Archive for the 'Startup Type' Category

What is sysmon64x.exe, How to remove sysmon64x.exe

Wednesday, April 28th, 2010

sysmon64x.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sysmon64x
Filename: sysmon64x.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | sysmon64x.exe

Command: %Temp%\sysmon64x.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [sysmon64x.exe] C:\DOCUME~1\user\LOCALS~1\Temp\sysmon64x.exe

DDS Line:

uRun: [sysmon64x.exe] C:\DOCUME~1\user\LOCALS~1\Temp\sysmon64x.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“sysmon64x.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\sysmon64x.exe

Description: trojan FakeAlert that installed with Digital Protection. Digital Protection is a rogue antispyware program.

How to remove: use these Digital Protection removal instructions.

What is monxga32.exe, How to remove monxga32.exe

Saturday, April 24th, 2010

monxga32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: monxga32
Filename: monxga32.exe
Command: %UserProfile%\start menu\programs\startup\monxga32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: monxga32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\monxga32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
monxga32.exe

Description: a trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is forcedos64.exe, How to remove forcedos64.exe

Friday, April 23rd, 2010

forcedos64.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: forcedos64
Filename: forcedos64.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | forcedos64.exe

Command: %Temp%\forcedos64.exe
Startup Type: HKCU_>Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [forcedos64.exe] C:\DOCUME~1\Gemma\LOCALS~1\Temp\forcedos64.exe

DDS Line:

uRun: [forcedos64.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\forcedos64.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“forcedos64.exe”=C:\DOCUME~1\comp\LOCALS~1\Temp\forcedos64.exe

Description: trojan FakeAlert that installed with Digital Protection. Digital Protection is a rogue antispyware program.

How to remove: use these Digital Protection removal instructions.

My Security Engine – MS515.exe – Removal info

Friday, April 23rd, 2010

My Security Engine is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: MS{random}
Filename: MS{random}.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | My Security Engine

Command: C:\Documents and Settings\All Users\Application Data\{random}\MS{random}.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [My Security Engine] “C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe” /s /d

DDS Line:

uRun: [My Security Engine] C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“My Security Engine”=C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe

Description: core component of My Security Engine. My Security Engine is a rogue antispyware program.

How to remove: use these My Security Engine removal instructions.

What is newupdate1142C.exe, How to remove newupdate1142C.exe

Wednesday, April 21st, 2010

newupdate1142C.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: newupdate1142C
Filename: newupdate1142C.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | newupdate1142C.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | newupdate1142c .exe

Command:

C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe
c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe

Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [newupdate1142C.exe] C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe
O4 – HKCU\..\Run: [newupdate1142c .exe] c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe

DDS Line:

uRun: [newupdate1142C.exe] C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe
uRun: [newupdate1142c .exe] c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“newupdate1142C.exe”=C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe [2010-04-19 31232]
“newupdate1142c .exe”=c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe [2010-04-19 31232]

Description: a trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is geurge.exe, How to remove geurge.exe

Wednesday, April 21st, 2010

geurge.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: geurge
Filename: geurge.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ewrgetuj

Command: %Temp%\geurge.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [ewrgetuj] C:\DOCUME~1\user\LOCALS~1\Temp\geurge.exe

DDS Line:

mRun: [ewrgetuj] C:\DOCUME~1\user\LOCALS~1\Temp\geurge.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“ewrgetuj”=C:\DOCUME~1\user\LOCALS~1\Temp\geurge.exe

Description: a trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is hspe.uvo, How to remove hspe.uvo

Wednesday, April 21st, 2010

hspe.uvo is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: hspe
Filename: hspe.uvo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe, rundll32.exe hspe.uvo bnjpid
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe, rundll32.exe hspe.uvo bnjpid

Description: component of a trojan that also known as Backdoor.Bredolab [PCTools], Mal/EncPk-NS, Mal/FakeAV-BW, Mal/FakeAV-DF, Mal/FakeAV-BW [Sophos], packed with: PE_Patch.UPX [Kaspersky Lab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is app_dll.dll, How to remove app_dll.dll

Monday, April 19th, 2010

app_dll.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: app_dll
Filename: C:\Windows\System32\app_dll.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS

Command: command
Startup Type: AppInit DLLs
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: app_dll.dll

DDS Line:

AppInit_DLLs: app_dll.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\app_dll.dll”

Description: a trojan that also known as Trojan.Win32.Vilsel.rqn [Kaspersky Lab], Mal/Generic-A [Sophos]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is awxm.vho, How to remove awxm.vho

Monday, April 19th, 2010

awxm.vho is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: awxm
Filename: awxm.vho
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe awxm.vho rlvgf
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe awxm.vho rlvgf

Description: component of a trojan that also known as Backdoor.Bredolab [PCTools], Mal/EncPk-NS, Mal/FakeAV-BW, Mal/FakeAV-DF, Mal/FakeAV-BW [Sophos], packed with: PE_Patch.UPX [Kaspersky Lab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is ngts.vao, How to remove ngts.vao

Friday, April 16th, 2010

ngts.vao is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ngts
Filename: ngts.vao
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe ngts.vao uvibls
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe ngts.vao uvibls

Description: component of a trojan that also known as Backdoor.Bredolab [PCTools], Mal/EncPk-NS, Mal/FakeAV-BW, Mal/FakeAV-DF, Mal/FakeAV-BW [Sophos], packed with: PE_Patch.UPX [Kaspersky Lab]

How to remove: use HijackThis + Malwarebytes` Anti-malware