Archive for the 'HijackThis' Category
Tuesday, August 25th, 2009
This is a harmful program.
Name: brey1eza
Filename: brey1eza.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | brey1eza.exe
Command: %UserProfile%\LOCALS~1\Temp\brey1eza.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [brey1eza.exe] C:\DOCUME~1\PEDROA~1\LOCALS~1\Temp\brey1eza.exe
Description: trojan that installed with SaveSoldier (rogue antispyware program)
How to remove: use these SaveSoldier removal instructions.
Posted in O4, Rogue Antispyware/Antivirus, Run, Trojan | No Comments »
Sunday, August 16th, 2009
This is a harmful program.
Name: cru629
Filename: cru629.dat
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS
Startup Type: AppInit DLLs
HijackThis Category: O20
HijackThis Line:
O20 – AppInit_DLLs: cru629.dat
Description: component of braviax trojan
How to remove: use these braviax trojan removal instructions.
Posted in AppInit DLLs, O20, Trojan | No Comments »
Sunday, August 16th, 2009
This is a harmful program.
Name: braviax
Filename: braviax.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | braviax
Command: C:\WINDOWS\system32\braviax.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
Description: component of trojan braviax that installs rogue antispyware programs.
How to remove: use these braviax removal instructions.
Posted in O4, Run, Trojan | 1 Comment »
Saturday, August 15th, 2009
This is a harmful program.
Name: WiniShieldSvc
Filename: WiniShieldSvc.exe
Command: C:\Program Files\WiniShield Software\WiniShield\WiniShieldSvc.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:
O23 – Service: WiniShield Security Service (WiniShieldSvc) – Unknown owner – C:\Program Files\WiniShield Software\WiniShield\WiniShieldSvc.exe
Description: component of WiniShield (rogue antispyware program)
How to remove: use these WiniShield removal instructions
Posted in O23, Rogue Antispyware/Antivirus, Service | No Comments »
Saturday, August 15th, 2009
This is a harmful program.
Name: WiniShield
Filename: WiniShield.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WiniShield
Command: C:\Program Files\WiniShield Software\WiniShield\WiniShield.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [WiniShield] C:\Program Files\WiniShield Software\WiniShield\WiniShield.exe -min
Description: main component of WiniShield (rogue antispyware program)
How to remove: use these WiniShield removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Monday, August 3rd, 2009
This is a harmful program.
Name: PC_Antispyware2010
Filename: PC_Antispyware2010.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PC Antispyware 2010
Command: C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [PC Antispyware 2010] “C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe” /hide
Description: main file of PC Antispyware 2010 (rogue antispyware program)
How to remove: use these PC Antispyware 2010 removal instructions.
Posted in O4, Rogue Antispyware/Antivirus, Run | 3 Comments »
Monday, July 27th, 2009
This is a harmful program.
Name: svchast
Filename: svchast.exe
Command: C:\WINDOWS\svchast.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:
O23 – Service: AntipyPro_12 (AntipPro2009_12) – Unknown owner – C:\WINDOWS\svchast.exe
Combofix/RSIT Line:
S2 AntipPro2009_12;AntipyPro_12; C:\WINDOWS\svchast.exe
Description: component of Windows Antivirus Pro (fake antivirus program)
How to remove: use these Windows Antivirus Pro removal instructions.
Posted in O23, Rogue Antispyware/Antivirus, Service | No Comments »
Sunday, July 26th, 2009
This is a harmful program.
Name: AVCare
Filename: AVCare.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AV Care
Command: C:\Program Files\AV Care\AvCare.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [AV Care] C:\Program Files\AV Care\AvCare.exe
Description: main file of AVCare (rogue antispyware program)
How to remove: use Malwarebytes` Anti-malware or use these AVCare removal instructions.
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Thursday, July 23rd, 2009
This is a harmful program.
Name: kj32
Filename: kj32.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6458C00E-EF7F-4f06-9E06-49EA923386FD}
Command: C:\WINDOWS\System32\kj32.dll
CLSID: {6458C00E-EF7F-4f06-9E06-49EA923386FD}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: pl – {6458C00E-EF7F-4f06-9E06-49EA923386FD} – C:\WINDOWS\System32\kj32.dll
Description: trojan bho
How to remove: use HijackThis + use Malwarebytes` Anti-malware
Posted in BHO, O2, Trojan | No Comments »
Thursday, July 23rd, 2009
This is a harmful program.
Name: _ex-68
Filename: _ex-68.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PromoReg
Command: C:\WINDOWS\Temp\_ex-68.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-68.exe
Description: unknown trojan component, that installed with rogue antispyware programs
How to remove: use HijackThis + use Malwarebytes Antimalware
Posted in O4, Run, Trojan | No Comments »
