Archive for the 'Startup Type' Category
Monday, April 27th, 2009
This is a harmful program.
Name: Malware Doctor
Filename: Malware Doctor.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Alcmtr
Command: C:\Program Files\Malware Doctor\Malware Doctor.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Alcmtr] C:\Program Files\Malware Doctor\Malware Doctor.exe
Description: main file of Malware Doctor (rogue antispyware program)
How to remove: use the instructions How to remove MalwareDoc or Malware Doctor (Delete instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Sunday, April 26th, 2009
This is a harmful program.
Name: UACd
Filename: UACd.sys
Registry key:
HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_UACd.sys
Startup Type: hidden driver
Description: trojan that uses rootkit-specific techniques designed to hide itself.
How to remove: use the instruction How to remove windowsclick.com redirect [UACd.sys trojan]
Posted in Driver, Rootkit, Trojan | No Comments »
Sunday, April 26th, 2009
This is a harmful program.
Name: gaopdxserv
Filename: gaopdxserv.sys
Registry key:
HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_gaopdxserv.sys
Startup Type: hidden driver
Description:variant of TDSSserv trojan (uses rootkit-specific techniques designed to hide the software presence in the system.)
How to remove: use the instruction How to remove Google searches redirect/vimax ads [gaopdxserv.sys trojan]
Posted in Driver, Rootkit, Trojan | No Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: winav
Filename: winav.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysav
Command: %UserProfile%\Application Data\winav.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [sysav] %UserProfile%\Application Data\winav.exe
Description: main file of WinPC Antivirus (rogue antispyware)
How to remove: use the instruction How to remove WinPC Antivirus (Uninstall instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: lsascs
Filename: lsascs.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | System Protector
Command: %UserProfile%\Application Data\lsascs.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [System Protector] %UserProfile%\Application Data\lsascs.exe
Description: component of System Protector
How to remove: use the instructions How to remove System Protector (Uninstall instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: winsource
Filename: winsource.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}
Command: C:\WINDOWS\system32\winsource.dll
CLSID: {D263FA6D-84CC-48A8-9AF6-C664362B7A5B}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: &Research – {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} – C:\WINDOWS\system32\winsource.dll
Description: trojan.bho, installed with Total Security
How to remove: use the instruction How to remove Total Security (Uninstall instructions)
Posted in BHO, O2, Rogue Antispyware/Antivirus, Trojan | 2 Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: tsc
Filename: tsc.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | random_name
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TS
Command:
C:\Program Files\TSC\tsc.exe
C:\Program Files\TS\tsc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [12840894984709702141078366734454] C:\Program Files\TSC\tsc.exe
O4 – HKCU\..\Run: [TS] C:\Program Files\TS\tsc.exe
Description: main file of Total Security (rogue antispyware program)
How to remove: use the instructions How to remove Total Security (Uninstall instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: pas
Filename: pas.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | P Antispyware 09
Command: C:\Program Files\P Antispyware 09\pas.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [P Antispyware 09] C:\Program Files\P Antispyware 09\pas.exe /autorun
Description: main file of PAntispyware09 (rogue antispyware program)
How to remove: use the instructions How to remove PAntispyware09 or P Antispyware 09 (Uninstall instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: sysshield
Filename: sysshield.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Windows applications server
Command: c:\windows\system32\sysshield.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Windows applications server] c:\windows\system32\sysshield.exe
Description: trojan, component of Antivirus09 (rogue antispyware software)
How to remove: use the instruction How to remove Antivirus’09 (Uninstall instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: ExtraAV
Filename: ExtraAV.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Extra Antivirus
Startup Type: HKCU->Run
HijackThis Category: O4
Description: main file of Extra Antivirus (rogue antispyware program)
How to remove: use the instructions How to uninstall Extra Antivirus (Removal instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
