Archive for the 'Startup Type' Category
Saturday, June 27th, 2009
This is a harmful program.
Name: sysmonnt
Filename: sysmonnt.exe
Registry key:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysmonnt
Command: C:\WINDOWS\System32\sysmonnt
Startup Type: startupreg
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysmonnt]
C:\WINDOWS\System32\sysmonnt
Description: spyware component
Posted in startupreg | No Comments »
Saturday, June 27th, 2009
This is a harmful program.
Name: paumrt32
Filename: paumrt32.exe
Registry key:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ho29RhH5e
CLSID: startupreg
Startup Type:
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ho29RhH5e]
paumrt32.exe
Description: Unknown trojan
Posted in startupreg, Trojan | No Comments »
Saturday, June 27th, 2009
This is a harmful program.
Name: net
Filename: net.net
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | net
Command: C:\WINDOWS\system32\net.net
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [net] “C:\WINDOWS\system32\net.net”
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“net”=C:\WINDOWS\system32\net.net
Description: unknown trojan, usually installed with rogue antispyware software
How to remove: use HijackThis
Posted in O4, Run, Trojan | No Comments »
Saturday, June 27th, 2009
This is a harmful program.
Name: liser
Filename: liser.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | kell
Command: c:\program Files\Manson\liser.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKUS\S-1-5-18\..\Run: [kell] C:\Program Files\Manson\liser.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [kell] C:\Program Files\Manson\liser.exe (User ‘Default user’)
O4 – HKCU\..\Run: [kell] c:\program Files\Manson\liser.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“kell”=c:\program Files\Manson\liser.exe
Description: trojan that installed with rogue antivirus/antispyware apps.
How to remove: use Malwarebytes Antimalware
Posted in O4, Run, Trojan | No Comments »
Saturday, June 27th, 2009
This is a harmful program.
Name: liser
Filename: liser.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS
Command: c:\progra~1\Manson\liser.dll
Startup Type: AppInit DLL
HijackThis Category: O20
HijackThis Line:
O20 – AppInit_DLLs: c:\progra~1\Manson\liser.dll
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”c:\progra~1\Manson\liser.dll”
Description: trojan agent [Malwarebytes Anti-malware]
How to remove: use Malwarebytes Antimalware
Posted in AppInit DLLs, O20, Trojan | No Comments »
Saturday, June 27th, 2009
This is a harmful program.
Name: msncache
Startup Type: Service (svchost)
Combofix/RSIT Line:
R2 msncache;msncache; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
Description: Unknown trojan component
Posted in Service, SvcHost, Trojan | No Comments »
Saturday, June 27th, 2009
This is a harmful program.
Name: sopidkc
Filename: sopidkc.exe
Command: C:\WINDOWS\system32\sopidkc.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:
O23 – Service: sopidkc Service (sopidkc) – Elecard Lt – C:\WINDOWS\system32\sopidkc.exe
Combofix/RSIT Line:
R2 sopidkc;sopidkc Service; C:\WINDOWS\system32\sopidkc.exe [2004-08-18 124928]
Description: Virus, identified as Backdoor:Win32/Refpron.gen!C [Microsoft], Troj/Comsa-C [Sophos], New Win32 [McAfee], Packed.Win32.Koblu.b [Kaspersky Lab]
Posted in O23, Service, Virus | No Comments »
Friday, June 26th, 2009
This is a harmful program.
Name: SysShield
Filename: SysShield.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Windows applications server
Command: C:\WINDOWS\system32\SysShield.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Windows applications server] C:\WINDOWS\system32\SysShield.exe
Description: component of Antivirus Protection (rogue antivirus/antispyware program)
How to remove: use these Antivirus Protection removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Friday, June 26th, 2009
This is a harmful program.
Name: AVP
Filename: AVP.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | AntiVirus Protection
Command: C:\Program Files\AntiVirus Protection\AVP.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [AntiVirus Protection] C:\Program Files\AntiVirus Protection\AVP.exe
Description: main file of Antivirus Protection (rogue antivirus/antispyware program)
How to remove: use these Antivirus Protection removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Monday, June 22nd, 2009
This is a harmful program.
Name: MD[random]
Filename: MD[random].exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Malware Destructor 2009
Command: C:\Documents and Settings\All Users\Application Data\f5bc4e8\MDf5bc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Malware Destructor 2009] “C:\Documents and Settings\All Users\Application Data\f5bc4e8\MDf5bc.exe” /s /d
Description: main file of Malware Destructor 2009 (rogue antispyware program). Uses random file names for hide itself.
How to remove: use these Malware Destructor 2009 removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
