April 27th, 2010 
Rogue Antispyware/Antivirus
Antiviralpha.net is a malicious website
 |
The site was created to spread Antispyware Soft. If your browser is redirected to Antiviralpha.net, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 193.33.115.92
Site addess: Antiviralpha.net
Description: Antiviralpha.net is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.
How to remove: use these Antispyware Soft removal instructions in order to remove this infection.
April 24th, 2010 O4, Startup folder
monxga32.exe is a harmful program.
Name: monxga32
Filename: monxga32.exe
Command: %UserProfile%\start menu\programs\startup\monxga32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:
O4 – Startup: monxga32.exe
DDS Line:
StartupFolder: c:\documents and settings\user\start menu\programs\startup\monxga32.exe
Combofix/RSIT Line:
C:\Documents and Settings\user\Start Menu\Programs\Startup
monxga32.exe
Description: a trojan
How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool
April 23rd, 2010 O4, Run, Trojan
forcedos64.exe is a harmful program.
Name: forcedos64
Filename: forcedos64.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | forcedos64.exe
Command: %Temp%\forcedos64.exe
Startup Type: HKCU_>Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [forcedos64.exe] C:\DOCUME~1\Gemma\LOCALS~1\Temp\forcedos64.exe
DDS Line:
uRun: [forcedos64.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\forcedos64.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“forcedos64.exe”=C:\DOCUME~1\comp\LOCALS~1\Temp\forcedos64.exe
Description: trojan FakeAlert that installed with Digital Protection. Digital Protection is a rogue antispyware program.
How to remove: use these Digital Protection removal instructions.
April 23rd, 2010 Rogue Antispyware/Antivirus
avexpertsoft.com is a malicious website
|
The site was created to spread Antispyware Soft. If your browser is redirected to avexpertsoft.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 79.135.152.8
Site addess: avexpertsoft.com
Description: avexpertsoft.com is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called THREATNAME.
How to remove: use these Antispyware Soft removal instructions in order to remove this infection.
April 23rd, 2010 Rogue Antispyware/Antivirus
DefenderSoftPremium.net is a malicious website
|
The site was created to spread Antispyware Soft. If your browser is redirected to DefenderSoftPremium.net, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 193.33.115.92
Site addess: DefenderSoftPremium.net
Description: DefenderSoftPremium.net is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.
How to remove: use these Antispyware Soft removal instructions in order to remove this infection.
April 23rd, 2010 O4, Rogue Antispyware/Antivirus, Run
My Security Engine is a harmful program.
Name: MS{random}
Filename: MS{random}.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | My Security Engine
Command: C:\Documents and Settings\All Users\Application Data\{random}\MS{random}.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [My Security Engine] “C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe” /s /d
DDS Line:
uRun: [My Security Engine] C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“My Security Engine”=C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe
Description: core component of My Security Engine. My Security Engine is a rogue antispyware program.
How to remove: use these My Security Engine removal instructions.
April 22nd, 2010 Rogue Antispyware/Antivirus
Antispyware-soft.com is a malicious website
|
The site was created to spread Antispyware Soft. If your browser is redirected to Antispyware-soft.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 79.135.152.5
Site addess: Antispyware-soft.com
Description: Antispyware-soft.com is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.
How to remove: use these Antispyware Soft removal instructions in order to remove this infection.
April 21st, 2010 O4, Run, Trojan
newupdate1142C.exe is a harmful program.
Name: newupdate1142C
Filename: newupdate1142C.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | newupdate1142C.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | newupdate1142c .exe
Command:
C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe
c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [newupdate1142C.exe] C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe
O4 – HKCU\..\Run: [newupdate1142c .exe] c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe
DDS Line:
uRun: [newupdate1142C.exe] C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe
uRun: [newupdate1142c .exe] c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“newupdate1142C.exe”=C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe [2010-04-19 31232]
“newupdate1142c .exe”=c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe [2010-04-19 31232]
Description: a trojan
How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool
April 21st, 2010 O4, Run, Trojan
geurge.exe is a harmful program.
Name: geurge
Filename: geurge.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ewrgetuj
Command: %Temp%\geurge.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [ewrgetuj] C:\DOCUME~1\user\LOCALS~1\Temp\geurge.exe
DDS Line:
mRun: [ewrgetuj] C:\DOCUME~1\user\LOCALS~1\Temp\geurge.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“ewrgetuj”=C:\DOCUME~1\user\LOCALS~1\Temp\geurge.exe
Description: a trojan
How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool
April 21st, 2010 F2, Trojan, Winlogon\Shell
hspe.uvo is a harmful program.
Name: hspe
Filename: hspe.uvo
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell
Command: Explorer.exe, rundll32.exe hspe.uvo bnjpid
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:
F2 – REG:system.ini: Shell=Explorer.exe, rundll32.exe hspe.uvo bnjpid
Description: component of a trojan that also known as Backdoor.Bredolab [PCTools], Mal/EncPk-NS, Mal/FakeAV-BW, Mal/FakeAV-DF, Mal/FakeAV-BW [Sophos], packed with: PE_Patch.UPX [Kaspersky Lab]
How to remove: use HijackThis + Malwarebytes` Anti-malware
