Archive for the 'HijackThis' Category

What is ShieldSafeness.exe, How to remove ShieldSafeness.exe

Sunday, October 25th, 2009

ShieldSafeness.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ShieldSafeness
Filename: ShieldSafeness.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ShieldSafeness

Command: C:\Program Files\ShieldSafeness Software\ShieldSafeness\ShieldSafeness.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [ShieldSafeness] C:\Program Files\ShieldSafeness Software\ShieldSafeness\ShieldSafeness.exe -min

RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ShieldSafeness”=C:\Program Files\ShieldSafeness Software\ShieldSafeness\ShieldSafeness.exe [2009-10-25 785920]

Description: component of ShieldSafeness. ShieldSafeness.exe is a rogue antispyware program.

How to remove: use these ShieldSafeness removal instructions

What is ikowin32.exe, How to remove ikowin32.exe

Saturday, October 24th, 2009

ikowin32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ikowin32
Filename: ikowin32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: ikowin32.exe

Description: a trojan that installed with a rogue antispyware program (Antivirus Pro 2010 for example)

How to remove: use HijackThis + use Malwarebytes` Anti-malware

What is restorer64_a.exe, How to remove restorer64_a.exe

Saturday, October 24th, 2009

restorer64_a.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: restorer64_a
Filename: restorer64_a.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | restorer64_a
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | restorer64_a

Command: C:\Documents and Settings\Nancy\restorer64_a.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 – HKCU\..\Run: [restorer64_a] C:\Documents and Settings\Nancy\restorer64_a.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“restorer64_a” = C:\Documents and Settings\Nancy\restorer64_a.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“restorer64_a” = C:\Documents and Settings\Nancy\restorer64_a.exe

Description: a trojan that installed with Antivirus Pro 2010 (rogue antispyware program)

How to remove: use HijackThis + use Malwarebytes` Anti-malware

What is rundll22.exe, How to remove rundll22.exe

Saturday, October 24th, 2009

rundll22.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: rundll22
Filename: rundll22.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ttool

Command: C:\WINDOWS\rundll22.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [ttool] C:\WINDOWS\rundll22.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ttool”=C:\WINDOWS\rundll22.exe

Description: a trojan that installed with Antivirus Pro 2010 (rogue antispyware program)

How to remove: use HijackThis + use Malwarebytes` Anti-malware

What is servises.Exe, How to remove servises.Exe

Saturday, October 24th, 2009

servises.Exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: servises
Filename: servises.Exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | servises
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | servises
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | servises
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | servises

Command: C:\Windows\system32\servises.Exe
Startup Type: HKCU->Run, HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKCU\..\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKLM\..\Policies\Explorer\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKCU\..\Policies\Explorer\Run: [servises] C:\Windows\system32\servises.Exe

Description: trojan that installed with Antivirus System Pro (rogue antispyware program)

How to remove: use HijackThis + use Malwarebytes` Anti-malware

What is SoftStronghold.exe, How to remove SoftStronghold.exe

Friday, October 23rd, 2009

SoftStronghold.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SoftStronghold
Filename: SoftStronghold.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SoftStronghold

Command: C:\Program Files\SoftStronghold Software\SoftStronghold\SoftStronghold.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SoftStronghold] C:\Program Files\SoftStronghold Software\SoftStronghold\SoftStronghold.exe -min

RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SoftStronghold”=C:\Program Files\SoftStronghold Software\SoftStronghold\SoftStronghold.exe [2009-10-24 830976]

Description: part of SoftStronghold. SoftStronghold is a rogue antispyware program.

How to remove: use these SoftStronghold removal instructions

What is freddy71.exe, How to remove freddy71.exe

Friday, October 23rd, 2009

freddy71.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy71
Filename: freddy71.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy71.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy71.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy71.exe [2009-10-20 55296]

Description: part of koobface worm

How to remove: use HijackThis + use Malwarebytes` Anti-malware

What is ld15.exe, How to remove ld15.exe

Friday, October 23rd, 2009

ld15.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ld15
Filename: ld15.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysldtray

Command: C:\windows\ld15.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysldtray] C:\windows\ld15.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysldtray”=C:\windows\ld15.exe [2009-10-20 38912]

Description: part of worm koobface

How to remove: use HijackThis + use Malwarebytes` Anti-malware

What is dnsq.dll, How to remove dnsq.dll

Friday, October 23rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: dnsq
Filename: dnsq.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS

Command: C:\WINDOWS\system32\dnsq.dll
Startup Type: AppInit_DLLs
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\dnsq.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\dnsq.dll”

Description: trojan, also known as W32.Pagipef, TSPY_ONLINEGA.AE, Trojan-PSW.Agent, Trojan-PSW.Win32.Agent.acp, Virus.Win32.Xorer.ee

How to remove: use Kaspersky virus removal tool

What is vshost32.exe, How to remove vshost32.exe

Friday, October 23rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: vshost32
Filename: vshost32.exe
Command: C:\DOCUME~1\8E4B~1\LOCALS~1\Temp\vshost32.exe
Startup Type: system.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\8E4B~1\LOCALS~1\Temp\vshost32.exe,

How to remove: use HijackThis + use Malwarebytes` Anti-malware