HT Logs. Tips, FAQs, Analyze. » O22 http://htlogs.com HIJACKTHIS ITEMS/REGISTRY ITEMS/HOW TO REMOVE Mon, 05 Dec 2011 07:53:13 +0000 en hourly 1 http://wordpress.org/?v=3.0.5 gitabiga.dll is trojan Vundo http://htlogs.com/gitabiga-dll-is-trojan-vundo/ http://htlogs.com/gitabiga-dll-is-trojan-vundo/#comments Mon, 21 Sep 2009 04:34:47 +0000 admin http://htlogs.com/?p=778 This is a harmful program.
remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: gitabiga
Filename: gitabiga.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | derijidob
hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler | {e826441e-0920-4e05-9b2c-84189ccd7cba}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | gefiraled

Command: c:\windows\system32\gitabiga.dll
CLSID: {e826441e-0920-4e05-9b2c-84189ccd7cba}
Startup Type: HKLM->Run, SharedTaskScheduler, ShellServiceObjectDelayLoad
HijackThis Category: O4, O21, O22
Combofix/RSIT Line:

2009-09-19 01:46 . 2009-06-19 01:46 88576 –sha-w- c:\windows\system32\gitabiga.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“derijidob”=”c:\windows\system32\gitabiga.dll” [2009-09-19 88576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
“{e826441e-0920-4e05-9b2c-84189ccd7cba}”= “c:\windows\system32\gitabiga.dll” [2009-09-19 88576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“gefiraled”= {e826441e-0920-4e05-9b2c-84189ccd7cba} – c:\windows\system32\gitabiga.dll [2009-09-19 88576]

Description: trojan Vundo

How to remove: use Malwarebytes` Anti-malware

]]> http://htlogs.com/gitabiga-dll-is-trojan-vundo/feed/ 0 vitamine.dll is a trojan http://htlogs.com/vitaminedll-is-a-trojan/ http://htlogs.com/vitaminedll-is-a-trojan/#comments Mon, 30 Mar 2009 15:12:09 +0000 admin http://htlogs.com/?p=351 Run, AppInit DLL, SSODL, SharedTaskScheduler HijackThis [...]]]> This is a harmful program.
remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: vitamine
Filename: vitamine.dll
Command: c:\windows\system32\vitamine.dll
CLSID: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
Startup Type: HKLM->Run, AppInit DLL, SSODL, SharedTaskScheduler
HijackThis Category: O4, O20, O21, O22
HijackThis Line:

O4 – HKLM\..\Run: [CPMfbaed640] Rundll32.exe “c:\windows\system32\vitamine.dll”,a
O20 – AppInit_DLLs: c:\windows\system32\vitamine.dll
O21 – SSODL: SSODL – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\vitamine.dll
O22 – SharedTaskScheduler: STS – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\vitamine.dll

Description: trojan (Vundo)

How to remove: Use HijackThis + Use Malwarebytes Antimalware

]]> http://htlogs.com/vitaminedll-is-a-trojan/feed/ 0