Archive for the 'Rogue Antispyware/Antivirus' Category
Monday, June 15th, 2009
This is a harmful program.
Name: wingenocx
Filename: wingenocx.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
Command: C:\WINDOWS\system32\wingenocx.dll
CLSID: {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: BhoApp – {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} – C:\WINDOWS\system32\wingenocx.dll
Description: trojan BHO that installed with Protection System (rogue antispyware software)
How to remove: use Malwarebytes Antimalware
Posted in BHO, O2, Rogue Antispyware/Antivirus, Trojan | No Comments »
Friday, June 12th, 2009
This is a harmful program.
Name: 96857956
Filename: 96857956.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | 16847964
Command: C:\Documents and Settings\All Users\Application Data\16847964\16847964.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [16847964] C:\Documents and Settings\All Users\Application Data\16847964\16847964.exe
Description: component of System Security (rogue antispyware program)
Note: System Security uses random names for hide itself.
How to remove: use these System Security removal instructions.
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Wednesday, June 10th, 2009
This is a harmful program.
Name: WindOptimizer
Filename: WindOptimizer.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Wind Optimizer
Command: C:\Program Files\Wind Optimizer\WindOptimizer.exe
Startup Type: HKCU
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Wind Optimizer] “C:\Program Files\Wind Optimizer\WindOptimizer.exe” /s
Description: main file of Wind Optimizer (rogue antispyware)
How to remove: use Malwarebytes Antimalware
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Thursday, June 4th, 2009
This is a harmful program.
Name: xpdeluxe
Filename: xpdeluxe.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | xpprotect
Command: %UserProfile%\XP Deluxe Protector\xpdeluxe.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [xpprotect] C:\Documents and Settings\lab\XP Deluxe Protector\xpdeluxe.exe
Description: main file of XP Deluxe Protector (rogue antispyware program)
How to remove: use these XP Deluxe Protector removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | 2 Comments »
Wednesday, June 3rd, 2009
This is a harmful program.
Name: WinBlueSoft
Filename: WinBlueSoft.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | WinBlueSoft
Command: C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
Description: WinBlueSoft.exe is a main component of WinBlueSoft rogue antispyware program
How to remove: use these WinBlueSoft removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Tuesday, June 2nd, 2009
This is a harmful program.
Name: windef
Filename: windef.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WinDefender2009
Command: c:\Program Files\WinDefender\windef.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [WinDefender2009] c:\Program Files\WinDefender\windef.exe
Description: windef.exe is a main file of WinDefender2009 (rogue antispyware program)
How to remove: use Malwarebytes Antimalware
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Sunday, May 24th, 2009
This is a harmful program.
Name: FastAV
Filename: FastAV.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Fast Antivirus 2009
Command: C:\Documents and Settings\All Users\Application Data\d0aef09\FastAV.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Fast Antivirus 2009] “C:\Documents and Settings\All Users\Application Data\d0aef09\FastAV.exe” /s /d
Description: main file of Fast Antivirus 2009 (rogue antipyware program)
How to remove: use the instructions How to remove Fast Antivirus 2009
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Monday, May 18th, 2009
This is a harmful program.
Name: AV
Filename: AV.EXE
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Secure AntiVirus Pro
Command: C:\WINDOWS\AV.EXE
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Secure AntiVirus Pro] C:\WINDOWS\AV.EXE
Description: main file of Secure Antivirus Pro (rogue antispyware program)
How to remove: use the Secure Antivirus Pro removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Friday, May 8th, 2009
This is a harmful program.
Name: MCatcher
Filename: MCatcher.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Malware Catcher 2009
Command: C:\Documents and Settings\All Users\Application Data\f5bc4e8\MCatcher.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Malware Catcher 2009] “C:\Documents and Settings\All Users\Application Data\f5bc4e8\MCatcher.exe” /s /d
Description: main file of Malware Catcher 2009 (rogue antispyware program)
How to remove: use Malwarebytes Antimalware
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Thursday, May 7th, 2009
This is a harmful program.
Name: pav
Filename: pav.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PAV
Command: c:\program files\pav\pav.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [PAV] c:\program files\pav\pav.exe
Description: main file of Personal Antivirus (rogue antispyware program)
How to remove: use these instructions How to remove Personal Antivirus
Posted in BHO, O4, Rogue Antispyware/Antivirus | No Comments »
