Virtual Maid Fix (Virtual Maid.dll, searchmaid.com)


	Patchs for virus
	Tutorials
	Tips
	Forum
	Windows Optimum
	USB FireWall
	Boost Google Search

	Information
	A virus integrates into Internet Explorer and changes the Internet Explorer settings such as the home page or security settings. Can also open popups. The fix removes the virus Virtual Maid and restore Internet Explorer settings. Alias : Adware.Virtual_Maid [PCTools] not-a-virus:AdWare.Win32.MaidBar.d [Kaspersky Lab] Adware.SearchMaid [Symantec]
	File
	<System>\perfcii.ini <Program Files >\Virtual Maid\1.bmp <Program Files >\Virtual Maid\2.bmp <Program Files >\Virtual Maid\logo.bmp <Program Files >\Virtual Maid\uninstall.bat <Program Files >\Virtual Maid\Virtual Maid.dll <Program Files >\Virtual Maid\Virtual Maid.xml
	Registry
	Keys created HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}\Implemented Categories HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}\ProgID HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}\Programmable HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}\TypeLib HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}\VersionIndependentProgID HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20}\ProgID HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20}\Programmable HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20}\TypeLib HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20}\VersionIndependentProgID HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{835BAA68-B5E5-47D5-A18D-2A4E0F5B72D5} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{835BAA68-B5E5-47D5-A18D-2A4E0F5B72D5}\ProxyStubClsid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{835BAA68-B5E5-47D5-A18D-2A4E0F5B72D5}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{835BAA68-B5E5-47D5-A18D-2A4E0F5B72D5}\TypeLib HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB2DDE8C-CBFF-491A-9825-87B8BB4CBFE0} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB2DDE8C-CBFF-491A-9825-87B8BB4CBFE0}\ProxyStubClsid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB2DDE8C-CBFF-491A-9825-87B8BB4CBFE0}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB2DDE8C-CBFF-491A-9825-87B8BB4CBFE0}\TypeLib HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{42C7653A-5834-45A1-899A-ED0DFA370D21} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{42C7653A-5834-45A1-899A-ED0DFA370D21}\1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{42C7653A-5834-45A1-899A-ED0DFA370D21}\1.0\0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{42C7653A-5834-45A1-899A-ED0DFA370D21}\1.0\0\win32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{42C7653A-5834-45A1-899A-ED0DFA370D21}\1.0\FLAGS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{42C7653A-5834-45A1-899A-ED0DFA370D21}\1.0\HELPDIR HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoVM.ContextItem HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoVM.ContextItem\CLSID HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoVM.ContextItem\CurVer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoVM.ContextItem.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoVM.ContextItem.1\CLSID HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VM.VMObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VM.VMObj\CLSID HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VM.VMObj\CurVer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VM.VMObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VM.VMObj.1\CLSID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virtual Maid HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&RSDN Search HKEY_CURRENT_USER\Software\Virtual Maid HKEY_CURRENT_USER\Software\Virtual Maid\Virtual Maid HKEY_CURRENT_USER\Software\Virtual Maid\Virtual Maid\Historyfiles HKEY_CURRENT_USER\Software\Virtual Maid\Virtual Maid\Historys1 Values created [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}\VersionIndependentProgID] (Default) = "VM.VMObj" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}\TypeLib] (Default) = "{42C7653A-5834-45a1-899A-ED0DFA370D21}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}\ProgID] (Default) = "VM.VMObj.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}\InprocServer32] (Default) ="C:\PROGRAM FILES\VIRTUAL MAID\VIRTUAL MAID.DLL" ThreadingModel = "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}] (Default) = "Virtual Maid" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20}\VersionIndependentProgID] (Default) = "GoVM.ContextItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20}\TypeLib] (Default) = "{48DA6120-A779-4c12-8584-47B625EFB469}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20}\ProgID] (Default) = "GoVM.ContextItem.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20}\InprocServer32] (Default) = "C:\PROGRAM FILES\VIRTUAL MAID\VIRTUAL MAID.DLL" ThreadingModel = "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20}] (Default) = "ContextItem Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{835BAA68-B5E5-47D5-A18D-2A4E0F5B72D5}\TypeLib] (Default) = "{42C7653A-5834-45A1-899A-ED0DFA370D21}" Version = "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{835BAA68-B5E5-47D5-A18D-2A4E0F5B72D5}\ProxyStubClsid32] (Default) = "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{835BAA68-B5E5-47D5-A18D-2A4E0F5B72D5}\ProxyStubClsid] (Default) = "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{835BAA68-B5E5-47D5-A18D-2A4E0F5B72D5}] (Default) = "IContextItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB2DDE8C-CBFF-491A-9825-87B8BB4CBFE0}\TypeLib] (Default) = "{42C7653A-5834-45A1-899A-ED0DFA370D21}" Version = "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB2DDE8C-CBFF-491A-9825-87B8BB4CBFE0}\ProxyStubClsid32] (Default) = "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB2DDE8C-CBFF-491A-9825-87B8BB4CBFE0}\ProxyStubClsid] (Default) = "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB2DDE8C-CBFF-491A-9825-87B8BB4CBFE0}] (Default) = "IVMObj" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{42C7653A-5834-45A1-899A-ED0DFA370D21}\1.0\0\win32] (Default) = "%ProgramFiles%\Virtual Maid\Virtual Maid.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{42C7653A-5834-45A1-899A-ED0DFA370D21}\1.0\HELPDIR] (Default) = "%ProgramFiles%\Virtual Maid\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{42C7653A-5834-45A1-899A-ED0DFA370D21}\1.0\FLAGS] (Default) = "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{42C7653A-5834-45A1-899A-ED0DFA370D21}\1.0] (Default) = "VM 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoVM.ContextItem\CurVer] (Default) = "GoVM.ContextItem.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoVM.ContextItem\CLSID] (Default) = "{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoVM.ContextItem] (Default) = "ContextItem Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoVM.ContextItem.1\CLSID] (Default) = "{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoVM.ContextItem.1] (Default) = "ContextItem Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VM.VMObj\CurVer] (Default) = "VM.VMObj.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VM.VMObj\CLSID] (Default) = "{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VM.VMObj] (Default) = "Virtual Maid" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VM.VMObj.1\CLSID] (Default) = "{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VM.VMObj.1] (Default) = "Virtual Maid" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] Local Page = "http://www.searchmaid.com/" Search Bar = "http://searchmaid.com/bar/index.html" Use Search Asst = "http://www.searchmaid.com/search.php?qq=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} = "Virtual Maid" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion] guid = "AA8214E9-C7E6-4b66-A049-19AD20944CBF" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virtual MaidVirtual Maid] DisplayName = "Virtual Maid" UninstallString = ""%ProgramFiles%\Virtual Maid\uninstall.bat" "%ProgramFiles%\Virtual Maid"" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current] (Default) = "" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] Default_Page_URL = "http://www.searchmaid.com/" Search Bar = "http://searchmaid.com/bar/index.html" Use Search Asst = "http://www.searchmaid.com/search.php?qq=%s" Default_Search_URL = "http://www.searchmaid.com/search.php?qq=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] (Default) = "http://www.searchmaid.com/search.php?qq=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] {77B2F8DE-CB3F-4B6B-839B-807DD1ADBA1C} = DE F8 B2 77 3F CB 6B 4B 83 9B 80 7D D1 AD BA 1C [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&RSDN Search] (Default) = "res://C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL/GoVM.dll.htm" Contexts = 0x00000030 [HKEY_CURRENT_USER\Software\Virtual Maid\Virtual Maid\Historyfiles] C:\PROGRA~1\VIRTUA~1\Virtual Maid.xml = 0x00000001 C:\PROGRA~1\VIRTUA~1\2.bmp = 0x00000001 C:\PROGRA~1\VIRTUA~1\1.bmp = 0x00000001 [HKEY_CURRENT_USER\Software\Virtual Maid\Virtual Maid] gUpdate = "0" NID = "" toolbar_id = "" Virtual Maid.xml = "168967278" 2.bmp = "53294105" 1.bmp = "535982682" showcorrupted = "1" updateVer = "" scope = "-1" OpenNew = "0" AutoComplete = "1" KeepHistory = "1" RunSearchAutomatically = "1" RunSearchDragAutomatically = "1" DescriptiveText = "1" ShowHighlightButton = "1" MicrosoftWeb = "1" GoogleWeb = "1" ShowFindButtons = "1" (Default) = "1" UpdateBegin = "0" LastCheckTime = 0x469C649B Values deleted [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] Local Page = "%SystemRoot%\system32\blank.htm" [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current] (Default) = "%SystemRoot%\media\Windows XP Menu Démarrer.wav" Values changed [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] Default_Page_URL = "http://www.searchmaid.com/" Default_Search_URL = "http://www.searchmaid.com/search.php?qq=%s" Search Page = "http://www.searchmaid.com/search.php?qq=%s" Start Page = "http://www.searchmaid.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] SearchAssistant = "http://www.searchmaid.com/search.php?qq=%s" CustomizeSearch = "http://www.searchmaid.com/search.php?qq=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] Local Page = "http://www.searchmaid.com/" Start Page = "http://www.searchmaid.com/" Search Page = "http://www.searchmaid.com/search.php?qq=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] {0E5CBF21-D15F-11D0-8301-00AA005B4383} = 21 BF 5C 0E 5F D1 D0 11 83 01 00 AA 00 5B 43 83 22 00 1C 00 08 00 00 00 06 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4C 00 00 00 01 14 02 00 00 00 00 00 C0 00 00 00 00 00 00 46 81 00 00 00 10 00 00 00 CE 10 18 3F 01 CE C6 01 58 61 AE 8 ITBarLayout = 11 00 00 00 36 00 00 00 00 00 00 00 34 00 00 00 1F 00 01 00 56 00 00 00 01 00 00 00 20 07 00 00 A0 0F 00 00 05 00 00 00 62 05 00 00 26 00 00 00 02 00 00 00 21 07 00 00 A0 0F 00 00 04 00 00 00 21 01 00 00 A0 0F 00 00 03 00 00 00 20 03 00 00 00 00 00 0
	ATTENTION
	Even if you can remove the virus by using an Antivirus application, it does not restore the Internet Explorer's settings from where the idea of using a patch.

	Link

Latest fixs:

cftmonn.exe (ksven, Autorun.dhl)
sbsm.exe, softhomepage.com (sbsm.dll,sbmdl.dll)
Virtual Made (Virtual Maid.dll, http://www.searchmaid.com)
VirusHeat (VirusHeat 4.3.exe, VirusHeat.exe)
MonaRonaDona (srvspool.exe, registrycleaner2008.exe)
Noooh (Sys.exe, ComSys.dll)
NetSky (FVProtect.exe,FirewallSvr.exe,netstats.exe) and all its variants
Tavo.exe (tavo0.dll, tavo1.dll) and all its variants
Patty.exe (S0UNDMANS.EXE,1sasrv.dll,adsldps.dll,twain.dll,realsched.exe)
Kxvo.exe and all its variants
Kavo.exe and all its variants
VirtuMonde (VirtuMondo, Vundo, TROJ_VUNDO, TROJ_MEREDROP,DL.Small.ADIB)
Sohanad fix (SCVVHSOT.exe, svchost.exe) (W32.Imaut.A, TROJ_AUTORUN.AH, Worm.Sohanad)
SdBot fix (ctfmonn.exe) (Backdoor.SdBot, Sdbot.worm.gen.a)
Amvo.exe (3o.exe, y82td3td.com, i.cmd, fppg1.exe, ekugb3.bat...) and its variants other than already proposed here