Archive for the 'HijackThis' Category
Tuesday, June 2nd, 2009
This is a harmful program.
Name: windef
Filename: windef.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WinDefender2009
Command: c:\Program Files\WinDefender\windef.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [WinDefender2009] c:\Program Files\WinDefender\windef.exe
Description: windef.exe is a main file of WinDefender2009 (rogue antispyware program)
How to remove: use Malwarebytes Antimalware
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Sunday, May 31st, 2009
This is a harmful program.
Name: WinCtrl32
Filename: WinCtrl32.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32
Startup Type: Winlogon->Notify
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32]
WinCtrl32.dll
Description: trojan downloader
How to remove: manually or use Malwarebytes Anti-malware
Posted in O20, Trojan, Winlogon\Notify | No Comments »
Sunday, May 31st, 2009
This is a harmful program.
Name: PrestoTuneUp
Filename: PrestoTuneUp.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Presto TuneUp
Command: C:\Documents and Settings\All Users\Application Data\b1529a0\PrestoTuneUp.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Presto TuneUp] “C:\Documents and Settings\All Users\Application Data\b1529a0\PrestoTuneUp.exe” /s /d
Description: Presto Tuneup is a scareware program that uses false system errors to trick you into buying the software.
How to remove: use Malwarebytes Antimalware
Posted in Malware, O4, Run | No Comments »
Sunday, May 24th, 2009
This is a harmful program.
Name: FastAV
Filename: FastAV.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Fast Antivirus 2009
Command: C:\Documents and Settings\All Users\Application Data\d0aef09\FastAV.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Fast Antivirus 2009] “C:\Documents and Settings\All Users\Application Data\d0aef09\FastAV.exe” /s /d
Description: main file of Fast Antivirus 2009 (rogue antipyware program)
How to remove: use the instructions How to remove Fast Antivirus 2009
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Monday, May 18th, 2009
This is a harmful program.
Name: AV
Filename: AV.EXE
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Secure AntiVirus Pro
Command: C:\WINDOWS\AV.EXE
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Secure AntiVirus Pro] C:\WINDOWS\AV.EXE
Description: main file of Secure Antivirus Pro (rogue antispyware program)
How to remove: use the Secure Antivirus Pro removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Friday, May 8th, 2009
This is a harmful program.
Name: MCatcher
Filename: MCatcher.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Malware Catcher 2009
Command: C:\Documents and Settings\All Users\Application Data\f5bc4e8\MCatcher.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Malware Catcher 2009] “C:\Documents and Settings\All Users\Application Data\f5bc4e8\MCatcher.exe” /s /d
Description: main file of Malware Catcher 2009 (rogue antispyware program)
How to remove: use Malwarebytes Antimalware
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Thursday, May 7th, 2009
This is a harmful program.
Name: pav
Filename: pav.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PAV
Command: c:\program files\pav\pav.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [PAV] c:\program files\pav\pav.exe
Description: main file of Personal Antivirus (rogue antispyware program)
How to remove: use these instructions How to remove Personal Antivirus
Posted in BHO, O4, Rogue Antispyware/Antivirus | No Comments »
Thursday, May 7th, 2009
This is a harmful program.
Name: winexplorer
Filename: winexplorer.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e59498d-7e44-4452-9044-0973b080b9e8}
Command: C:\WINDOWS\system32\winexplorer.dll
CLSID: {2e59498d-7e44-4452-9044-0973b080b9e8}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: (no name) – {2e59498d-7e44-4452-9044-0973b080b9e8} – C:\WINDOWS\system32\winexplorer.dll
Description: winexplorer.dll is trojan bho, installed with Personal Antivirus (rogue antispyware program)
How to remove: use Use HijackThis + use Use Malwarebytes Antimalware
Posted in BHO, O2, Rogue Antispyware/Antivirus, Trojan | 2 Comments »
Monday, May 4th, 2009
This is a harmful program.
Name: agent
Filename: agent.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | agent.exe
Command: C:\Program Files\PCenter\agent.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [agent.exe] C:\Program Files\PCenter\agent.exe
Description: component of Privacy Center (rogue privacy program)
How to remove: use the instructions How to remove Privacy Center
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Monday, May 4th, 2009
This is a harmful program.
Name: spywareguard
Filename: spywareguard.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | spywareguard
Command: c:\program files\spyware guard 2009\spywareguard.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [spywareguard] c:\program files\spyware guard 2009\spywareguard.exe
Description: main file of Spyware Guard 2009 (rogue antispyware program)
How to remove: use these instructions How to remove Spyware Guard 2009
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
