Archive for the 'HijackThis' Category

What is BlockProtector.exe, How to remove BlockProtector.exe

Wednesday, November 4th, 2009

BlockProtector.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: BlockProtector
Filename: BlockProtector.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BlockProtector.exe

Command: C:\Program Files\BlockProtector Software\BlockProtector\BlockProtector.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [BlockProtector.exe] C:\Program Files\BlockProtector Software\BlockProtector\BlockProtector.exe

Combofix/RSIT Line:

“BlockProtector.exe”=C:\Program Files\BlockProtector Software\BlockProtector\BlockProtector.exe [2009-11-05 772608]

Description: core component of BlockProtector. BlockProtector is a rogue antispyware program.

How to remove: use these BlockProtector removal instructions.

What is logon.exe, How to remove logon.exe

Wednesday, November 4th, 2009

logon.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: logon
Filename: logon.exe
Startup Type: system.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe logon.exe

Description: trojan that installed with a rogue antispyware program

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is sysnet.dll, How to remove sysnet.dll

Wednesday, November 4th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sysnet
Filename: sysnet.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | SysNet

Command: C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll
CLSID: {13E9115E-2CB0-4CAB-91D0-507E9368ED1B}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: SysNet – {13E9115E-2CB0-4CAB-91D0-507E9368ED1B} – C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll

RSIT Line:

SysNet – {13E9115E-2CB0-4CAB-91D0-507E9368ED1B} – C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll

Description: trojan agent that installed with a rogue antispyware program

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is csrss1.dll, How to remove csrss1.dll

Wednesday, November 4th, 2009

csrss1.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: csrss1
Filename: csrss1.dll
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Csrss

Command: c:\windows\system32\csrss1.dll
Startup Type: Winlogon Notify
HijackThis Category: O20
HijackThis Line:

O20 – Winlogon Notify: Csrss – c:\windows\system32\csrss1.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Csrss]
2009-10-20 17:31 139264 —-a-w- c:\windows\system32\csrss1.dll

Description: unknown trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is, How to remove

Wednesday, November 4th, 2009 is a malicious website

remove The site was created to spread Antivirus System Pro. If your browser is redirected to, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

IP Address:
Site addess:
HijackThis Category: O1
HijackThis Line:

O1 – Hosts:

Description: is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus System Pro.

How to remove: use these Antivirus System Pro removal instructions in order to remove this infection.

What is, How to remove

Wednesday, November 4th, 2009 is a malicious website

remove The site was created to spread Antivirus System Pro. If your browser is redirected to, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

IP Address:
Site addess:
HijackThis Category: O1
HijackThis Line:

O1 – Hosts:

Description: is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus System Pro.

How to remove: use these Antivirus System Pro removal instructions in order to remove this infection.

What is, How to remove

Wednesday, November 4th, 2009 is a malicious website

remove The site was created to spread Antivirus System Pro. If your browser is redirected to, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

IP Address:
Site addess:
HijackThis Category: O1
HijackThis Line:

O1 – Hosts:

Description: is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus System Pro.

How to remove: use these Antivirus System Pro removal instructions in order to remove this infection.

What is BlockKeeper.exe, How to remove BlockKeeper.exe

Tuesday, November 3rd, 2009

BlockKeeper.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: BlockKeeper
Filename: BlockKeeper.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | BlockKeeper

Command: C:\Program Files\BlockKeeper Software\BlockKeeper\BlockKeeper.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [BlockKeeper] C:\Program Files\BlockKeeper Software\BlockKeeper\BlockKeeper.exe -min

Combofix/RSIT Line:

“BlockKeeper”=C:\Program Files\BlockKeeper Software\BlockKeeper\BlockKeeper.exe [2009-11-03 830976]

Description: part of BlockKeeper. BlockKeeper is a rogue antispyware program.

How to remove: use these BlockKeeper removal insructions

What is BlockScanner.exe, How to remove BlockScanner.exe

Saturday, October 31st, 2009

BlockScanner.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: BlockScanner
Filename: BlockScanner.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | BlockScanner

Command: C:\Program Files\BlockScanner Software\BlockScanner\BlockScanner.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [BlockScanner] C:\Program Files\BlockScanner Software\BlockScanner\BlockScanner.exe -min

Combofix/RSIT Line:

“BlockScanner”=C:\Program Files\BlockScanner Software\BlockScanner\BlockScanner.exe [2009-10-31 830976]

Description: part of BlockScanner. BlockScanner is a rogue antispyware program.

How to remove: use these BlockScanner removal instructions.

Windows Enterprise Suite – WEb691.exe

Saturday, October 31st, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: WEb691
Filename: WEb691.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Windows Enterprise Suite

Command: C:\Documents and Settings\All Users\Application Data\b6918f6\WEb691.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Windows Enterprise Suite] “C:\Documents and Settings\All Users\Application Data\b6918f6\WEb691.exe” /s /d

Combofix/RSIT Line:

“Windows Enterprise Suite”=C:\Documents and Settings\All Users\Application Data\b6918f6\WEb691.exe [2009-10-30 1897472]

Description: part of Windows Enterprise Suite. Windows Enterprise Suite is a rogue antispyware program.

How to remove: use these Windows Enterprise Suite removal instructions