Archive for the 'Startup Type' Category
Friday, October 23rd, 2009
This is a harmful program.
Name: rise
Filename: rise.exe
Registry key:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8396306-163b-11de-acda-001a4df2dae2}
Command: F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\rise.exe
CLSID: {b8396306-163b-11de-acda-001a4df2dae2}
Startup Type: autorun.inf
Combofix/RSIT Line:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8396306-163b-11de-acda-001a4df2dae2}]
shell\AutoRun\command – F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\rise.exe
shell\open\command – F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\rise.exe
Description: a trojan that uses autorun.inf file to spread itself
How to remove: use these autorun.inf trojans removal instructions, after that manually remove rise.exe
Posted in autorun.inf, Trojan | No Comments »
Friday, October 23rd, 2009
IAPro.exe is a harmful program.
Name: IAPro
Filename: IAPro.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Internet Antivirus Pro
Command: command
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Internet Antivirus Pro] “c:\program files\Internet Antivirus Pro\IAPro.exe” /s
RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Internet Antivirus Pro”=c:\program files\Internet Antivirus Pro\IAPro.exe [2009-10-20 1567744]
Description: part of Internet Antivirus Pro. Internet Antivirus Pro is a rogue antispyware program.
How to remove: use these Internet Antivirus Pro removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Wednesday, October 21st, 2009
SoftVeteran.exe is a harmful program.
Name: SoftVeteran
Filename: SoftVeteran.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SoftVeteran
Command: C:\Program Files\SoftVeteran Software\SoftVeteran\SoftVeteran.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [SoftVeteran] C:\Program Files\SoftVeteran Software\SoftVeteran\SoftVeteran.exe -min
RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SoftVeteran”=C:\Program Files\SoftVeteran Software\SoftVeteran\SoftVeteran.exe [2009-10-22 830976]
Description: component of SoftVeteran. SoftVeteran is a rogue antispyware program.
How to remove: use these SoftVeteran removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Tuesday, October 20th, 2009
This is a harmful program.
Name: svcst
Filename: svcst.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | svchost
Command: C:\Documents and Settings\user\Application Data\svcst.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [svchost] C:\Documents and Settings\user\Application Data\svcst.exe
RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“svchost”=C:\Documents and Settings\user\Application Data\svcst.exe [2009-09-30 264192]
Description: component of trojan FakeAlert that installs rogue antispyware programs
How to remove: use Malwarebytes` Anti-malware
Posted in O4, Run, Trojan | No Comments »
Saturday, October 17th, 2009
SoftCop.exe is a harmful program.
Name: SoftCop
Filename: SoftCop.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SoftCop
Command: C:\Program Files\SoftCop Software\SoftCop\SoftCop.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [SoftCop] C:\Program Files\SoftCop Software\SoftCop\SoftCop.exe -min
RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SoftCop”=C:\Program Files\SoftCop Software\SoftCop\SoftCop.exe [2009-10-17 830976]
Description: part of SoftCop. SoftCop is a rogue antispyware program.
How to remove: use these SoftCop removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | 4 Comments »
Thursday, October 15th, 2009
pcscout.exe is a harmful program.
Name: pcscout
Filename: pcscout.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | PC Scout
Command: C:\Program Files\PC Scout\pcscout.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [PC Scout] “C:\Program Files\PC Scout\pcscout.exe” -noscan
RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“PC Scout”=C:\Program Files\PC Scout\pcscout.exe [2009-10-16 6025216]
Description: component of PC Scout. PC Scout is a rogue antispyware program.
How to remove: use these PC Scout removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Thursday, October 15th, 2009
SoftSoldier.exe is a harmful program.
Name: SoftSoldier
Filename: SoftSoldier.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SoftSoldier
Command: C:\Program Files\SoftSoldier Software\SoftSoldier\SoftSoldier.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [SoftSoldier] C:\Program Files\SoftSoldier Software\SoftSoldier\SoftSoldier.exe -min
Description: main file of SoftSoldier. SoftSoldier is a rogue antispyware program.
How to remove: use these SoftSoldier removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Wednesday, October 14th, 2009
asecurity.exe is a harmful program.
Name: asecurity
Filename: asecurity.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Active Security
Command: C:\Program Files\Active Security\asecurity.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Active Security] “C:\Program Files\Active Security\asecurity.exe” -noscan
RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Active Security”=C:\Program Files\Active Security\asecurity.exe -noscan
Description: part of Active Security. Active Security is a rogue antispyware program.
How to remove: use these Active Security removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Tuesday, October 13th, 2009
TrustFighter.exe is a harmful program.
Name: TrustFighter
Filename: TrustFighter.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TrustFighter
Command: C:\Program Files\TrustFighter Software\TrustFighter\TrustFighter.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [TrustFighter] C:\Program Files\TrustFighter Software\TrustFighter\TrustFighter.exe -min
RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“TrustFighter”=C:\Program Files\TrustFighter Software\TrustFighter\TrustFighter.exe
Description: main component of TrustFighter. TrustFighter is a rogue antispyware program.
How to remove: use these TrustFighter removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Saturday, October 10th, 2009
WindowsEDefender.exe is a harmful program.
Name: WindowsEDefender
Filename: WindowsEDefender.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Windows Enterprise Defender
Command: C:\Documents and Settings\All Users\Application Data\472f\WindowsEDefender.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Windows Enterprise Defender] “C:\Documents and Settings\All Users\Application Data\472f\WindowsEDefender.exe” /s /d
RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Windows Enterprise Defender”=C:\Documents and Settings\All Users\Application Data\472f\WindowsEDefender.exe [2009-10-09 2104832]
Description: main component of Windows Enterprise Defender. Windows Enterprise Defender is a rogue antispyware program.
How to remove: use these Windows Enterprise Defender removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
