Worm | HT Logs. Tips, FAQs, Analyze.

Archive for the 'Worm' Category

What is bill104.exe, How to remove bill104.exe

Wednesday, March 17th, 2010

bill104.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: bill104
Filename: bill104.exe
Registry key:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: %Windir%\bill104.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\bill104.exe

DDS Line:

mRun: [sysfbtray] C:\windows\bill104.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\bill104.exe

Description: new variant of koobface worm

How to remove: use these koobface removal instructions.

Posted in O4, Run, Worm | No Comments »

What is bill103.exe, How to remove bill103.exe

Sunday, March 7th, 2010

bill103.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: bill103
Filename: bill103.exe
Registry key:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: %Windir%\bill103.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\bill103.exe

DDS Line:

mRun: [sysfbtray] C:\windows\bill103.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\bill103.exe

Description: new variant of koobface worm

How to remove: use these koobface removal instructions.

Posted in O4, Run, Worm | No Comments »

What is jjdrive32.exe, How to remove jjdrive32.exe

Tuesday, February 23rd, 2010

jjdrive32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: jjdrive32
Filename: jjdrive32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Update Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Update Setup

Command: %Windir%\jjdrive32.exe
Startup Type: HKLM->Run, HKLM->Policies\Explorer\Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Update Setup] C:\Windows\jjdrive32.exe
O4 – HKLM\..\policies\Explorer\Run: [Microsoft Update Setup] C:\Windows\jjdrive32.exe

DDS Line:

mRun: [Microsoft Update Setup] C:\Windows\jjdrive32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Update Setup”=C:\Windows\jjdrive32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
“Microsoft Update Setup”=C:\Windows\jjdrive32.exe

Description: worm also known as Net-Worm.Spybot [PCTools], W32.Spybot.Worm [Symantec], Net-Worm.Win32.Kolab.fem [Kaspersky Lab], W32/Kolab [McAfee], Mal/Generic-A [Sophos], Worm:Win32/Pushbot.OF [Microsoft]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Policies\Explorer\Run, Run, Worm | No Comments »

What is freddy101.exe, How to remove freddy101.exe

Friday, February 12th, 2010

freddy101.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy101
Filename: freddy101.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy101.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy101.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy101.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy101.exe

Description: component of Koobface worm.

How to remove: use these Koobface removal instructions.

Posted in O4, Run, Worm | No Comments »

What is freddy100.exe, How to remove freddy100.exe

Wednesday, February 10th, 2010

freddy100.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy100
Filename: freddy100.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy100.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy100.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy100.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy100.exe

Description: component of koobface worm

How to remove: use these koobface removal instructions.

Posted in O4, Run, Worm | No Comments »

What is freddy84.exe, How to remove freddy84.exe

Sunday, February 7th, 2010

freddy84.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy84
Filename: freddy84.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy84.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy84.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy84.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy84.exe

Description: part of koobface worm

How to remove: use these koobface removal instructions.

Posted in O4, Run, Worm | No Comments »

What is freddy82.exe, How to remove freddy82.exe

Thursday, January 28th, 2010

freddy82.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy82
Filename: freddy82.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy82.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy82.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy82.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy82.exe

Description: component of koobface worm

How to remove: use these koobface removal instructions.

Posted in O4, Run, Worm | No Comments »

What is livemessenger.exe, How to remove livemessenger.exe

Saturday, January 23rd, 2010

livemessenger.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: livemessenger
Filename: livemessenger.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Microsoft Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | Microsoft Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx | Microsoft Update

Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Update] livemessenger.exe

DDS Line:

mRun: [Microsoft Update] livemessenger.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Update”=livemessenger.exe

Description: Backdoor.Win32.Rbot.bll [Kaspersky Lab], W32.IRCBot [Symantec], W32/Sdbot.worm.gen.t [McAfee]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, RunOnce, RunOnceEx, Worm | No Comments »

What is msdrv32.exe, How to remove msdrv32.exe

Saturday, January 23rd, 2010

msdrv32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: msdrv32
Filename: msdrv32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Driver Setup

Command: %WinDir%\msdrv32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Driver Setup] C:\Windows\msdrv32.exe
O4 – HKLM\..\policies\Explorer\Run: [Microsoft Driver Setup] C:\Windows\msdrv32.exe

DDS Line:

mRun: [Microsoft Driver Setup] C:\Windows\msdrv32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\Windows\msdrv32.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
“Microsoft Driver Setup”=C:\Windows\msdrv32.exe

Description: worm also known as Worm:Win32/Pushbot.gen [Microsoft], Backdoor.Win32.IRCBot.gen [Kaspersky Lab], Exploit-DcomRpc.gen [McAfee], Mal/Behav-134, Mal/IRCBot-B [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Policies\Explorer\Run, Run, Worm | No Comments »

What is freddy81.exe, How to remove freddy81.exe

Sunday, January 17th, 2010

freddy81.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy81
Filename: freddy81.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy81.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy81.exe

DDS Line:

Run: [sysfbtray] C:\windows\freddy81.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy81.exe

Description: component of koobface worm

How to remove: use these koobface removal instructions.

Posted in O4, Run, Worm | No Comments »

HT Logs. Tips, FAQs, Analyze.

Categories

Archives

Archive for the 'Worm' Category

What is bill104.exe, How to remove bill104.exe

bill104.exe is a harmful program.

What is bill103.exe, How to remove bill103.exe

bill103.exe is a harmful program.

What is jjdrive32.exe, How to remove jjdrive32.exe

jjdrive32.exe is a harmful program.

What is freddy101.exe, How to remove freddy101.exe

freddy101.exe is a harmful program.

What is freddy100.exe, How to remove freddy100.exe

freddy100.exe is a harmful program.

What is freddy84.exe, How to remove freddy84.exe

freddy84.exe is a harmful program.

What is freddy82.exe, How to remove freddy82.exe

freddy82.exe is a harmful program.

What is livemessenger.exe, How to remove livemessenger.exe

livemessenger.exe is a harmful program.

What is msdrv32.exe, How to remove msdrv32.exe

msdrv32.exe is a harmful program.

What is freddy81.exe, How to remove freddy81.exe

freddy81.exe is a harmful program.