Archive for the 'Startup Type' Category

« Previous Entries
Next Entries »

What is sysclpro.exe, How to remove sysclpro.exe

Tuesday, December 29th, 2009

sysclpro.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sysclpro
Filename: sysclpro.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SystemCleanerPRO

Command: C:\Program Files\SystemCleanerPRO\sysclpro.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SystemCleanerPRO] “C:\Program Files\SystemCleanerPRO\sysclpro.exe” /autorun

DDS Line:

uRun: [SystemCleanerPRO] C:\Program Files\SystemCleanerPRO\sysclpro.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SystemCleanerPRO”=C:\Program Files\SystemCleanerPRO\sysclpro.exe [2009-04-01 931840]

Description: core component of SystemCleanerPRO. SystemCleanerPRO is a rogue antispyware program.

How to remove: use these SystemCleanerPRO removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is restore.exe, How to remove restore.exe

Tuesday, December 29th, 2009

restore.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: restore
Filename: restore.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Restore

Command: C:\Documents and Settings\All Users\Application Data\F\restore.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Restore] C:\Documents and Settings\All Users\Application Data\F\restore.exe

DDS Line:

uRun: [Restore] C:\Documents and Settings\All Users\Application Data\F\restore.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Restore”=C:\Documents and Settings\All Users\Application Data\F\restore.exe [2009-12-29 22528]

Description: core components of Antispyware Shield Pro. Antispyware Shield Pro is a rogue antispyware program.

How to remove: use these Antispyware Shield Pro removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is wivrs.exe, How to remove wivrs.exe

Sunday, December 27th, 2009

wivrs.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wivrs
Filename: wivrs.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5}

Command: c:\windows\system32\wivrs.exe
CLSID: {43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5}
Startup Type: Microsoft active setup
DDS Line:

mASetup: {43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5} – c:\windows\system32\wivrs.exe

Combofix:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5}]
c:\windows\system32\wivrs.exe

Description: trojan

How to remove: use Windows registry editor (regedit) + Malwarebytes` Anti-malware

Posted in Microsoft active setup, Trojan | No Comments »

What is Total PC Defender.exe, How to remove Total PC Defender.exe

Sunday, December 27th, 2009

Total PC Defender.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Total PC Defender
Filename: Total PC Defender.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Total PC Defender

Command: C:\Program Files\Total PC Defender\Total PC Defender.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Total PC Defender] C:\Program Files\Total PC Defender\Total PC Defender.exe

DDS Line:

mRun: [Total PC Defender] C:\Program Files\Total PC Defender\Total PC Defender.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Total PC Defender”=C:\Program Files\Total PC Defender\Total PC Defender.exe [2009-12-27 1247744]

Description: core component of Total PC Defender. Total PC Defender is a rogue antispyware program.

How to remove: use these Total PC Defender removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is pp14.exe, How to remove pp14.exe

Saturday, December 26th, 2009

pp14.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: pp14
Filename: pp14.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | pp

Command: C:\Windows\pp14.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [pp] C:\Windows\pp14.exe

DDS Line:

mRun: [pp] C:\Windows\pp14.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“pp”=C:\Windows\pp14.exe

Description: component of Koobface worm

How to remove: use these Koobface removal instructions.

Posted in O4, Run, Worm | No Comments »

What is APCProtect.exe, How to remove APCProtect.exe

Thursday, December 24th, 2009

APCProtect.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: APCProtect
Filename: APCProtect.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | APCProtect.exe

Command: C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [APCProtect.exe] C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe

DDS Line:

uRun: [APCProtect.exe] C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“APCProtect.exe”=C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe [2009-12-25 1798144]

Description: core component of APCProtect. APCProtect is a rogue antispyware program.

How to remove: use these APCProtect removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is H8SRT.sys, How to remove H8SRT.sys

Thursday, December 24th, 2009

H8SRT.sys is a harmful driver.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Driver name: H8SRT.sys
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys

Command: C:\WINDOWS\system32\drivers\H8SRT[random].sys
Startup Type: Driver
Description: trojan-rootkit also known as Rootkit.TDSS.

How to remove: use these H8SRT trojan removal instructions.

Posted in Driver, Rootkit, Trojan | No Comments »

What is Security Central.exe, How to remove Security Central.exe

Wednesday, December 23rd, 2009

Security Central.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Security Central
Filename: Security Central.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Security Central

Command: C:\Program Files\Security Central\Security Central.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Security Central] C:\Program Files\Security Central\Security Central.exe

DDS Line:

mRun: [Security Central] C:\Program Files\Security Central\Security Central.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Security Central”=C:\Program Files\Security Central\Security Central.exe

Description: core component of Security Central. Security Central is a rogue antispyware program.

How to remove: use these Security Central removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is Avg.exe, How to remove Avg.exe

Wednesday, December 23rd, 2009

Avg.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Avg
Filename: Avg.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Avg.exe

Command: C:\windows\Avg.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Avg.exe] C:\windows\Avg.exe

DDS Line:

uRun: [Avg.exe] C:\windows\Avg.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Avg.exe”=C:\windows\Avg.exe

Description: trojan also known as Trojan-Banker.Win32.Banker.etk [Kaspersky Lab], Trojan-Banker.Win32.Banker [Ikarus], TrojanSpy:Win32/Bancos.gen!C [Microsoft], Mal/DelpBanc-A, Mal/Banspy-F, Mal/Banspy-I [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, Trojan | 2 Comments »

What is ldfrmmd.exe, How to remove ldfrmmd.exe

Wednesday, December 23rd, 2009

ldfrmmd.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ldfrmmd
Filename: ldfrmmd.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cximddl

Command: C:\WINDOWS\system32\ldfrmmd.exe
Startup Type: HKCU->run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cximddl] C:\WINDOWS\system32\ldfrmmd.exe

DDS Line:

uRun: [cximddl] C:\WINDOWS\system32\ldfrmmd.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cximddl”=C:\WINDOWS\system32\ldfrmmd.exe

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, Trojan | No Comments »

« Previous Entries
Next Entries »