Archive for October, 2009

« Previous Entries
Next Entries »

What is servises.Exe, How to remove servises.Exe

Saturday, October 24th, 2009

servises.Exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: servises
Filename: servises.Exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | servises
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | servises
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | servises
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | servises

Command: C:\Windows\system32\servises.Exe
Startup Type: HKCU->Run, HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKCU\..\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKLM\..\Policies\Explorer\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKCU\..\Policies\Explorer\Run: [servises] C:\Windows\system32\servises.Exe

Description: trojan that installed with Antivirus System Pro (rogue antispyware program)

How to remove: use these Antivirus System Pro removal instructions.

Posted in O4, Policies\Explorer\Run, Rogue Antispyware/Antivirus, Run | No Comments »

What is SoftStronghold.exe, How to remove SoftStronghold.exe

Friday, October 23rd, 2009

SoftStronghold.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SoftStronghold
Filename: SoftStronghold.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SoftStronghold

Command: C:\Program Files\SoftStronghold Software\SoftStronghold\SoftStronghold.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SoftStronghold] C:\Program Files\SoftStronghold Software\SoftStronghold\SoftStronghold.exe -min

RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SoftStronghold”=C:\Program Files\SoftStronghold Software\SoftStronghold\SoftStronghold.exe [2009-10-24 830976]

Description: part of SoftStronghold. SoftStronghold is a rogue antispyware program.

How to remove: use these SoftStronghold removal instructions

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is freddy71.exe, How to remove freddy71.exe

Friday, October 23rd, 2009

freddy71.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy71
Filename: freddy71.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy71.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy71.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy71.exe [2009-10-20 55296]

Description: part of koobface worm

How to remove: use HijackThis + use Malwarebytes` Anti-malware

Posted in O4, Run, Worm | No Comments »

What is ld15.exe, How to remove ld15.exe

Friday, October 23rd, 2009

ld15.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ld15
Filename: ld15.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysldtray

Command: C:\windows\ld15.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysldtray] C:\windows\ld15.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysldtray”=C:\windows\ld15.exe [2009-10-20 38912]

Description: part of worm koobface

How to remove: use HijackThis + use Malwarebytes` Anti-malware

Posted in O4, Run, Worm | No Comments »

What is dnsq.dll, How to remove dnsq.dll

Friday, October 23rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: dnsq
Filename: dnsq.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS

Command: C:\WINDOWS\system32\dnsq.dll
Startup Type: AppInit_DLLs
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\dnsq.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\dnsq.dll”

Description: trojan, also known as W32.Pagipef, TSPY_ONLINEGA.AE, Trojan-PSW.Agent, Trojan-PSW.Win32.Agent.acp, Virus.Win32.Xorer.ee

How to remove: use Kaspersky virus removal tool

Posted in AppInit DLLs, O20, Trojan | No Comments »

What is vshost32.exe, How to remove vshost32.exe

Friday, October 23rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: vshost32
Filename: vshost32.exe
Command: C:\DOCUME~1\8E4B~1\LOCALS~1\Temp\vshost32.exe
Startup Type: system.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\8E4B~1\LOCALS~1\Temp\vshost32.exe,

How to remove: use HijackThis + use Malwarebytes` Anti-malware

Posted in F2, Trojan | No Comments »

What is rise.exe, How to remove rise.exe

Friday, October 23rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: rise
Filename: rise.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8396306-163b-11de-acda-001a4df2dae2}

Command: F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\rise.exe
CLSID: {b8396306-163b-11de-acda-001a4df2dae2}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8396306-163b-11de-acda-001a4df2dae2}]
shell\AutoRun\command – F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\rise.exe
shell\open\command – F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\rise.exe

Description: a trojan that uses autorun.inf file to spread itself

How to remove: use these autorun.inf trojans removal instructions, after that manually remove rise.exe

Posted in autorun.inf, Trojan | No Comments »

What is IAPro.exe, How to remove IAPro.exe

Friday, October 23rd, 2009

IAPro.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: IAPro
Filename: IAPro.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Internet Antivirus Pro

Command: command
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Internet Antivirus Pro] “c:\program files\Internet Antivirus Pro\IAPro.exe” /s

RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Internet Antivirus Pro”=c:\program files\Internet Antivirus Pro\IAPro.exe [2009-10-20 1567744]

Description: part of Internet Antivirus Pro. Internet Antivirus Pro is a rogue antispyware program.

How to remove: use these Internet Antivirus Pro removal instructions

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is SoftVeteran.exe, How to remove SoftVeteran.exe

Wednesday, October 21st, 2009

SoftVeteran.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SoftVeteran
Filename: SoftVeteran.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SoftVeteran

Command: C:\Program Files\SoftVeteran Software\SoftVeteran\SoftVeteran.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SoftVeteran] C:\Program Files\SoftVeteran Software\SoftVeteran\SoftVeteran.exe -min

RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SoftVeteran”=C:\Program Files\SoftVeteran Software\SoftVeteran\SoftVeteran.exe [2009-10-22 830976]

Description: component of SoftVeteran. SoftVeteran is a rogue antispyware program.

How to remove: use these SoftVeteran removal instructions

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is svcst.exe, How to remove svcst.exe

Tuesday, October 20th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: svcst
Filename: svcst.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | svchost

Command: C:\Documents and Settings\user\Application Data\svcst.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [svchost] C:\Documents and Settings\user\Application Data\svcst.exe

RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“svchost”=C:\Documents and Settings\user\Application Data\svcst.exe [2009-09-30 264192]

Description: component of trojan FakeAlert that installs rogue antispyware programs

How to remove: use Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

« Previous Entries
Next Entries »