Archive for the 'Startup Type' Category

Wizesearch.com (Info and Removal)

Saturday, August 20th, 2016

Wizesearch.com is a browser hijacker

wizesearch.com
If your browser is redirected to Wizesearch.com, then your computer is infected with a browser hijacker. You should immediately check your PC using an antivirus or antispyware software.

(more…)

What is rlvknlg64.exe ? How to remove rlvknlg64.exe ?

Wednesday, September 16th, 2015

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

(more…)

What is rlvknlg32.exe ? How to remove rlvknlg32.exe ?

Wednesday, September 16th, 2015

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

(more…)

What is winxn.exe, How to remove winxn.exe

Monday, December 5th, 2011

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

(more…)

What is AntiVirus_System_2011 exe, How to remove AntiVirus_System_2011.exe

Thursday, January 6th, 2011

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiVirus_System_2011
Filename: AntiVirus_System_2011.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiVirus System 2011

Command: C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiVirus System 2011] “C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe” /STARTUP

DDS Line:

uRun: [AntiVirus System 2011] C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiVirus System 2011″=C:\Documents and Settings\Username\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe

Description: core component of fake antivirus program named AntiVirus System 2011.

How to remove: use the AntiVirus System 2011 removal instructions.

What is palladium.exe, How to remove palladium.exe

Tuesday, January 4th, 2011

palladium.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: palladium
Filename: palladium.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | “Shell” = “%AppData%\palladium.exe”

Command: %AppData%\palladium.exe
Startup Type: HKCU->Winlogon->Shell
Description: core component of Palladium Pro. Palladium Pro is a fake security program (rogue antispyware).

How to remove: use the fake Palladium Pro removal instructions.

What is andy145.exe, How to remove andy145.exe

Thursday, December 9th, 2010

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: andy145
Filename: andy145.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | xuri49tkd

Command: C:\windows\andy145.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [xuri49tkd] C:\windows\andy145.exe

DDS Line:

mRun: [xuri49tkd] C:\windows\andy145.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“xuri49tkd”=C:\windows\andy145.exe

Description: malware

How to remove: use HijackThis + Kaspersky virus removal tool

What is cryptnet32.dll, How to remove cryptnet32.dll

Thursday, December 9th, 2010

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: cryptnet32
Filename: cryptnet32.dll
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet32

Command: C:\WINDOWS\SYSTEM32\cryptnet32.dll
Startup Type: Winlogon->Notify
HijackThis Category: O20
HijackThis Line:

O20 – Winlogon Notify: cryptnet32 – C:\WINDOWS\SYSTEM32\cryptnet32.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet32]
2010-12-08 17:31 48128 —-a-w- C:\WINDOWS\SYSTEM32\cryptnet32.dll

Description: Trojan:Win32/Lukicsel.H [Microsoft]

How to remove: use HijackThis + SUPERAntiSpyware

What is vz.exe, How to remove vz.exe

Monday, November 22nd, 2010

vz.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: vz
Filename: vz.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\vz.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\vz.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”

Command: %Appdata%\vz.exe
Startup Type: File associations
Description: main executable file of XP Antispyware 2011, Vista Antispyware 2011, Win 7 Antispyware 2011, XP Security 2011, Vista Security 2011, Win 7 Security 2011, XP Internet Security 2011, Vista Internet Security 2011, Win 7 Internet Security 2011, XP Antimalware 2011, Vista Antimalware 2011, Win 7 Antimalware 2011, XP Guard Vista Guard, Win 7 Guard. All programs are rogue antispyware.

How to remove: use these vz.exe removal instructions.

What is pw.exe, How to remove pw.exe

Thursday, November 18th, 2010

pw.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: pw
Filename: pw.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”

Command: %Appdata%\pw.exe
Startup Type: File associations
Description: main file of XP Antispyware 2011, Vista Antispyware 2011, Win 7 Antispyware 2011, XP Security 2011, Vista Security 2011, Win 7 Security 2011, XP Internet Security 2011, Vista Internet Security 2011, Win 7 Internet Security 2011, XP Antimalware 2011, Vista Antimalware 2011, Win 7 Antimalware 2011, XP Guard Vista Guard, Win 7 Guard. All programs are rogue antispyware.

How to remove: use these pw.exe removal instructions.