Archive for the 'Startup Type' Category

« Previous Entries
Next Entries »

What is alggui.exe, How to remove alggui.exe

Wednesday, February 3rd, 2010

alggui.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: alggui
Filename: alggui.exe
Registry key:

HKEY_CLASSES_ROOT\exefile\shell\open\command

Command: C:\Program Files\alggui.exe
Startup Type: File associations
DDS/Combofix/RSIT Line:

.exe – open – C:\Program Files\alggui.exe “%1” %*

Description: component of Your PC Protector. Your PC Protector is a rogue antispyware program.

How to remove: use these Your PC Protector removal instructions.

Posted in File associations, Rogue Antispyware/Antivirus | No Comments »

What is adc32.dll, How to remove adc32.dll

Wednesday, February 3rd, 2010

adc32.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: adc32
Filename: adc32.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}

Command: C:\Program Files\adc32.dll
CLSID: {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: ICQSys (ADC PlugIn) – {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} – C:\Program Files\adc32.dll

DDS Line:

BHO: ADC PlugIn: {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} – C:\Program Files\adc32.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}]
ADC PlugIn – C:\Program Files\adc32.dll [2010-02-04 958464]

Description: malicious BHO addon to Internet Explorer that installed by Your PC Protector. Your PC Protector is a rogue antispyware program.

How to remove: use these Your PC Protector removal instructions.

Posted in BHO, O2, Rogue Antispyware/Antivirus | No Comments »

What is GuardWWW.exe, How to remove GuardWWW.exe

Wednesday, February 3rd, 2010

GuardWWW.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: GuardWWW
Filename: GuardWWW.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | GuardWWW

Command: C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [GuardWWW] C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe -min

DDS Line:

uRun: [GuardWWW] C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“GuardWWW”=C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe

Description: core component of GuardWWW. GuardWWW is a rogue antispyware program.

How to remove: use these GuardWWW removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

Antivirus Soft – [random]sysguard.exe

Saturday, January 30th, 2010

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: [random]sysguard
Filename: [random]sysguard.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | [random]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | [random]

Command: %UserProfile%\Local Settings\Application Data\[random]\[random]sysguard.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
O4 – HKCU\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

DDS Line:

mRun: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
uRun: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“[random]“=C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“[random]“=C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

Description: core part of Antivirus Soft. Antivirus Soft is a rogue antispyware program.

How to remove: use these Antivirus Soft removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is extrac64_cab.exe, How to remove extrac64_cab.exe

Saturday, January 30th, 2010

extrac64_cab.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: extrac64_cab
Filename: extrac64_cab.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | extrac64_cab.exe

Command: %UserProfile%\temp\extrac64_cab.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [extrac64_cab.exe] C:\DOCUME~1\user\LOCALS~1\Temp\extrac64_cab.exe

DDS Line:

uRun: [extrac64_cab.exe] c:\dokume~1\user\lokale~1\temp\extrac64_cab.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“extrac64_cab.exe”=c:\dokume~1\user\lokale~1\temp\extrac64_cab.exe

Description: new variant of cls_pack.exe trojan. It also known as HeurEngine.MaliciousPacker [PCTools], Packed.Generic.277 [Symantec], Trojan-Downloader.Win32.FraudLoad.wxry [Kaspersky Lab], Mal/Generic-A [Sophos], Trojan-Downloader.Win32.FraudLoad [Ikarus]

How to remove: use these extrac64_cab.exe removal instructions.

Posted in O4, Run, Trojan | No Comments »

What is MyPcSecure.exe, How to remove MyPcSecure.exe

Saturday, January 30th, 2010

MyPcSecure.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: MyPcSecure
Filename: MyPcSecure.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | MyPcSecure

Command: C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [MyPcSecure] C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe -min

DDS Line:

uRun: [MyPcSecure] C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“MyPcSecure”=C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe

Description: core part of MyPcSecure. MyPcSecure is a rogue antispyware program.

How to remove: use these MyPcSecure removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is 0021.DLL, How to remove 0021.DLL

Friday, January 29th, 2010

0021.DLL is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: 0021
Filename: 0021.DLL
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | CrntDLL

Command: C:\WINDOWS\system32\0021.DLL
Startup Type: AppInit_DLLs + CrntDLL
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\0021.DLL

DDS Line:

AppInit_DLLs: C:\WINDOWS\system32\0021.DLL

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\0021.DLL”

Description: trojan also known as Trojan-Spy.Win32.Delf.hvj [Kaspersky Lab], BackDoor-BAC [McAfee], Troj/Bckdr-RAP [Sophos], Trojan:Win32/Witkinat.A [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in AppInit DLLs, CrntDLL, O20, Trojan | No Comments »

What is 0020.DLL, How to remove 0020.DLL

Friday, January 29th, 2010

0020.DLL is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: 0020
Filename: 0020.DLL
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | CrntDLL

Command: C:\WINDOWS\system32\0020.DLL
Startup Type: AppInit_DLLs + CrntDLL
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\0020.DLL

DDS Line:

AppInit_DLLs: C:\WINDOWS\system32\0020.DLL

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\0020.DLL”

Description: trojan also known as Trojan-Spy.Win32.Delf.hvj [Kaspersky Lab], BackDoor-BAC [McAfee], Troj/Bckdr-RAP [Sophos], Trojan:Win32/Witkinat.A [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in AppInit DLLs, CrntDLL, O20, Trojan | No Comments »

What is 0019.DLL, How to remove 0019.DLL

Friday, January 29th, 2010

0019.DLL is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: 0019
Filename: 0019.DLL
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS

Command: C:\WINDOWS\system32\0019.DLL
Startup Type: AppInit_DLLs
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\0019.DLL

DDS Line:

AppInit_DLLs: C:\WINDOWS\system32\0019.DLL

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\0019.DLL”

Description: trojan agent

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in AppInit DLLs, O20, Trojan | No Comments »

Antivir 2010 – Antivir.exe

Friday, January 29th, 2010

Antivir.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Antivir
Filename: Antivir.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AV

Command: C:\Program Files\AV\Antivir.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe

DDS Line:

uRun: [AV] C:\Program Files\AV\Antivir.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AV”=C:\Program Files\AV\Antivir.exe

Description: core component of Antivir 2010. Antivir 2010 is a rogue antispyware program.

How to remove: use these Antivir 2010 removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

« Previous Entries
Next Entries »