HT Logs. Tips, FAQs, Analyze. » Virus

What is ansid.exe, How to remove ansid.exe

admin — Sun, 13 Dec 2009 08:20:55 +0000

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ansid
Filename: ansid.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvcRDSessMgr

Command: c:\windows\SYSTEM32\ansid.exe
Startup Type: Service
HijackThis Category:
HijackThis Line:

O23 – Service: NetMeeting Remote Desktop Sharing mnmsrvcRDSessMgr (mnmsrvcRDSessMgr) – – C:\WINDOWS\system32\ansid.exe srv

DDS/Combofix/RSIT Line:

R2 mnmsrvcRDSessMgr;NetMeeting Remote Desktop Sharing mnmsrvcRDSessMgr;c:\windows\SYSTEM32\ansid.exe srv

Description: virus also known as W32.Virut.CF [Symantec], Virus.Win32.Virut.ce [Kaspersky Lab], W32/Virut.n.gen [McAfee], W32/Scribble-B [Sophos], Virus:Win32/Virut.BM [Microsoft]

How to remove: use Kaspersky virus removal tool

What is reader_s.exe, How to remove reader_s.exe

admin — Fri, 04 Dec 2009 05:51:06 +0000

reader_s.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: reader_s
Filename: reader_s.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | reader_s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | reader_s

Command:

%WinDir%\System32\reader_s.exe
%UserProfile%\reader_s.exe

Startup Type: O4
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 – HKCU\..\Run: [reader_s] C:\Documents and Settings\user\reader_s.exe

DDS Line:

mRun: [[reader_s] C:\WINDOWS\System32\reader_s.exe
uRun: [[reader_s] C:\Documents and Settings\user\reader_s.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“reader_s”=C:\WINDOWS\System32\reader_s.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“reader_s”=C:\Documents and Settings\user\reader_s.exe

Description: component of Virut virus also known as W32.Virut.CF [Symantec], W32/Scribble-B [Sophos], Virus.Win32.Virut.ce [Kaspersky Lab], Virus:Win32/Virut.BM [Microsoft], W32/Virut.n.gen [McAfee]

How to remove: use Kaspersky virus removal tool + Dr.Web CureIt

sopidkc.exe is a virus

admin — Sun, 28 Jun 2009 03:01:29 +0000

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sopidkc
Filename: sopidkc.exe
Command: C:\WINDOWS\system32\sopidkc.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: sopidkc Service (sopidkc) – Elecard Lt – C:\WINDOWS\system32\sopidkc.exe

Combofix/RSIT Line:

R2 sopidkc;sopidkc Service; C:\WINDOWS\system32\sopidkc.exe [2004-08-18 124928]

Description: Virus, identified as Backdoor:Win32/Refpron.gen!C [Microsoft], Troj/Comsa-C [Sophos], New Win32 [McAfee], Packed.Win32.Koblu.b [Kaspersky Lab]

lkxcqdb.bat is a component of autorun.inf virus

admin — Sun, 15 Feb 2009 06:00:47 +0000

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: lkxcqdb
Filename: lkxcqdb.bat
Command: E:\lkxcqdb.bat
CLSID: {df709192-1538-11dd-bc9a-0011675aabad}
Startup Type: autorun.inf

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df709192-1538-11dd-bc9a-0011675aabad}]
shell\AutoRun\command – E:\lkxcqdb.bat
shell\explore\command – E:\lkxcqdb.bat
shell\open\command – E:\lkxcqdb.bat

Description: component of autorun.inf virus

How to remove: How to remove lkxcqdb.bat – trojan that uses autorun.inf file

gy.cmd is a component of autorun.inf virus

admin — Sun, 15 Feb 2009 05:57:22 +0000

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: gy
Filename: gy.cmd
CLSID: {b75b8d74-94b1-11dc-bb7c-00c09fcd8ea0}
Startup Type: autorun.inf

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b75b8d74-94b1-11dc-bb7c-00c09fcd8ea0}]
shell\AutoRun\command – gy.cmd
shell\explore\command – gy.cmd
shell\open\command – gy.cmd

Description: component of autorun.inf virus

How to remove: How to remove gy.cmd – trojan that uses autorun.inf file

itsduel.exe is a component of autorun.inf virus

admin — Sun, 15 Feb 2009 05:52:52 +0000

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: itsduel
Filename: itsduel.exe
Command: E:\itsduel.exe
CLSID: {98ffd239-a6ee-11dd-bd91-00c09fcd8ea0}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98ffd239-a6ee-11dd-bd91-00c09fcd8ea0}]
shell\AutoRun\command – E:\itsduel.exe
shell\explore\command – E:\itsduel.exe
shell\open\command – E:\itsduel.exe

Description: component of autorun.inf virus

How to remove: How to remove itsduel.exe – trojan that uses autorun.inf file