the user is infected.

9. Win32.IRC.Bot:
Win32.IRC.Bot transmits personal data to remote computers, logs browsing habits, and changes the browser home page. It spreads through chat programs, creates new files that mimic legitimate file names.

10. Qoologic / Web Nexus Network
Web Nexus Network and Qoologic are basically one in the same, just called by different names on occasion. Both display popup advertisements and connect to remote servers. Qoologic has also been known to hijack browsers. These infections can be installed on their own or come bundled with third-party applications.

(Webmaster Note: None of the virii listed in this article can infect an Apple Macintosh computer running Mac OS X)