HT Logs. Tips, FAQs, Analyze.

WindowsEDefender.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: WindowsEDefender
Filename: WindowsEDefender.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Windows Enterprise Defender

Command: C:\Documents and Settings\All Users\Application Data\472f\WindowsEDefender.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Windows Enterprise Defender] “C:\Documents and Settings\All Users\Application Data\472f\WindowsEDefender.exe” /s /d

RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Windows Enterprise Defender”=C:\Documents and Settings\All Users\Application Data\472f\WindowsEDefender.exe [2009-10-09 2104832]

Description: main component of Windows Enterprise Defender. Windows Enterprise Defender is a rogue antispyware program.

How to remove: use these Windows Enterprise Defender removal instructions

TrustSoldier.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: TrustSoldier
Filename: TrustSoldier.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TrustSoldier

Command: C:\Program Files\TrustSoldier Software\TrustSoldier\TrustSoldier.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [TrustSoldier] C:\Program Files\TrustSoldier Software\TrustSoldier\TrustSoldier.exe -min

RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“TrustSoldier”=C:\Program Files\TrustSoldier Software\TrustSoldier\TrustSoldier.exe [2009-10-10 785920]

Description: part of TrustSoldier. TrustSoldier is a rogue antispyware program.

How to remove: use these TrustSoldier removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: seres
Filename: seres.exe
Registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | mserv

Command: %AppData%\seres.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [mserv] c:\documents and settings\username\Application Data\seres.exe

Description: trojan downloader, also known as trojan Win32/Renos, trojan Win32/FakeRean, trojan FakeAlert

How to remove: use HijackThis + use Malwarebytes` Anti-malware

restorer32_a.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: restorer32_a
Filename: restorer32_a.exe
Registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | restorer32_a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | restorer32_a

Command: c:\windows\system32\restorer32_a.exe
Startup Type: HKCU->Run, HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [restorer32_a] c:\documents and settings\username\restorer32_a.exe
O4 – HKLM\..\Run: [restorer32_a] c:\windows\system32\restorer32_a.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“restorer32_a”=”c:\documents and settings\username\restorer32_a.exe” [2009-09-29 40448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“restorer32_a”=”c:\windows\system32\restorer32_a.exe” [2009-09-29 40448]

Description: trojan that installed with Antivirus Pro 2010 (rogue antispyware)

How to remove: use HijackThis + use Malwarebytes` Anti-malware

wscsvc32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: wscsvc32
Filename: wscsvc32.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | wscsvc32.exe

Command: C:\Program Files\Antivirus\wscsvc32.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [wscsvc32.exe] C:\Program Files\Antivirus\wscsvc32.exe

DDS Line:

uRun: [wscsvc32.exe] C:\Program Files\Antivirus\wscsvc32.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“wscsvc32.exe”=C:\Program Files\Antivirus\wscsvc32.exe

Description: trojan FakeAlert that is installed by Antivirus. Antivirus is a rogue antispyware program.

How to remove: use these Antivirus removal instructions.

Antivirus.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Antivirus
Filename: Antivirus.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Antivirus.exe

Command: C:\Program Files\Antivirus\Antivirus.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Antivirus.exe] C:\Program Files\Antivirus\Antivirus.exe

DDS Line:

uRun: [Antivirus.exe] C:\Program Files\Antivirus\Antivirus.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Antivirus.exe”=C:\Program Files\Antivirus\Antivirus.exe

Description: core part of Antivirus. Antivirus is a rogue antispyware program.

How to remove: use Antivirus removal instructions.

SafeFighter.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SafeFighter
Filename: SafeFighter.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SafeFighter

Command: command
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SafeFighter] C:\Program Files\SafeFighter Software\SafeFighter\SafeFighter.exe -min

RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SafeFighter”=C:\Program Files\SafeFighter Software\SafeFighter\SafeFighter.exe [2009-10-08 831488]

Description: part of SafeFighter. SafeFighter is a scareware that utilizes false scan results and fake security alerts as method to scare you into buying the software.

How to remove: use these SafeFighter removal instructions.

TrustCop.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: TrustCop
Filename: TrustCop.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TrustCop

Command: C:\Program Files\TrustCop Software\TrustCop\TrustCop.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [TrustCop] C:\Program Files\TrustCop Software\TrustCop\TrustCop.exe -min

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“TrustCop”=C:\Program Files\TrustCop Software\TrustCop\TrustCop.exe [2009-10-06 786432]

Description: main file of TrustCop. TrustCop is a fake antispyware program.

Removal instructions: How to Remove TrustCop (Uninstall instructions).

SecureWarrior.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SecureWarrior
Filename: SecureWarrior.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SecureWarrior

Command: C:\Program Files\SecureWarrior Software\SecureWarrior\SecureWarrior.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SecureWarrior] C:\Program Files\SecureWarrior Software\SecureWarrior\SecureWarrior.exe -min

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SecureWarrior”=C:\Program Files\SecureWarrior Software\SecureWarrior\SecureWarrior.exe [2009-10-02 830976]

Description: main component of SecureWarrior rogue antispyware software

How to remove: use these SecureWarrior removal instructins

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: homeav
Filename: homeav.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | HomeAV

Command: C:\Program Files\Home Personal Antivirus\homeav.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [HomeAV] C:\Program Files\Home Personal Antivirus\homeav.exe

Description: component of Home Personal Antivirus (rogue antispyware program)

How to remove: use these Home Personal Antivirus removal instructions