Archive for February, 2009

xivop.exe is a malware

Saturday, February 28th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: xivop
Filename: xivop.exe
Command: C:\WINDOWS\xivop.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [xivop] C:\WINDOWS\xivop.exe

Description: component of unknown malware

How to remove: Use HijackThis

qwbqgkxr.exe is a malware

Saturday, February 28th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: qwbqgkxr
Filename: qwbqgkxr.exe
Command: C:\WINDOWS\qwbqgkxr.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [MaG78PfJs] C:\WINDOWS\qwbqgkxr.exe

Description: component of unknown malware

How to remove: Use HijackThis

BHO module {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} is part of SPYW_IMISERV.C

Saturday, February 28th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

CLSID: {69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} – (no file)

Combofix/RSIT Line:
Description: part of SPYW_IMISERV.C, looks here

How to remove: Use HijackThis

uacinit.dll is a component of UACd.sys trojan/rootkit

Saturday, February 28th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: uacinit
Filename: uacinit.dll
Command: %windir%\System32\uacinit.dll
Startup Type: Driver
Description: component of UACd.sys trojan (windowsclick.com hijacker)

How to remove: How to remove windowsclick.com redirect [UACd.sys trojan]

m9ma.exe is Trojan/Win32.Inject.ldi (W32/Backdoor2)

Saturday, February 28th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: m9ma
Filename: m9ma.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e1c83a-e730-11dd-80d2-001731eea33c}

CLSID: {f2e1c83a-e730-11dd-80d2-001731eea33c}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e1c83a-e730-11dd-80d2-001731eea33c}]
shell\AutoRun\command – m9ma.exe
shell\explore\command – m9ma.exe
shell\open\command – m9ma.exe

Description: Trojan/Win32.Inject.ldi (W32/Backdoor2)

How to remove: How to remove trojans that uses autorun.inf file

nfdmg.com is Trojan.Win32.VB (virus)

Saturday, February 28th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: nfdmg
Filename: nfdmg.com
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0b9b731-e792-11dd-80d3-001731eea33c}

CLSID: {a0b9b731-e792-11dd-80d3-001731eea33c}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0b9b731-e792-11dd-80d3-001731eea33c}]
shell\AutoRun\command – nfdmg.com
shell\explore\command – nfdmg.com
shell\open\command – nfdmg.com

Description: Trojan.Win32.VB (virus)

How to remove: How to remove nfdmg.com – trojan that uses autorun.inf file

wcpfvd.dll is trojan

Saturday, February 28th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wcpfvd
Filename: wcpfvd.dll
Startup Type: AppInit DLLs
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: wcpfvd.dll

Description: component of a trojan

How to remove: Use HijackThis

ntdll64.dll is a trojan

Saturday, February 28th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ntdll64
Filename: ntdll64.dll
Command: c:\windows\temp\ntdll64.dll
Startup Type: LSP
HijackThis Category: O10
HijackThis Line:

O10 – Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll

Description: Trojan

How to remove: How to use LSP Fix to repair Winsock 2 settings

msiconf.exe is a trojan

Saturday, February 28th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: msiconf
Filename: msiconf.exe
Startup Type: HKUS->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User ‘Default user’)

Description: Trojan

How to remove: Use HijackThis

ExtSecurityCenter.exe is a component of VirusRemover2009

Saturday, February 28th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ExtSecurityCenter
Filename: ExtSecurityCenter.exe
Command: %programfiles%\VirusRemover2009\ExtSecurityCenter.exe
Description: component of VirusRemover2009
Notes:

ExtSecurityCenter.exe generates fake alerts, and the XP Security Center screen that looks like legitimate Windows Security Center

How to remove: How to remove VirusRemover2009 (Delete instructions)