Archive for the 'Startup Type' Category

« Previous Entries
Next Entries »

What is mstdl.exe, How to remove mstdl.exe

Thursday, November 5th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mstdl
Filename: mstdl.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | wsc

Command: C:\Program Files\msca\mstdl.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [wsc] C:\Program Files\msca\mstdl.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“wsc”=C:\Program Files\msca\mstdl.exe

Description: component of MaCatte Antivirus 2009. MaCatte Antivirus 2009 is a rogue antispyware program.

How to remove: use these MaCatte Antivirus 2009 removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is BlockProtector.exe, How to remove BlockProtector.exe

Wednesday, November 4th, 2009

BlockProtector.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: BlockProtector
Filename: BlockProtector.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BlockProtector.exe

Command: C:\Program Files\BlockProtector Software\BlockProtector\BlockProtector.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [BlockProtector.exe] C:\Program Files\BlockProtector Software\BlockProtector\BlockProtector.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“BlockProtector.exe”=C:\Program Files\BlockProtector Software\BlockProtector\BlockProtector.exe [2009-11-05 772608]

Description: core component of BlockProtector. BlockProtector is a rogue antispyware program.

How to remove: use these BlockProtector removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is logon.exe, How to remove logon.exe

Wednesday, November 4th, 2009

logon.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: logon
Filename: logon.exe
Startup Type: system.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe logon.exe

Description: trojan that installed with a rogue antispyware program

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in F2, system.ini, Trojan | No Comments »

What is sysnet.dll, How to remove sysnet.dll

Wednesday, November 4th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sysnet
Filename: sysnet.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | SysNet

Command: C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll
CLSID: {13E9115E-2CB0-4CAB-91D0-507E9368ED1B}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: SysNet – {13E9115E-2CB0-4CAB-91D0-507E9368ED1B} – C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll

RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SysNet – {13E9115E-2CB0-4CAB-91D0-507E9368ED1B} – C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll

Description: trojan agent that installed with a rogue antispyware program

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O21, ShellServiceObjectDelayLoad, Trojan | No Comments »

What is csrss1.dll, How to remove csrss1.dll

Wednesday, November 4th, 2009

csrss1.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: csrss1
Filename: csrss1.dll
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Csrss

Command: c:\windows\system32\csrss1.dll
Startup Type: Winlogon Notify
HijackThis Category: O20
HijackThis Line:

O20 – Winlogon Notify: Csrss – c:\windows\system32\csrss1.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Csrss]
2009-10-20 17:31 139264 —-a-w- c:\windows\system32\csrss1.dll

Description: unknown trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O20, Trojan, Winlogon\Notify | No Comments »

What is BlockKeeper.exe, How to remove BlockKeeper.exe

Tuesday, November 3rd, 2009

BlockKeeper.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: BlockKeeper
Filename: BlockKeeper.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | BlockKeeper

Command: C:\Program Files\BlockKeeper Software\BlockKeeper\BlockKeeper.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [BlockKeeper] C:\Program Files\BlockKeeper Software\BlockKeeper\BlockKeeper.exe -min

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“BlockKeeper”=C:\Program Files\BlockKeeper Software\BlockKeeper\BlockKeeper.exe [2009-11-03 830976]

Description: part of BlockKeeper. BlockKeeper is a rogue antispyware program.

How to remove: use these BlockKeeper removal insructions

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is BlockScanner.exe, How to remove BlockScanner.exe

Saturday, October 31st, 2009

BlockScanner.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: BlockScanner
Filename: BlockScanner.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | BlockScanner

Command: C:\Program Files\BlockScanner Software\BlockScanner\BlockScanner.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [BlockScanner] C:\Program Files\BlockScanner Software\BlockScanner\BlockScanner.exe -min

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“BlockScanner”=C:\Program Files\BlockScanner Software\BlockScanner\BlockScanner.exe [2009-10-31 830976]

Description: part of BlockScanner. BlockScanner is a rogue antispyware program.

How to remove: use these BlockScanner removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

Windows Enterprise Suite – WEb691.exe

Saturday, October 31st, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: WEb691
Filename: WEb691.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Windows Enterprise Suite

Command: C:\Documents and Settings\All Users\Application Data\b6918f6\WEb691.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Windows Enterprise Suite] “C:\Documents and Settings\All Users\Application Data\b6918f6\WEb691.exe” /s /d

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Windows Enterprise Suite”=C:\Documents and Settings\All Users\Application Data\b6918f6\WEb691.exe [2009-10-30 1897472]

Description: part of Windows Enterprise Suite. Windows Enterprise Suite is a rogue antispyware program.

How to remove: use these Windows Enterprise Suite removal instructions

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is BlockWatcher.exe, How to remove BlockWatcher.exe

Saturday, October 31st, 2009

BlockWatcher.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: BlockWatcher
Filename: BlockWatcher.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | BlockWatcher

Command: C:\Program Files\BlockWatcher Software\BlockWatcher\BlockWatcher.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [BlockWatcher] C:\Program Files\BlockWatcher Software\BlockWatcher\BlockWatcher.exe -min

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“BlockWatcher”=C:\Program Files\BlockWatcher Software\BlockWatcher\BlockWatcher.exe [2009-10-28 786944]

Description: part of BlockWatcher. BlockWatcher is a rogue antispyware program.

How to remove: use these BlockWatcher removal instructions

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is siglsp.dll, How to remove siglsp.dll

Wednesday, October 28th, 2009

siglsp.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: siglsp
Filename: siglsp.dll
Command: c:\program files\desktop defender 2010\siglsp.dll
Startup Type: Winsock LSP
HijackThis Category: O10
HijackThis Line:

O10 – Unknown file in Winsock LSP: c:\program files\desktop defender 2010\siglsp.dll

Description: a component of Desktop Defender 2010 (rogue antispyware program)

How to remove: use these Desktop Defender 2010 removal instructions

Posted in LSP, O10, Rogue Antispyware/Antivirus | No Comments »

« Previous Entries
Next Entries »