Archive for the 'adware' Category

What is mmx.dll, How to remove mmx.dll

Monday, September 20th, 2010

mmx.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mmx
Filename: mmx.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EFC03F8-191D-4E6B-8E44-E3B6FEEA3629}

Command: %WinDir%\$NtUninstallMTF1011$\mmx.dll
CLSID: {0EFC03F8-191D-4E6B-8E44-E3B6FEEA3629}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EFC03F8-191D-4E6B-8E44-E3B6FEEA3629}]
brumaqpyxgrm Object – C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll [2010-08-17 247296]

DDS Line:

BHO: brumaqpyxgrm Object : {0EFC03F8-191D-4E6B-8E44-E3B6FEEA3629} – C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EFC03F8-191D-4E6B-8E44-E3B6FEEA3629}]
brumaqpyxgrm Object – C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll

Description: variant of Win32/Adware.Lifze

How to remove: use HijackThis + Malwarebytes` Anti-malware or the steps below.

1. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EFC03F8-191D-4E6B-8E44-E3B6FEEA3629}]

:files
%WinDir%\$NtUninstallMTF1011$\mmx.dll

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

2. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

AdSubscribe.dll is adware

Saturday, June 27th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AdSubscribe
Filename: AdSubscribe.dll
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AdSubscribe
HKEY_CLASSES_ROOT\CLSID\{82C885EE-6B87-4D51-9EF4-0CFE9FADA900}

Command: shelliconoverlayidentifiers
CLSID: clsid
Startup Type:
Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AdSubscribe]
@=”{82C885EE-6B87-4D51-9EF4-0CFE9FADA900}”
[HKEY_CLASSES_ROOT\CLSID\{82C885EE-6B87-4D51-9EF4-0CFE9FADA900}]
2009-06-23 21:11 750080 —-a-w- c:\documents and settings\user\Application Data\AdSubscribe\AdSubscribe.dll
2009-06-23 21:11 . 2009-06-23 21:11 ——– d—–w- c:\documents and settings\user\Application Data\AdSubscribe
2009-06-23 21:11 . 2009-06-23 21:11 807424 —-a-w- c:\documents and settings\user\Application Data\AdSubscribe\Uninstall.exe
2009-06-23 21:11 . 2009-06-23 21:11 750080 —-a-w- c:\documents and settings\user\Application Data\AdSubscribe\AdSubscribe.dll

Description: adware also known as AdWare.FearAds, Trojan-Downloader.Win32.Adload.fib, Worm.Win32.Malware.gen

How to remove: ask help at Spyware removal forum.

wcs.exe a variant of the Adware/Netproject malware

Saturday, February 14th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wcs
Filename: wcs.exe
Command: %programfiles%\Applications\wcs.exe
Startup Type: HKLM->Policies\Explorer\Run:
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe

Description: variant of the Adware/Netproject malware

How to remove: Use HijackThis.