Archive for October, 2009
Saturday, October 17th, 2009
SoftCop.exe is a harmful program.
Name: SoftCop
Filename: SoftCop.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SoftCop
Command: C:\Program Files\SoftCop Software\SoftCop\SoftCop.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [SoftCop] C:\Program Files\SoftCop Software\SoftCop\SoftCop.exe -min
RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SoftCop”=C:\Program Files\SoftCop Software\SoftCop\SoftCop.exe [2009-10-17 830976]
Description: part of SoftCop. SoftCop is a rogue antispyware program.
How to remove: use these SoftCop removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | 4 Comments »
Thursday, October 15th, 2009
pcscout.exe is a harmful program.
Name: pcscout
Filename: pcscout.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | PC Scout
Command: C:\Program Files\PC Scout\pcscout.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [PC Scout] “C:\Program Files\PC Scout\pcscout.exe” -noscan
RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“PC Scout”=C:\Program Files\PC Scout\pcscout.exe [2009-10-16 6025216]
Description: component of PC Scout. PC Scout is a rogue antispyware program.
How to remove: use these PC Scout removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Thursday, October 15th, 2009
SoftSoldier.exe is a harmful program.
Name: SoftSoldier
Filename: SoftSoldier.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SoftSoldier
Command: C:\Program Files\SoftSoldier Software\SoftSoldier\SoftSoldier.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [SoftSoldier] C:\Program Files\SoftSoldier Software\SoftSoldier\SoftSoldier.exe -min
Description: main file of SoftSoldier. SoftSoldier is a rogue antispyware program.
How to remove: use these SoftSoldier removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Wednesday, October 14th, 2009
asecurity.exe is a harmful program.
Name: asecurity
Filename: asecurity.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Active Security
Command: C:\Program Files\Active Security\asecurity.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Active Security] “C:\Program Files\Active Security\asecurity.exe” -noscan
RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Active Security”=C:\Program Files\Active Security\asecurity.exe -noscan
Description: part of Active Security. Active Security is a rogue antispyware program.
How to remove: use these Active Security removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Tuesday, October 13th, 2009
TrustFighter.exe is a harmful program.
Name: TrustFighter
Filename: TrustFighter.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TrustFighter
Command: C:\Program Files\TrustFighter Software\TrustFighter\TrustFighter.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [TrustFighter] C:\Program Files\TrustFighter Software\TrustFighter\TrustFighter.exe -min
RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“TrustFighter”=C:\Program Files\TrustFighter Software\TrustFighter\TrustFighter.exe
Description: main component of TrustFighter. TrustFighter is a rogue antispyware program.
How to remove: use these TrustFighter removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Saturday, October 10th, 2009
WindowsEDefender.exe is a harmful program.
Name: WindowsEDefender
Filename: WindowsEDefender.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Windows Enterprise Defender
Command: C:\Documents and Settings\All Users\Application Data\472f\WindowsEDefender.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Windows Enterprise Defender] “C:\Documents and Settings\All Users\Application Data\472f\WindowsEDefender.exe” /s /d
RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Windows Enterprise Defender”=C:\Documents and Settings\All Users\Application Data\472f\WindowsEDefender.exe [2009-10-09 2104832]
Description: main component of Windows Enterprise Defender. Windows Enterprise Defender is a rogue antispyware program.
How to remove: use these Windows Enterprise Defender removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Saturday, October 10th, 2009
TrustSoldier.exe is a harmful program.
Name: TrustSoldier
Filename: TrustSoldier.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TrustSoldier
Command: C:\Program Files\TrustSoldier Software\TrustSoldier\TrustSoldier.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [TrustSoldier] C:\Program Files\TrustSoldier Software\TrustSoldier\TrustSoldier.exe -min
RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“TrustSoldier”=C:\Program Files\TrustSoldier Software\TrustSoldier\TrustSoldier.exe [2009-10-10 785920]
Description: part of TrustSoldier. TrustSoldier is a rogue antispyware program.
How to remove: use these TrustSoldier removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | 1 Comment »
Friday, October 9th, 2009
This is a harmful program.
Name: seres
Filename: seres.exe
Registry key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | mserv
Command: %AppData%\seres.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [mserv] c:\documents and settings\username\Application Data\seres.exe
Description: trojan downloader, also known as trojan Win32/Renos, trojan Win32/FakeRean, trojan FakeAlert
How to remove: use HijackThis + use Malwarebytes` Anti-malware
Posted in O4, Run, Trojan | No Comments »
Friday, October 9th, 2009
restorer32_a.exe is a harmful program.
Name: restorer32_a
Filename: restorer32_a.exe
Registry key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | restorer32_a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | restorer32_a
Command: c:\windows\system32\restorer32_a.exe
Startup Type: HKCU->Run, HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [restorer32_a] c:\documents and settings\username\restorer32_a.exe
O4 – HKLM\..\Run: [restorer32_a] c:\windows\system32\restorer32_a.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“restorer32_a”=”c:\documents and settings\username\restorer32_a.exe” [2009-09-29 40448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“restorer32_a”=”c:\windows\system32\restorer32_a.exe” [2009-09-29 40448]
Description: trojan that installed with Antivirus Pro 2010 (rogue antispyware)
How to remove: use HijackThis + use Malwarebytes` Anti-malware
Posted in O4, Rogue Antispyware/Antivirus, Run, Trojan | 2 Comments »
Friday, October 9th, 2009
wscsvc32.exe is a harmful program.
Name: wscsvc32
Filename: wscsvc32.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | wscsvc32.exe
Command: C:\Program Files\Antivirus\wscsvc32.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [wscsvc32.exe] C:\Program Files\Antivirus\wscsvc32.exe
DDS Line:
uRun: [wscsvc32.exe] C:\Program Files\Antivirus\wscsvc32.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“wscsvc32.exe”=C:\Program Files\Antivirus\wscsvc32.exe
Description: trojan FakeAlert that is installed by Antivirus. Antivirus is a rogue antispyware program.
How to remove: use these Antivirus removal instructions.
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
