HT Logs. Tips, FAQs, Analyze.

SmartSecurity is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SmartSecurity
Filename: SmartSecurity.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SmartSecurity

Command: C:\Program Files\Smart Security\SmartSecurity.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SmartSecurity] C:\Program Files\Smart Security\SmartSecurity.exe

DDS Line:

uRun: [SmartSecurity] C:\Program Files\Smart Security\SmartSecurity.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SmartSecurity”=C:\Program Files\Smart Security\SmartSecurity.exe

Description: core component of SmartSecurity. SmartSecurity (Smart Security) is a rogue antispyware program.

How to remove: use these SmartSecurity removal instructions.

CUA[random].exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: CleanUp Antivirus
Filename: CUA[random].exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | CleanUp Antivirus

Command: C:\Documents and Settings\All Users\Application Data\9be96\CU515.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [CleanUp Antivirus] “C:\Documents and Settings\All Users\Application Data\9be96\CU515.exe” /s /d

DDS Line:

uRun: [CleanUp Antivirus] C:\Documents and Settings\All Users\Application Data\9be96\CU515.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“CleanUp Antivirus”=C:\Documents and Settings\All Users\Application Data\9be96\CU515.exe

Description: core component of CleanUp Antivirus. CleanUp Antivirus is a fake antivirus program, that also known as rogue antispyware.

How to remove: use these CleanUp Antivirus removal instructions.

bill103.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: bill103
Filename: bill103.exe
Registry key:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: %Windir%\bill103.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\bill103.exe

DDS Line:

mRun: [sysfbtray] C:\windows\bill103.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\bill103.exe

Description: new variant of koobface worm

How to remove: use these koobface removal instructions.

amht.xfo is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: amht
Filename: amht.xfo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe amht.xfo kixxkk
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe amht.xfo kixxkk

Description: trojan also known as Trojan.Sasfis [PCTools], Trojan.Sasfis [Symantec], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware

RTHDBPL is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: RTHDBPL
Filename: lsass.exe
Registry key:

Command: %userProfile%\Application Data\SystemProc\lsass.exe
CLSID: clsid
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\user\Application Data\SystemProc\lsass.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“RTHDBPL”=C:\Documents and Settings\user\Application Data\SystemProc\lsass.exe

Description: trojan also known as Trojan.Gen [Symantec], Mal/VBInject-D [Sophos], WORM_BUZUS.EHM [TrendMicro]

How to remove: use HijackThis + Malwarebytes` Anti-malware

TOY5KNQ8OC is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: TOY5KNQ8OC
Filename: [random 3 characters].ex
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TOY5KNQ8OC

Command: %UserProfile%\LOCALS~1\Temp\[random 3 characters].exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\user\LOCALS~1\Temp\Xb1.exe

DDS Line:

uRun: [TOY5KNQ8OC] C:\DOCUME~1\user\LOCALS~1\Temp\Xb1.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“TOY5KNQ8OC”=C:\DOCUME~1\user\LOCALS~1\Temp\Xb1.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

syre32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: syre32
Filename: syre32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | syre32

Command: C:\WINDOWS\system32\syre32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [syre32] C:\WINDOWS\system32\syre32.exe

DDS Line:

mRun: [syre32] C:\WINDOWS\system32\syre32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“syre32″=C:\WINDOWS\system32\syre32.exe

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

cleansweep.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: cleansweep
Filename: cleansweep.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cleansweep.exe

Command: C:\cleansweep.exe\cleansweep.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe

DDS Line:

uRun: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cleansweep.exe”=C:\cleansweep.exe\cleansweep.exe

Description: trojan also known as Trojan.Spyeye [PCTools], Trojan.Spyeye [Symantec], Trojan-Spy.Win32.SpyEyes.h [Kaspersky Lab], BackDoor-Spyeye [McAfee], Mal/Spyeye-A, Mal/Spyeye-A [Sophos], Trojan:Win32/Spyeye.B [Microsoft],

How to remove: use HijackThis + Kaspersky virus removal tool

drguard.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: drguard
Filename: drguard.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Dr. Guard

Command: C:\Program Files\Dr. Guard\drguard.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Dr. Guard] “C:\Program Files\Dr. Guard\drguard.exe” -noscan

DDS Line:

uRun: [Dr. Guard] C:\Program Files\Dr. Guard\drguard.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Dr. Guard”=C:\Program Files\Dr. Guard\drguard.exe

Description: core component of Dr. Guard. Dr. Guard is a rogue antispyware program.

How to remove: use these Dr. Guard removal instructions.

asr64_ldm.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: asr64_ldm
Filename: asr64_ldm.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | asr64_ldm.exe

Command: %UserProfile%\LOCALS~1\Temp\asr64_ldm.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [asr64_ldm.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\asr64_ldm.exe

DDS Line:

uRun: [asr64_ldm.exe] C:\DOCUME~1\user\LOCALS~1\Temp\asr64_ldm.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“asr64_ldm.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\asr64_ldm.exe

Description: trojan fakeAlert that installed with Dr. Guard. Dr. Guard is a rogue antispyware program.

How to remove: use these Dr. Guard removal instructions.