Archive for the 'HijackThis' Category

« Previous Entries
Next Entries »

What is pp14.exe, How to remove pp14.exe

Saturday, December 26th, 2009

pp14.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: pp14
Filename: pp14.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | pp

Command: C:\Windows\pp14.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [pp] C:\Windows\pp14.exe

DDS Line:

mRun: [pp] C:\Windows\pp14.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“pp”=C:\Windows\pp14.exe

Description: component of Koobface worm

How to remove: use these Koobface removal instructions.

Posted in O4, Run, Worm | No Comments »

What is 193.104.110.38, How to remove 193.104.110.38

Saturday, December 26th, 2009

193.104.110.38 is a malicious DNS server

remove If your browser is hijacked or Google, Yahoo, MSN search results are redirected to non related sites, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 193.104.110.38
HijackThis Category: O17
HijackThis Line:

O17 – HKLM\System\CCS\Services\Tcpip\..\{1C45AC7D-FB10-4D86-9C82-ABC6221372F6}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254
O17 – HKLM\System\CS1\Services\Tcpip\..\{1C45AC7D-FB10-4D86-9C82-ABC6221372F6}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254

MalwareBytes` Anti-malware shows infection:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1C45AC7D-FB10-4D86-9C82-ABC6221372F6}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38

Description: 193.104.110.38 used as DNS server to redirect browser to non related sites

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O17, Trojan | No Comments »

What is APCProtect.exe, How to remove APCProtect.exe

Thursday, December 24th, 2009

APCProtect.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: APCProtect
Filename: APCProtect.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | APCProtect.exe

Command: C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [APCProtect.exe] C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe

DDS Line:

uRun: [APCProtect.exe] C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“APCProtect.exe”=C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe [2009-12-25 1798144]

Description: core component of APCProtect. APCProtect is a rogue antispyware program.

How to remove: use these APCProtect removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is Security Central.exe, How to remove Security Central.exe

Wednesday, December 23rd, 2009

Security Central.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Security Central
Filename: Security Central.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Security Central

Command: C:\Program Files\Security Central\Security Central.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Security Central] C:\Program Files\Security Central\Security Central.exe

DDS Line:

mRun: [Security Central] C:\Program Files\Security Central\Security Central.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Security Central”=C:\Program Files\Security Central\Security Central.exe

Description: core component of Security Central. Security Central is a rogue antispyware program.

How to remove: use these Security Central removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is Avg.exe, How to remove Avg.exe

Wednesday, December 23rd, 2009

Avg.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Avg
Filename: Avg.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Avg.exe

Command: C:\windows\Avg.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Avg.exe] C:\windows\Avg.exe

DDS Line:

uRun: [Avg.exe] C:\windows\Avg.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Avg.exe”=C:\windows\Avg.exe

Description: trojan also known as Trojan-Banker.Win32.Banker.etk [Kaspersky Lab], Trojan-Banker.Win32.Banker [Ikarus], TrojanSpy:Win32/Bancos.gen!C [Microsoft], Mal/DelpBanc-A, Mal/Banspy-F, Mal/Banspy-I [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, Trojan | 2 Comments »

What is ldfrmmd.exe, How to remove ldfrmmd.exe

Wednesday, December 23rd, 2009

ldfrmmd.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ldfrmmd
Filename: ldfrmmd.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cximddl

Command: C:\WINDOWS\system32\ldfrmmd.exe
Startup Type: HKCU->run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cximddl] C:\WINDOWS\system32\ldfrmmd.exe

DDS Line:

uRun: [cximddl] C:\WINDOWS\system32\ldfrmmd.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cximddl”=C:\WINDOWS\system32\ldfrmmd.exe

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, Trojan | No Comments »

What is jdsuml.exe, How to remove jdsuml.exe

Wednesday, December 23rd, 2009

jdsuml.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: jdsuml
Filename: jdsuml.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | qaswww
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Taskman

Command: C:\WINDOWS\system32\jdsuml.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [qaswww] C:\WINDOWS\system32\jdsuml.exe

DDS Line:

uRun: [qaswww] C:\WINDOWS\system32\jdsuml.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“qaswww”=C:\WINDOWS\system32\jdsuml.exe

Description: trojan also known as Malware.Virut [PCTools], W32.Virut.CF [Symantec], Trojan.Win32.Buzus.cqmu [Kaspersky Lab], Troj/Agent-LXF [Sophos], Trojan:Win32/Lethic.B

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in O4, Run, Trojan | No Comments »

What is providd.exe, How to remove providd.exe

Wednesday, December 23rd, 2009

providd.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: providd
Filename: providd.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | sqlpdro

Command: C:\WINDOWS\system32\providd.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [sqlpdro] C:\WINDOWS\system32\providd.exe

DDS Line:

uRun: [sqlpdro] C:\WINDOWS\system32\providd.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“sqlpdro”=C:\WINDOWS\system32\providd.exe

Description: trojan dropper

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in O4, Run, Trojan | No Comments »

What is ihaupd32.exe, How to remove ihaupd32.exe

Wednesday, December 23rd, 2009

ihaupd32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ihaupd32
Filename: ihaupd32.exe
Command: %UserProfile%\start menu\programs\startup\ihaupd32.exe
Startup Type: StartupFolder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: ihaupd32.exe

Combofix/RSIT Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\ihaupd32.exe

Description: trojan dropper. It installed with updxsp32.exe trojan.

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in O4, Startup folder, Trojan | No Comments »

What is updxsp32.exe, How to remove updxsp32.exe

Wednesday, December 23rd, 2009

updxsp32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: updxsp32
Filename: updxsp32.exe
Command: %UserProfile%\start menu\programs\startup\updxsp32.exe
Startup Type: StartupFolder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: updxsp32.exe

Combofix/RSIT Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\updxsp32.exe

Description: Trojan.Dropper

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in O4, Startup folder, Trojan | No Comments »

« Previous Entries
Next Entries »