Archive for the 'Startup Type' Category

What is gotnewupdate.exe, How to remove gotnewupdate.exe

Wednesday, May 19th, 2010

gotnewupdate.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: gotnewupdate
Filename: gotnewupdate.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | gotnewupdate.exe

Command: %AppData%\{RANDOM}\gotnewupdate.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [gotnewupdate.exe] C:\Documents and Settings\user\Application Data\601860124168C493D6893E2E5A73834D\gotnewupdate.exe

DDS Line:

uRun: [gotnewupdate.exe] C:\Documents and Settings\user\Application Data\601860124168C493D6893E2E5A73834D\gotnewupdate.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“gotnewupdate.exe”=C:\Documents and Settings\user\Application Data\601860124168C493D6893E2E5A73834D\gotnewupdate.exe

Description: component of Antimalware Doctor. Antimalware Doctor is a rogue (fake) antispyware program.

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is srnh.lto, How to remove srnh.lto

Wednesday, May 19th, 2010

srnh.lto is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: srnh
Filename: srnh.lto
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe srnh.lto iqfnr
CLSID: clsid
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe srnh.lto iqfnr

Description: component of Win32/Oficla trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is drwat32.exe, How to remove drwat32.exe

Wednesday, May 19th, 2010

drwat32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: drwat32
Filename: drwat32.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | Dr.Watson

Command: %WinDir%\system32\drwat32.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Policies\Explorer\Run: [Dr.Watson] C:\WINDOWS\system32\drwat32.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“Dr.Watson”=C:\WINDOWS\system32\drwat32.exe

Description: malware

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is gotnewupdate000.exe, How to remove gotnewupdate000.exe

Tuesday, May 18th, 2010

gotnewupdate000.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: gotnewupdate000
Filename: gotnewupdate000.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | gotnewupdate000.exe

Command: %APPDATA%\{RANDOM}\gotnewupdate000.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [gotnewupdate000.exe] C:\Documents and Settings\user\Application Data\764706A6742683A633F32D25CA727117\gotnewupdate000.exe

DDS Line:

uRun: [gotnewupdate000.exe] C:\Documents and Settings\user\Application Data\764706A6742683A633F32D25CA727117\gotnewupdate000.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“gotnewupdate000.exe”=C:\Documents and Settings\user\Application Data\764706A6742683A633F32D25CA727117\gotnewupdate000.exe [2010-05-17 726528]

Description: core component of Antimalware Doctor. Antimalware Doctor is a rogue antispyware program.

How to remove: use HijackThis + the Antimalware Doctor removal instructions.

What is LiveSS.exe, How to remove LiveSS.exe

Sunday, May 16th, 2010

LiveSS.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: LiveSS
Filename: LiveSS.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Live Security Suite

Command: C:\Program Files\Live Security Suite\LiveSS.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Live Security Suite] “C:\Program Files\Live Security Suite\LiveSS.exe” /s

DDS Line:

uRun: [Live Security Suite] C:\Program Files\Live Security Suite\LiveSS.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Live Security Suite”=C:\Program Files\Live Security Suite\LiveSS.exe

Description: core component of Live Security Suite. Live Security Suite is a rogue antispyware program.

How to remove: use these Live Security Suite removal instructions.

What is wwwzuc32.exe, How to remove wwwzuc32.exe

Thursday, May 13th, 2010

wwwzuc32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wwwzuc32
Filename: wwwzuc32.exe
Command: %UserProfile%\start menu\programs\startup\wwwzuc32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: wwwzuc32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\wwwzuc32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
wwwzuc32.exe

Description: trojan downloader

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is napstatxt.exe, How to remove napstatxt.exe

Tuesday, May 11th, 2010

napstatxt.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: napstatxt
Filename: napstatxt.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | napstatxt.exe

Command: %Temp%\napstatxt.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [napstatxt.exe] C:\DOCUME~1\user\LOCALS~1\Temp\napstatxt.exe

DDS Line:

uRun: [napstatxt.exe] C:\DOCUME~1\user\LOCALS~1\Temp\napstatxt.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“napstatxt.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\napstatxt.exe

Description: trojan FakeAlert that installed with Data Protection. Data Protection is a rogue antispyware program.

How to remove: use these Data Protection removal instructions.

What is datprot.exe, How to remove datprot.exe

Friday, May 7th, 2010

datprot.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: datprot
Filename: datprot.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Data Protection

Command: C:\Program Files\Data Protection\datprot.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Data Protection] “C:\Program Files\Data Protection\datprot.exe” -noscan

DDS Line:

uRun: [Data Protection] C:\Program Files\Data Protection\datprot.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Data Protection”=C:\Program Files\Data Protection\datprot.exe

Description: core component of Data Protection. Data Protection is a rogue antispyware program.

How to remove: use these Data Protection removal instructions.

What is A-fast.exe, How to remove A-fast.exe

Tuesday, May 4th, 2010

A-fast.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: A-fast
Filename: A-fast.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | fast

Command: C:\Program Files\A-fast\A-fast.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [fast] C:\Program Files\A-fast\A-fast.exe

DDS Line:

uRun: [fast] C:\Program Files\A-fast\A-fast.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“fast”=C:\Program Files\A-fast\A-fast.exe

Description: core component of A-fast Antivirus. A-fast Antivirus is a rogue antispyware program.

How to remove: use these A-fast Antivirus removal instructions.

What is QZAIB7KITK, How to remove QZAIB7KITK

Thursday, April 29th, 2010

QZAIB7KITK is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: {random}
Filename: {random}.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | QZAIB7KITK

Command: %Temp%\{random}.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [QZAIB7KITK] C:\DOCUME~1\user\LOCALS~1\Temp\Qfn.exe

DDS Line:

uRun: [QZAIB7KITK] C:\DOCUME~1\user\LOCALS~1\Temp\Qfn.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“QZAIB7KITK”=C:\DOCUME~1\user\LOCALS~1\Temp\Qfn.exe

Description: a trojan that also known as Mal/FakeAV-CX [Sophos], TrojanDownloader:Win32/Renos.KF [Microsoft], Trojan-Downloader.Win32.Renos [Ikarus], Win-Trojan/Fakeav.164352.AL [AhnLab]

How to remove: use HijackThis + Malwarebytes` Anti-malware