Archive for the 'Startup Type' Category

« Previous Entries

What is AWM.exe, How to remove AWM.exe

Thursday, September 2nd, 2010

AWM.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AWM
Filename: AWM.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | awm

Command: %AppData%\AWM\AWM.exe
Startup Type:
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [awm] C:\Documents and Settings\username\Application Data\AWM\AWM.exe

DDS Line:

uRun: [awm] C:\Documents and Settings\username\Application Data\AWM\AWM.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“awm”=C:\Documents and Settings\username\Application Data\AWM\AWM.exe

Description: core component of AWM Antivirus

How to remove: use the AWM Antivirus removal guide or the steps below.

Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is mediafix70700en02.exe, How to remove mediafix70700en02.exe

Sunday, August 29th, 2010

mediafix70700en02.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mediafix70700en02
Filename: mediafix70700en02.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | mediafix70700en02.exe

Command: %AppData%\{RANDOM}\mediafix70700en02.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [mediafix70700en02.exe] C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\mediafix70700en02.exe

DDS Line:

uRun: [mediafix70700en02.exe] C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\mediafix70700en02.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“mediafix70700en02.exe”=C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\mediafix70700en02.exe

Description: core component of Antimalware Doctor (rogue antispyware)

How to remove: use the Antimalware Doctor removal guide or the steps below.

1. Download HijackThis from here and save it to your desktop.

2. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [mediafix70700en02.exe] C:\Documents and Settings\User\Application Data\CA196E3D0F2D18F19323483E318BCFD5\mediafix70700en02.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is Advanced Security Tool 2010, How to remove Advanced Security Tool 2010

Friday, August 27th, 2010

Advanced Security Tool 2010 is a malicious program.

remove It is a malware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Filename: asectool.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AdvSecTool

Command: %UserProfile%\Application Data\asectool.exe
Startup Type: HKCU->Run
Description: rogue antivirus program

How to remove: use the Advanced Security Tool 2010 removal instructions

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is asectool.exe, How to remove asectool.exe

Friday, August 27th, 2010

asectool.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: asectool
Filename: asectool.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AdvSecTool

Command: %UserProfile%\Application Data\asectool.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AdvSecTool] “%UserProfile%\Application Data\asectool.exe”

DDS Line:

uRun: [AdvSecTool] %UserProfile%\Application Data\asectool.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AdvSecTool”=%UserProfile%\Application Data\asectool.exe

Description: core component of Advanced Security Tool 2010 (rogue antispyware)

How to remove: use the Advanced Security Tool 2010 removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is ntload.exe, How to remove ntload.exe

Friday, August 27th, 2010

ntload.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ntload
Filename: ntload.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | rundll32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: %Windir%\system32\ntload.exe
Startup Type: Winlogon->Shell, HKLM->Run
HijackThis Category: F2, O4
HijackThis Line:

F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\ntload.exe
O4 – HKLM\..\Run: [rundll32] C:\WINDOWS\system32\ntload.exe

Description: component of Advanced Security Tool 2010 (rogue antispyware)

How to remove: use the Advanced Security Tool 2010 removal guide or or the steps below.

1. Download HijackThis from here and save it to your desktop. Most important, in the Save dialog, rename HijackThis.exe to iexplore.exe !!!
2. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\ntload.exe
O4 – HKLM\..\Run: [rundll32] C:\WINDOWS\system32\ntload.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.
3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

Posted in F2, O4, Run, Winlogon\Shell | No Comments »

What is AVDefender 2011, How to remove AVDefender 2011

Thursday, August 26th, 2010

AVDefender 2011 is a malicious program.

remove It is a malware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Filename: {RANDOM}.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = “%AppData%\{RANDOM}\{RANDOM}.exe”

Command: %AppData%\{RANDOM}\{RANDOM}.exe
Startup Type: Winlogon->Shell
Description: rogue antivirus program

How to remove: use the AVDefender 2011 removal instructions

Posted in Rogue Antispyware/Antivirus, Winlogon\Shell | No Comments »

What is antispy.exe, How to remove antispy.exe

Thursday, August 26th, 2010

antispy.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: antispy
Filename: antispy.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shel”

Command: %UserProfile%\Application Data\antispy.exe
Startup Type: HKCU->Winlogon->Shell
Description: core component of one of Red Cross Antivirus, Peak Protection 2010, Pest Detector 4.1, Major Defense Kit, AntiSpySafeguard (rogue antivirus programs). It is installed by Microsoft Security Essentials Alert trojan.

How to remove: use the Microsoft Security Essentials Alert trojan removal instructions

Posted in Rogue Antispyware/Antivirus, Winlogon\Shell | No Comments »

What is defender.exe, How to remove defender.exe

Thursday, August 26th, 2010

defender.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: defender
Filename: defender.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | tmp

Command: %AppData%\defender.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [tmp] C:\Documents and Settings\comp\Application Data\defender.exe

DDS Line:

uRun: [tmp] C:\Documents and Settings\comp\Application Data\defender.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“tmp”=C:\Documents and Settings\comp\Application Data\defender.exe

Description: core component of Microsoft Security Essentials Alert trojan

How to remove: use the fake Microsoft Security Essentials Alert removal instructions

Posted in O4, Run, Trojan | No Comments »

What is newsecureapp70700.exe, How to remove newsecureapp70700 .exe

Sunday, August 22nd, 2010

newsecureapp70700.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: newsecureapp70700
Filename: newsecureapp70700.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | newsecureapp70700.exe

Command: %AppData%\{RANDOM}\newsecureapp70700.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [newsecureapp70700.exe] C:\Documents and Settings\User\Application Data\788802FCB8E32AB6DD188F1B84357D9C\newsecureapp70700.exe

DDS Line:

uRun: [newsecureapp70700.exe] C:\Documents and Settings\User\Application Data\788802FCB8E32AB6DD188F1B84357D9C\newsecureapp70700.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“newsecureapp70700.exe”=C:\Documents and Settings\User\Application Data\788802FCB8E32AB6DD188F1B84357D9C\newsecureapp70700.exe

Description: core component of Antimalware Doctor. Antimalware Doctor is a rogue antispyware program.

How to remove: use the Antimalware Doctor removal instructions or the steps below.

1. Download HijackThis from here and save it to your desktop.
2. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [newsecureapp70700.exe] C:\Documents and Settings\User\Application Data\{RANDOM}\newsecureapp70700.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.
3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is secureapp70700.exe, How to remove secureapp70700.exe

Thursday, August 12th, 2010

secureapp70700.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: secureapp70700
Filename: secureapp70700.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | secureapp70700.exe

Command: %AppData%\{RANDOM}\secureapp70700.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [secureapp70700.exe] C:\Documents and Settings\User\Application Data\788802FCB8E32AB6DD188F1B84357D9A\secureapp70700.exe

DDS Line:

uRun: [secureapp70700.exe] C:\Documents and Settings\User\Application Data\788802FCB8E32AB6DD188F1B84357D9A\secureapp70700.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“secureapp70700.exe”=C:\Documents and Settings\User\Application Data\788802FCB8E32AB6DD188F1B84357D9A\secureapp70700.exe

Description: core component of Antimalware Doctor. Antimalware Doctor is a rogue antispyware program.

How to remove: use the Antimalware Doctor removal instructions or the steps below.

1. Download HijackThis from here and save it to your desktop.
2. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [secureapp70700.exe] C:\Documents and Settings\User\Application Data\{RANDOM}\secureapp70700.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.
3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

« Previous Entries