Archive for the 'HijackThis' Category

psystem.exe is main file of Protection System

Monday, June 15th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: psystem
Filename: psystem.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Protection System

Command: C:\Program Files\Protection System\psystem.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Protection System] C:\Program Files\Protection System\psystem.exe

Description: main file of Protection System (rogue antispyware program)

How to remove: use Malwarebytes Antimalware

wingenocx.dll is trojan BHO

Monday, June 15th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wingenocx
Filename: wingenocx.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}

Command: C:\WINDOWS\system32\wingenocx.dll
CLSID: {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: BhoApp – {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} – C:\WINDOWS\system32\wingenocx.dll

Description: trojan BHO that installed with Protection System (rogue antispyware software)

How to remove: use Malwarebytes Antimalware

pp10.exe is a component of worm koobface

Monday, June 15th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: pp10
Filename: pp10.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | pp

Command: c:\windows\pp10.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [pp] c:\windows\pp10.exe

Description: component of worm koobface (spreads through social networking sites)

How to remove: use these koobface removal instructions

ld09.exe is worm koobface

Monday, June 15th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ld09
Filename: ld09.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysldtray

Command: c:\windows\ld09.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysldtray] c:\windows\ld09.exe

Description: worm koobface is a worm that spreads through social networking sites (Myspace and Facebook).

How to remove: use these koobface removal instructions

poswin.dll is a trojan FakeAlert

Friday, June 12th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: poswin
Filename: poswin.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F60777DA-D6A6-40F6-B665-6F361C1017B6}

Command: C:\WINDOWS\poswin.dll
CLSID: {F60777DA-D6A6-40F6-B665-6F361C1017B6}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: PLAsim plugin – {F60777DA-D6A6-40F6-B665-6F361C1017B6} – C:\WINDOWS\poswin.dll

Description: trojan FakeAlert

How to remove: use HijackThis + use Malwarebytes Antimalware

rs32net.exe is TrojanDropper

Friday, June 12th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: rs32net
Filename: rs32net.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | rs32net

Command: C:\WINDOWS\System32\rs32net.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe

Combofix/RSIT Line:


Description: rs32net.exe is TrojanDropper, also known as Mal/Pushdo-A [Sophos], Trojan.Pandex [Symantec], FakeAlert-AG.gen.c [McAfee],

How to remove: Use HijackThis

96857956.exe is component of System Security

Friday, June 12th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: 96857956
Filename: 96857956.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | 16847964

Command: C:\Documents and Settings\All Users\Application Data\16847964\16847964.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [16847964] C:\Documents and Settings\All Users\Application Data\16847964\16847964.exe

Description: component of System Security (rogue antispyware program)
Note: System Security uses random names for hide itself.

How to remove: use these System Security removal instructions.

WindOptimizer.exe is a main file of Wind Optimizer

Wednesday, June 10th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: WindOptimizer
Filename: WindOptimizer.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Wind Optimizer

Command: C:\Program Files\Wind Optimizer\WindOptimizer.exe
Startup Type: HKCU
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Wind Optimizer] “C:\Program Files\Wind Optimizer\WindOptimizer.exe” /s

Description: main file of Wind Optimizer (rogue antispyware)

How to remove: use Malwarebytes Antimalware

xpdeluxe.exe is main file of XP Deluxe Protector

Thursday, June 4th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: xpdeluxe
Filename: xpdeluxe.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | xpprotect

Command: %UserProfile%\XP Deluxe Protector\xpdeluxe.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [xpprotect] C:\Documents and Settings\lab\XP Deluxe Protector\xpdeluxe.exe

Description: main file of XP Deluxe Protector (rogue antispyware program)

How to remove: use these XP Deluxe Protector removal instructions

WinBlueSoft.exe – WinBlueSoft rogue antispyware

Wednesday, June 3rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: WinBlueSoft
Filename: WinBlueSoft.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | WinBlueSoft

Command: C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min

Description: WinBlueSoft.exe is a main component of WinBlueSoft rogue antispyware program

How to remove: use these WinBlueSoft removal instructions