Archive for the 'RunOnce' Category

What is upd_debug.exe, How to remove upd_debug.exe

Sunday, July 25th, 2010

upd_debug.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: upd_debug
Filename: upd_debug.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | *upd_debug.exe

Command: %AppData%\{RANDOM}\upd_debug.exe
Startup Type: HKLM->RunOnce
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\RunOnce: [*upd_debug.exe] “C:\Documents and Settings\user\Application Data\5E61DD380A45D30866E01CB0F8ECDE89\upd_debug.exe”

DDS Line:

mRunOnce: [*upd_debug.exe] “C:\Documents and Settings\user\Application Data\5E61DD380A45D30866E01CB0F8ECDE89\upd_debug.exe”

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“*upd_debug.exe”=C:\Documents and Settings\user\Application Data\5E61DD380A45D30866E01CB0F8ECDE89\upd_debug.exe

Description: core component of Antimalware Doctor (rogue antispyware)

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is livemessenger.exe, How to remove livemessenger.exe

Saturday, January 23rd, 2010

livemessenger.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: livemessenger
Filename: livemessenger.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Microsoft Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | Microsoft Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx | Microsoft Update

Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Update] livemessenger.exe

DDS Line:

mRun: [Microsoft Update] livemessenger.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Update”=livemessenger.exe

Description: Backdoor.Win32.Rbot.bll [Kaspersky Lab], W32.IRCBot [Symantec], W32/Sdbot.worm.gen.t [McAfee]

How to remove: use HijackThis + Kaspersky virus removal tool

rkgnd.exe is component of ANG AntiVirus 09

Sunday, March 1st, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: rkgnd
Filename: rkgnd.exe
Command: C:\Program Files\Common Files\System\mgnc\rkgnd.exe
Startup Type:HKLM->RunOnce
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\RunOnce: [39173992539183281] C:\Program Files\Common Files\System\mgnc\rkgnd.exe

Description: component of ANG AntiVirus 09

How to remove: use these instructions How to remove ANG AntiVirus 09 or use HijackThis