Archive for the 'HijackThis' Category

« Previous Entries
Next Entries »

What is mark_32.dll, How to remove mark_32.dll

Thursday, December 3rd, 2009

mark_32.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mark_32
Filename: mark_32.dll
Command: C:\WINDOWS\mark_32.dll
CLSID: {7052b010-2d0f-459e-bf1b-0903f09c1836}
Startup Type: Filter
HijackThis Category: O18
HijackThis Line:

O18 – Filter hijack: text/html – {7052b010-2d0f-459e-bf1b-0903f09c1836} – C:\WINDOWS\mark_32.dll

Description: a trojan that installed with rogue antispyware programs

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in Filter, O18, Trojan | No Comments »

What is winssled.exe, How to remove winssled.exe

Thursday, December 3rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winssled
Filename: winssled.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Taskman
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | shccde

Command: C:\Windows\winssled.exe
Startup Type: HKCU->Run, Winlogon\TaskMan
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [shccde] C:\Windows\winssled.exe

DDS Line:

uRun: [shccde] C:\Windows\winssled.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“shccde”=C:\Windows\winssled.exe

Description: a trojan also known as Malware.Virut [PCTools], W32.Virut.CF [Symantec], Trojan.Win32.Buzus.cqmu [Kaspersky Lab], Trojan:Win32/Lethic.B [Microsoft]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Trojan, Winlogon\TaskMan | No Comments »

What is AntiKeep.exe, How to remove AntiKeep.exe

Thursday, December 3rd, 2009

AntiKeep.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiKeep
Filename: AntiKeep.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiKeep.exe

Command: C:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiKeep.exe] C:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe

DDS Line:

uRun: [AntiKeep.exe] C:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiKeep.exe”=C:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe [2009-12-03 1638400]

Description: core component of AntiKeep. AntiKeep is a rogue antispyware program.

How to remove: use these AntiKeep removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is inetprovider.dll, How to remove inetprovider.dll

Wednesday, December 2nd, 2009

inetprovider.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: inetprovider
Filename: inetprovider.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | InternetProvider

Command: C:\Documents and Settings\All Users\Microsoft PData\inetprovider.dll
CLSID: {76377D16-FC8D-4505-B8E1-237EA19C401A}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: InternetProvider – {76377D16-FC8D-4505-B8E1-237EA19C401A} – C:\Documents and Settings\All Users\Microsoft PData\inetprovider.dll

DDS Line:

SSODL: InternetProvider – {76377D16-FC8D-4505-B8E1-237EA19C401A} – C:\Documents and Settings\All Users\Microsoft PData\inetprovider.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
InternetProvider – {76377D16-FC8D-4505-B8E1-237EA19C401A} – C:\Documents and Settings\All Users\Microsoft PData\inetprovider.dll

Description: trojan that installed with Personal Protector. Personal Protector is a rogue antispyware program.

How to remove: use HijackThis + these Personal Protector removal instructions.

Posted in O21, ShellServiceObjectDelayLoad, Trojan | No Comments »

What is swupdate.dll, How to remove swupdate.dll

Wednesday, December 2nd, 2009

swupdate.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: swupdate
Filename: swupdate.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | SwUpdate

Command: C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
CLSID: {009541A0-3B00-1F1C-00F3-040224001C01}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: SwUpdate – {009541A0-3B00-1F1C-00F3-040224001C01} – C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll

DDS Line:

SSODL: SwUpdate – {009541A0-3B00-1F1C-00F3-040224001C01} – C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll

RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SwUpdate – {009541A0-3B00-1F1C-00F3-040224001C01} – C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll

Description: trojan AdClick

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O21, ShellServiceObjectDelayLoad, Trojan | No Comments »

What is algqeh32.exe, How to remove algqeh32.exe

Tuesday, December 1st, 2009

algqeh32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: algqeh32
Filename: algqeh32.exe
Command: %UserProfile%\Start Menu\Programs\Startup\algqeh32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: algqeh32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
algqeh32.exe

Description: trojan

How to remove: use HijackThis + manually remove the file.

Posted in O4, Startup folder, Trojan | No Comments »

What is win32extension.dll, How to remove win32extension.dll

Tuesday, December 1st, 2009

win32extension.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: win32extension
Filename: win32extension.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Command: C:\WINDOWS\system32\win32extension.dll
CLSID: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &Security Update – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\win32extension.dll

DDS Line:

BHO: &Security Update: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\win32extension.dll

RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}]
&Security Update – C:\WINDOWS\system32\win32extension.dll [2009-12-01 665088]

Description: component of Personal Security. Personal Security is a rogue antispyware program.

How to remove: use these Personal Security removal instructions.

Posted in BHO, O2, Rogue Antispyware/Antivirus | No Comments »

What is psecurity.exe, How to remove psecurity.exe

Tuesday, December 1st, 2009

psecurity.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: psecurity
Filename: psecurity.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | PSecurity

Command: C:\Program Files\PSecurity\psecurity.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [PSecurity] C:\Program Files\PSecurity\psecurity.exe

DDS Line:

uRun: [PSecurity] C:\Program Files\PSecurity\psecurity.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“PSecurity”=C:\Program Files\PSecurity\psecurity.exe [2009-12-01 1268224]

Description: core component of Personal Security. Personal Security is a rogue antispyware program.

How to remove: use these Personal Security removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | 14 Comments »

What is photo_id.exe, How to remove photo_id.exe

Tuesday, December 1st, 2009

photo_id.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: photo_id
Filename: photo_id.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | photo_id
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | photo_id

Command:

C:\WINDOWS\system32\photo_id.exe
%UserProfile%\photo_id.exe
C:\WINDOWS\system32\config\systemprofile\photo_id.exe

Startup Type: HKLM->Run. HKCU->Run
HijackThis Category:
HijackThis Line:

O4 – HKLM\..\Run: [photo_id] C:\WINDOWS\system32\photo_id.exe
O4 – HKCU\..\Run: [photo_id] C:\Documents and Settings\user\photo_id.exe
O4 – HKUS\S-1-5-18\..\Run: [photo_id] C:\WINDOWS\system32\config\systemprofile\photo_id.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [photo_id] C:\WINDOWS\system32\config\systemprofile\photo_id.exe (User ‘Default user’)

DDS Line:

mRun: [photo_id] C:\WINDOWS\system32\photo_id.exe
uRun: [photo_id] C:\Documents and Settings\user\photo_id.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“photo_id”=C:\WINDOWS\system32\photo_id.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“photo_id”=C:\Documents and Settings\user\photo_id.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

What is herss.exe, How to remove herss.exe

Tuesday, December 1st, 2009

herss.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: herss
Filename: herss.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cdoosoft

Command: %Temp%\herss.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cdoosoft] %Temp%\herss.exe

DDS Line:

uRun: [cdoosoft] %Temp%\herss.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cdoosoft”=%Temp%\herss.exe

Description: trojan also known as Trojan-GameThief.Win32.Magania.cmla [Kaspersky Lab], Mal/Taterf-A [Sophos], Worm:Win32/Taterf.B [Microsoft], Trojan.Win32.Inhoo [Ikarus]

How to remove: use HijackThis + these autorun.inf trojans removal instructions.

Posted in autorun.inf, O4, Run, Trojan | No Comments »

« Previous Entries
Next Entries »