Archive for the 'Winlogon\TaskMan' Category

What is winssled.exe, How to remove winssled.exe

Thursday, December 3rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winssled
Filename: winssled.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Taskman
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | shccde

Command: C:\Windows\winssled.exe
Startup Type: HKCU->Run, Winlogon\TaskMan
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [shccde] C:\Windows\winssled.exe

DDS Line:

uRun: [shccde] C:\Windows\winssled.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“shccde”=C:\Windows\winssled.exe

Description: a trojan also known as Malware.Virut [PCTools], W32.Virut.CF [Symantec], Trojan.Win32.Buzus.cqmu [Kaspersky Lab], Trojan:Win32/Lethic.B [Microsoft]

How to remove: use HijackThis + Kaspersky virus removal tool