PDA

View Full Version : Manual Removal Guide for Tuguu.VAFPlayer



Friday
2013-05-29, 12:56
The following instructions have been created to help you to get rid of "Tuguu.VAFPlayer" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).

Threat Details:

Categories:
malware

Description:
Tuguu.VAFPlayer pretends to be the Adobe Flashplayer to get downloaded and installed. The installer fraudulently tries to install various adware.
Removal Instructions:

Files:

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.3g2\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.3gp\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.3gp2\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.3gpp\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.aac\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.ac3\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.alac\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.amr\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.amv\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.ape\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.apl\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.avi\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.divx\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.dts\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.evo\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.flac\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.flv\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.hdmov\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.it\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.m1v\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.m2p\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.m2t\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.m2ts\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.m2v\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.m4a\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.m4v\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mka\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mkv\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mo3\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mod\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mov\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mp2v\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mp3\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mp4\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mp4v\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mpc\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mpe\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mpeg\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mpg\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mpv2\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mpv4\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mtm\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.mts\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.ofr\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.ofs\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.oga\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.ogg\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.ogm\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.ogv\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.pva\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.ra\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.rm\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.rmvb\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.s3m\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.tp\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.tpr\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.ts\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.umx\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.vob\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.webm\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.wmv\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.wv\".
Delete the registry key "VafPlayer" at "HKEY_CLASSES_ROOT\.xm\".
Delete the registry key "VAFPlayer" at "HKEY_CURRENT_USER\Software\Tuguu SL\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.3g2\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.3gp\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.3gp2\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.3gpp\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.aac\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.ac3\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.alac\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.amr\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.amv\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.ape\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.apl\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.avi\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.divx\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.dts\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.evo\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.flac\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.flv\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.hdmov\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.it\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.m1v\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.m2p\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.m2t\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.m2ts\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.m2v\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.m4a\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.m4v\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mka\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mkv\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mo3\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mod\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mov\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mp2v\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mp3\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mp4\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mp4v\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mpc\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mpe\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mpeg\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mpg\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mpv2\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mpv4\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mtm\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.mts\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.ofr\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.ofs\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.oga\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.ogg\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.ogm\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.ogv\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.pva\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.ra\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.rm\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.rmvb\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.s3m\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.tp\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.tpr\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.ts\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.umx\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.vob\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.webm\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.wmv\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.wv\".
Remove "VafPlayer" from registry value "" at "HKEY_CLASSES_ROOT\.xm\".
If Tuguu.VAFPlayer uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.