April 20th, 2010 
Rogue Antispyware/Antivirus
defender-soft.com is a malicious website
 |
The site was created to spread Antispyware Soft. If your browser is redirected to defender-soft.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 79.135.152.5
Site addess: defender-soft.com
Description: defender-soft.com is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.
How to remove: use these Antispyware Soft removal instructions in order to remove this infection.
April 20th, 2010 Rogue Antispyware/Antivirus
software-defender.com is a malicious website
|
The site was created to spread Antispyware Soft. If your browser is redirected to software-defender.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 193.33.115.92
Site addess: software-defender.com
Description: software-defender.com is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.
How to remove: use these Antispyware Soft removal instructions in order to remove this infection.
April 19th, 2010 AppInit DLLs, O20, Trojan
app_dll.dll is a harmful program.
Name: app_dll
Filename: C:\Windows\System32\app_dll.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS
Command: command
Startup Type: AppInit DLLs
HijackThis Category: O20
HijackThis Line:
O20 – AppInit_DLLs: app_dll.dll
DDS Line:
AppInit_DLLs: app_dll.dll
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\app_dll.dll”
Description: a trojan that also known as Trojan.Win32.Vilsel.rqn [Kaspersky Lab], Mal/Generic-A [Sophos]
How to remove: use HijackThis + Malwarebytes` Anti-malware
April 19th, 2010 F2, Trojan, Winlogon\Shell
awxm.vho is a harmful program.
Name: awxm
Filename: awxm.vho
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell
Command: Explorer.exe rundll32.exe awxm.vho rlvgf
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:
F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe awxm.vho rlvgf
Description: component of a trojan that also known as Backdoor.Bredolab [PCTools], Mal/EncPk-NS, Mal/FakeAV-BW, Mal/FakeAV-DF, Mal/FakeAV-BW [Sophos], packed with: PE_Patch.UPX [Kaspersky Lab]
How to remove: use HijackThis + Malwarebytes` Anti-malware
April 17th, 2010 Rogue Antispyware/Antivirus
Av-firm.com is a malicious website
|
The site was created to spread Antispyware Soft. If your browser is redirected to Av-firm.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 193.33.115.88
Site addess: Av-firm.com
Description: Av-firm.com is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.
How to remove: use these Antispyware Soft removal instructions in order to remove this infection.
April 17th, 2010 Rogue Antispyware/Antivirus
alphaantivir.com is a malicious website
|
The site was created to spread Antispyware Soft. If your browser is redirected to alphaantivir.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 79.135.152.5
Site addess: alphaantivir.com
Description: alphaantivir.com is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.
How to remove: use these Antispyware Soft removal instructions in order to remove this infection.
April 17th, 2010 Rogue Antispyware/Antivirus
Fortress-software.net is a malicious website
|
The site was created to spread Antispyware Soft. If your browser is redirected to Fortress-software.net, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 79.135.152.5
Site addess: Fortress-software.net
Description: Fortress-software.net is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.
How to remove: use these Antispyware Soft removal instructions in order to remove this infection.
April 16th, 2010 F2, Trojan, Winlogon\Shell
ngts.vao is a harmful program.
Name: ngts
Filename: ngts.vao
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell
Command: Explorer.exe rundll32.exe ngts.vao uvibls
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:
F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe ngts.vao uvibls
Description: component of a trojan that also known as Backdoor.Bredolab [PCTools], Mal/EncPk-NS, Mal/FakeAV-BW, Mal/FakeAV-DF, Mal/FakeAV-BW [Sophos], packed with: PE_Patch.UPX [Kaspersky Lab]
How to remove: use HijackThis + Malwarebytes` Anti-malware
April 16th, 2010 O4, Run, Worm
bill107.exe is a harmful program.
Name: bill107
Filename: bill107.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray
Command: C:\windows\bill107.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [sysfbtray] C:\windows\bill107.exe
DDS Line:
mRun: [sysfbtray] C:\windows\bill107.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\bill107.exe
Description: new variant of koobface worm
How to remove: use these koobface removal instructions.
April 13th, 2010 SecurityProviders, Trojan
mcenspc.dll is a harmful program.
Name: mcenspc
Filename: mcenspc.dll
Registry key:
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders | SecurityProviders
Command: C:\Windows\System32\mcenspc.dll
Startup Type: SecurityProviders
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
“SecurityProviders”=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll
Description: a trojan that also known as Trojan Horse [Symantec], Trojan.Win32.Agent2.htd [Kaspersky Lab], Generic Downloader.x!a [McAfee], Troj/Agent-JNX [Sophos], TrojanDownloader:Win32/Agent.KF [Microsoft], Trojan.Win32.Agent2 [Ikarus], Win-Trojan/Agent2.58880.B [AhnLab]
How to remove: use Malwarebytes` Anti-malware + Kaspersky virus removal tool
