HT Logs. Tips, FAQs, Analyze.

sshnas21.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sshnas21
Filename: sshnas21.dll
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | LosAlamos
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSHNAS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSHNAS

Command: C:\Windows\System32\sshnas21.dll
Startup Type: Service
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,DllWork

Combofix/RSIT Line:

S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe

Description: this is a new version of sshnas.dll trojan (trojan FakeAlert)

How to remove: use these sshnas.dll removal instructions.

winsts.sys is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winsts
Filename: winsts.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsts

Command: c:\windows\system32\winsts.sys
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: winsts (winsts) – – C:\WINDOWS\system32\winsts.sys

DDS/Combofix/RSIT Line:

S3 winsts;winsts;c:\windows\system32\winsts.sys

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool or ask for help in the Spyware removal forum.
How to remove: link

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ansid
Filename: ansid.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvcRDSessMgr

Command: c:\windows\SYSTEM32\ansid.exe
Startup Type: Service
HijackThis Category:
HijackThis Line:

O23 – Service: NetMeeting Remote Desktop Sharing mnmsrvcRDSessMgr (mnmsrvcRDSessMgr) – – C:\WINDOWS\system32\ansid.exe srv

DDS/Combofix/RSIT Line:

R2 mnmsrvcRDSessMgr;NetMeeting Remote Desktop Sharing mnmsrvcRDSessMgr;c:\windows\SYSTEM32\ansid.exe srv

Description: virus also known as W32.Virut.CF [Symantec], Virus.Win32.Virut.ce [Kaspersky Lab], W32/Virut.n.gen [McAfee], W32/Scribble-B [Sophos], Virus:Win32/Virut.BM [Microsoft]

How to remove: use Kaspersky virus removal tool

svchust.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: svchust
Filename: svchust.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Net_Login

Command: c:\windows\svchust.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: Net_Login (Net_Login) – Sigma Designs In – C:\WINDOWS\svchust.exe

DDS/Combofix/RSIT Line:

R2 Net_Login;Net_Login;c:\windows\svchust.exe

Description: trojan also known as W32.Pinfi [Symantec], Virus.Win32.Parite.b [Kaspersky Lab], W32/Pate.b [McAfee], PE_PARITE.A [Trend Micro], W32/Parite-B [Sophos], Virus:Win32/Parite.B [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

BtwSrv is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: BtwSrv
Filename: BtwSrv.dll
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\btwsrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsrv

Startup Type: Service
Combofix/RSIT Line:

R4 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 6:00 AM 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost – NetSvcs
BtwSrv

Description: trojan agent

How to remove: use Malwarebytes` Anti-malware or use SUPERAntiSpyware

FastNetSrv.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: FastNetSrv
Filename: FastNetSrv.exe
Command: c:\windows\SYSTEM32\FastNetSrv.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: fastnetsrv Service (fastnetsrv) – Sigma Designs In – C:\WINDOWS\system32\FastNetSrv.exe

Combofix/RSIT Line:

R2 fastnetsrv;fastnetsrv Service;c:\windows\SYSTEM32\FastNetSrv.exe [8/4/2004 6:00 AM 93696]

Description: trojan agent

How to remove: use Malwarebytes` Anti-malware or use SUPERAntiSpyware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: QuickHealCleanerSvc
Filename: QuickHealCleanerSvc.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\quickhealcleanersvc

Command: C:\Program Files\QuickHealCleaner Software\QuickHealCleaner\QuickHealCleanerSvc.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: QuickHealCleaner Security Service (QuickHealCleanerSvc) – Unknown owner – C:\Program Files\QuickHealCleaner Software\QuickHealCleaner\QuickHealCleanerSvc.exe

Description: component of QuickHealCleaner (rogue antispyware software)

How to remove: use these QuickHealCleanerSvc.exe removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SystemCopSvc
Filename: SystemCopSvc.exe
Registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SystemCopSvc

Command: C:\Program Files\SystemCop Software\SystemCop\SystemCopSvc.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: SystemCop Security Service (SystemCopSvc) – Unknown owner – C:\Program Files\SystemCop Software\SystemCop\SystemCopSvc.exe

Description: component of SystemCop (rogue antispyware program)

How to remove: use these SystemCop removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: svchasts
Filename: svchasts.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antippro2009_100

Command: C:\WINDOWS\svchasts.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: AntipPro2009_100 (AntipyProex) – Unknown owner – C:\WINDOWS\svchasts.exe

Combofix/RSIT Line:

R2 AntipPro2009_100;AntipyProex; C:\WINDOWS\svchasts.exe [2009-08-31 163840]

Description: component of Windows Police Pro (rogue antispyware program)

How to remove: use these Windows Police Pro removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: BlockDefenseSvc
Filename: BlockDefenseSvc.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blockdefensesvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\blockdefensesvc

Command: C:\Program Files\BlockDefense Software\BlockDefense\BlockDefenseSvc.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: BlockDefense Security Service (BlockDefenseSvc) – Unknown owner – C:\Program Files\BlockDefense Software\BlockDefense\BlockDefenseSvc.exe

Description: component of BlockDefense (rogue antispyware program)

How to remove: use these BlockDefense removal instructions.