HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy66
Filename: freddy66.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: c:\windows\freddy66.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] c:\windows\freddy66.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=c:\windows\freddy66.exe [2009-09-25 77824]

Description: part of worm Koobface that takes over computers by spreading through the social networks

How to remove: use Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: avdrive32
Filename: avdrive32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Driver Setup

Command: C:\WINDOWS\avdrive32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\avdrive32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“Microsoft Driver Setup”=C:\WINDOWS\avdrive32.exe [2009-09-04 81408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Driver Setup]
C:\WINDOWS\avdrive32.exe [2009-09-04 81408]
2009-09-03 21:19:12 —-RSH—- C:\WINDOWS\avdrive32.exe

Description: Win32.IRCBot worm also known as Backdoor.Win32.IRCBot.gen, Worm:Win32/Pushbot

How to remove: use Kaspersky virus removal tool.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: waw32
Filename: waw32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | Microsoft Driver Setup

Command: C:\WINDOWS\waw32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\waw32.exe
O4 – HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\waw32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\WINDOWS\waw32.exe [2009-08-20 84992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“Microsoft Driver Setup”=C:\WINDOWS\waw32.exe [2009-08-20 84992]

Description: trojan-dropper, also known as Worm.Palevo

How to remove: use HijackThis + use Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: jwgkvsq
Filename: jwgkvsq.vmx
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adaa1c54-332e-11de-bf44-001c25045ca7}

Command: F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
CLSID: {adaa1c54-332e-11de-bf44-001c25045ca7}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adaa1c54-332e-11de-bf44-001c25045ca7}]
shell\AutoRun\command – C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

Description: component of Conficker worm also known as Kido worm

How to remove: use these Conficker removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: csrcs
Filename: csrcs.exe
Command: C:\WINDOWS\system32\csrcs.exe
Startup Type: Policies->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe

Description: worm [W32/Spybot]

How to remove: use HijackThis + use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ld08
Filename: ld08.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysldtray

Command: c:\windows\ld08.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysldtray] c:\windows\ld08.exe

Description: worm koobface is a worm that spreads through Myspace and Facebook. Also known as Net-Worm.Win32.Koobface.hn, W32/Koobfa-Gen.

How to remove: use these koobface removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: pp10
Filename: pp10.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | pp

Command: c:\windows\pp10.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [pp] c:\windows\pp10.exe

Description: component of worm koobface (spreads through social networking sites)

How to remove: use these koobface removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ld09
Filename: ld09.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysldtray

Command: c:\windows\ld09.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysldtray] c:\windows\ld09.exe

Description: worm koobface is a worm that spreads through social networking sites (Myspace and Facebook).

How to remove: use these koobface removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: wm0dap
Filename: wm0dap.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | oledll

Command: C:\WINDOWS\system32\wm0dap.dll
CLSID: {52345B67-1234-1234-D123-7F84D123BC7D}
Startup Type: ShellServiceObjectDelayLoad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
oledll – {52345B67-1234-1234-D123-7F84D123BC7D} – C:\WINDOWS.0\system32\wm0dap.dll [2009-03-21 73728]

Description: Email-Worm.Bagle is a mass-mailing application.

How to remove: manually, using Combofix or Registry editor

This is an harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SbCtri
Filename: SbCtri.exe
Registry key:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = “Explorer.exe %System%\drivers\SbCtri.exe”

Command: %WinDir%\System32\drivers\SbCtri.exe
Startup Type: Winlogon->Shell
Description: Win32/IRCBot.GF

How to remove: Use Spyware removal forum.