Archive for the 'autorun.inf' Category

What is cgaqyi.exe, How to remove cgaqyi.exe

Thursday, June 24th, 2010

cgaqyi.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: cgaqyi
Filename: cgaqyi.exe
Command: c:\cgaqyi.exe
Startup Type: autorun.inf
Notes: a trojan that uses autorun.inf file to run itself

How to remove: use the autorun.inf trojan removal instructions

What is 9fo3ar0j.exe, How to remove 9fo3ar0j.exe

Thursday, January 21st, 2010

9fo3ar0j.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: 9fo3ar0j
Filename: 9fo3ar0j.exe
Command: c:\9fo3ar0j.exe
Startup Type: autorun.inf
Description: autorun.inf trojan also known as Mal/Generic-A [Sophos], PWS.Win32 [Ikarus], packed with ASPack [Kaspersky Lab]. The trojan is installed with herss.exe trojan.

How to remove: use these autorun.inf trojans removal instructions + run Kaspersky virus removal tool

What is pbudsara.exe, How to remove pbudsara.exe

Tuesday, December 1st, 2009

pbudsara.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: pbudsara
Filename: pbudsara.exe
Command: c:\pbudsara.exe
Startup Type: autorun.inf
Description: trojan that using autorun.inf files to spread inself

How to remove: use these autorun.inf trojans removal instructions

What is herss.exe, How to remove herss.exe

Tuesday, December 1st, 2009

herss.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: herss
Filename: herss.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cdoosoft

Command: %Temp%\herss.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cdoosoft] %Temp%\herss.exe

DDS Line:

uRun: [cdoosoft] %Temp%\herss.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cdoosoft”=%Temp%\herss.exe

Description: trojan also known as Trojan-GameThief.Win32.Magania.cmla [Kaspersky Lab], Mal/Taterf-A [Sophos], Worm:Win32/Taterf.B [Microsoft], Trojan.Win32.Inhoo [Ikarus]

How to remove: use HijackThis + these autorun.inf trojans removal instructions.

What is rise.exe, How to remove rise.exe

Friday, October 23rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: rise
Filename: rise.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8396306-163b-11de-acda-001a4df2dae2}

Command: F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\rise.exe
CLSID: {b8396306-163b-11de-acda-001a4df2dae2}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8396306-163b-11de-acda-001a4df2dae2}]
shell\AutoRun\command – F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\rise.exe
shell\open\command – F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\rise.exe

Description: a trojan that uses autorun.inf file to spread itself

How to remove: use these autorun.inf trojans removal instructions, after that manually remove rise.exe

ise32.exe is autorun.inf trojan

Sunday, September 20th, 2009

ise32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ise32
Filename: ise32.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dac57b3a-30d1-11dd-ad23-0008a1a9244d}

Command: E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
CLSID: {dac57b3a-30d1-11dd-ad23-0008a1a9244d}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dac57b3a-30d1-11dd-ad23-0008a1a9244d}]
shell\AutoRun\command – E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command – E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Description: autorun.inf trojan also known as Trojan-DDoS.Win32.Agent

How to remove: use these autorun.inf trojans removal instructions + use Kaspersky virus removal tool

jwgkvsq.vmx is component of Conficker worm

Sunday, July 26th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: jwgkvsq
Filename: jwgkvsq.vmx
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adaa1c54-332e-11de-bf44-001c25045ca7}

Command: F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
CLSID: {adaa1c54-332e-11de-bf44-001c25045ca7}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adaa1c54-332e-11de-bf44-001c25045ca7}]
shell\AutoRun\command – C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

Description: component of Conficker worm also known as Kido worm

How to remove: use these Conficker removal instructions

brzycg.exe is an autorun.inf trojan

Friday, June 12th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: brzycg
Filename: brzycg.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {fd700ec2-fc05-11dd-b448-001fd00766ec}

CLSID: {fd700ec2-fc05-11dd-b448-001fd00766ec}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd700ec2-fc05-11dd-b448-001fd00766ec}]
shell\AutoRun\command – brzycg.exe
shell\explore\command – brzycg.exe
shell\open\command – brzycg.exe

Description: an autorun.inf trojan

How to remove: read the article – How to remove trojans that uses autorun.inf file

uxdeiect.com is malware, autorun.inf trojan

Monday, March 30th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: uxdeiect
Filename: uxdeiect.com
CLSID: {8e508249-a76f-11dd-8359-001e4cf19625}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e508249-a76f-11dd-8359-001e4cf19625}]
shell\AutoRun\command – uxdeiect.com
shell\explore\command – uxdeiect.com
shell\open\command – uxdeiect.com

Description: malware (autorun.inf trojan)

How to remove: use the instructions How to remove trojans that uses autorun.inf file + manually remove the file.

printer.exe is a malware, autorun.inf trojan

Monday, March 30th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: printer
Filename: printer.exe
CLSID: {86d2e059-9871-11dd-94d9-001e4cf19625}
Startup Type: autorun.inf

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86d2e059-9871-11dd-94d9-001e4cf19625}]
shell\Auto\command – F:\printer.exe
shell\AutoRun\command – C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\printer.exe

Description: malware (autorun.inf trojan)

How to remove: use the instructions How to remove trojans that uses autorun.inf file + manually remove the file.