Archive for the 'O4' Category

Wizesearch.com (Info and Removal)

Saturday, August 20th, 2016

Wizesearch.com is a browser hijacker

wizesearch.com
If your browser is redirected to Wizesearch.com, then your computer is infected with a browser hijacker. You should immediately check your PC using an antivirus or antispyware software.

(more…)

What is winxn.exe, How to remove winxn.exe

Monday, December 5th, 2011

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

(more…)

What is AntiVirus_System_2011 exe, How to remove AntiVirus_System_2011.exe

Thursday, January 6th, 2011

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiVirus_System_2011
Filename: AntiVirus_System_2011.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiVirus System 2011

Command: C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiVirus System 2011] “C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe” /STARTUP

DDS Line:

uRun: [AntiVirus System 2011] C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiVirus System 2011″=C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe

Description: core component of fake antivirus program named AntiVirus System 2011.

How to remove: use the AntiVirus System 2011 removal instructions.

What is andy145.exe, How to remove andy145.exe

Thursday, December 9th, 2010

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: andy145
Filename: andy145.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | xuri49tkd

Command: C:\windows\andy145.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [xuri49tkd] C:\windows\andy145.exe

DDS Line:

mRun: [xuri49tkd] C:\windows\andy145.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“xuri49tkd”=C:\windows\andy145.exe

Description: malware

How to remove: use HijackThis + Kaspersky virus removal tool

What is Security_Inspector_2010.exe, How to remove Security_Inspector_2010.exe

Tuesday, November 9th, 2010

Security_Inspector_2010.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Security_Inspector_2010
Filename: Security_Inspector_2010.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Security Inspector 2010

Command: %AppData%\Security Inspector 2010\Security_Inspector_2010.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Security Inspector 2010] “C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe” /STARTUP

DDS Line:

uRun: [Security Inspector 2010] C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Security Inspector 2010″=C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe

Description: core component of Security Inspector 2010 (rogue antispyware program)

How to remove: use the Security Inspector 2010 removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download HijackThis from here and save it to your desktop. Before saving, in the Save dialog, rename HijackThis.exe to explorer.exe !!!

3. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [Security Inspector 2010] “C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe” /STARTUP

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.

4. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is AntiVirus_Solution_2010.exe, How to remove AntiVirus_Solution_2010.exe

Friday, October 29th, 2010

AntiVirus_Solution_2010.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiVirus_Solution_2010
Filename: AntiVirus_Solution_2010.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiVirus Solution 2010

Command: %AppData%\AntiVirus Solution 2010\AntiVirus_Solution_2010.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiVirus Solution 2010] “C:\Documents and Settings\username\Application Data\AntiVirus Solution 2010\AntiVirus_Solution_2010.exe” /STARTUP

DDS Line:

uRun: [AntiVirus Solution 2010] C:\Documents and Settings\username\Application Data\AntiVirus Solution 2010\AntiVirus_Solution_2010.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiVirus Solution 2010″=C:\Documents and Settings\username\Application Data\AntiVirus Solution 2010\AntiVirus_Solution_2010.exe

Description: core component of AntiVirus Solution 2010 (fake antivirus)

How to remove: use the AntiVirus Solution 2010 removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download HijackThis from here and save it to your desktop. Before saving, in the Save dialog, rename HijackThis.exe to explorer.exe !!!

3. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [AntiVirus Solution 2010] “C:\Documents and Settings\username\Application Data\AntiVirus Solution 2010\AntiVirus_Solution_2010.exe” /STARTUP

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.

4. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is dirhuntsetup70700.exe, How to remove dirhuntsetup70700.exe

Tuesday, October 26th, 2010

dirhuntsetup70700.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: dirhuntsetup70700
Filename: dirhuntsetup70700.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | dirhuntsetup70700.exe

Command: %AppData%\{RANDOM}\dirhuntsetup70700.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [dirhuntsetup70700.exe] C:\Documents and Settings\User\Application Data\B76257BB6A9ED845C357E1FB3A384BA1\dirhuntsetup70700.exe

DDS Line:

uRun: [dirhuntsetup70700.exe] C:\Documents and Settings\User\Application Data\B76257BB6A9ED845C357E1FB3A384BA1\dirhuntsetup70700.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“dirhuntsetup70700.exe”=C:\Documents and Settings\User\Application Data\B76257BB6A9ED845C357E1FB3A384BA1\dirhuntsetup70700.exe

Description: core component of Antimalware Doctor (rogue antispyware)

How to remove: use the Antimalware Doctor removal guide or the steps below.

1. Download HijackThis from here and save it to your desktop.

2. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [dirhuntsetup70700.exe] C:\Documents and Settings\User\Application Data\B76257BB6A9ED845C357E1FB3A384BA1\dirhuntsetup70700.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is terrapoint700x0main.exe, How to remove terrapoint700x0main.exe

Wednesday, October 20th, 2010

terrapoint700x0main.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: terrapoint700x0main
Filename: terrapoint700x0main.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | terrapoint700x0main.exe

Command: %AppData%\{RANDOM}\terrapoint700x0main.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [terrapoint700x0main.exe] C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\terrapoint700x0main.exe

DDS Line:

uRun: [terrapoint700x0main.exe] C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\terrapoint700x0main.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“terrapoint700x0main.exe”=C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\terrapoint700x0main.exe

Description: core component of Antimalware Doctor (rogue antispyware)

How to remove: use the Antimalware Doctor removal guide or the steps below.

1. Download HijackThis from here and save it to your desktop.

2. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [terrapoint700x0main.exe] C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\terrapoint700x0main.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is Smart Engine, How to remove Smart Engine

Sunday, October 10th, 2010

Smart Engine is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Smart Engine associated files and folders:

C:\Documents and Settings\All Users\Application Data\da1933\SMda1_2121.exe
%UserProfile%\Application Data\Smart Engine
%UserProfile%\Application Data\Smart Engine\cookies.sqlite
%UserProfile%\Desktop\Smart Engine.lnk
%UserProfile%\Start Menu\Smart Engine.lnk
%UserProfile%\Application Data\Smart Engine\Instructions.ini
%UserProfile%\Start Menu\Programs\Smart Engine.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk

Smart Engine associated registry keys and values:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Smart Engine
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes | URL = “http://findgala.com/?&uid=1002&q={searchTerms}”
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes | URL = “http://findgala.com/?&uid=1002&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download | RunInvalidSignatures = “1″
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes | URL = “http://findgala.com/?&uid=1002&q={searchTerms}”

Core filename: SMda1_2121.exe
Command: C:\Documents and Settings\All Users\Application Data\da1933\SMda1_2121.exe
HijackThis shows Smart Engine:

O4 – HKCU\..\Run: [Smart Engine] “C:\Documents and Settings\All Users\Application Data\da2933\SMda2_2121.exe” /s /d

Description: rogue antispyware program

How to remove: use the Smart Engine removal guide or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

4. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

Commands
[resethosts]

Click the red Moveit! button. Close OTM.

What is {RANDOM}agnz.exe, How to remove {RANDOM}agnz.exe

Thursday, October 7th, 2010

{RANDOM}agnz.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Filename: {RANDOM}agnz.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Command: %Temp%\{RANDOM}\{RANDOM}agnz.exe
Startup Type: HKCU->Run, HKLM-> Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [{RANDOM}] %Temp%\{RANDOM}\{RANDOM}agnz.exe
O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}\{RANDOM}agnz.exe

DDS Line:

mRun: [{RANDOM}] %Temp%\{RANDOM}\{RANDOM}agnz.exe
uRun: [{RANDOM}] %Temp%\{RANDOM}\{RANDOM}agnz.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“{RANDOM}”=%Temp%\{RANDOM}\{RANDOM}agnz.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“{RANDOM}”=%Temp%\{RANDOM}\{RANDOM}agnz.exe

Description: core component of Antivirus Action. Antivirus Action is a rogue antispyware program.

How to remove: use the Antivirus Action removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).