April 13th, 2010 
F2, Trojan, Winlogon\Shell
rihd.pno is a harmful program.
Name: rihd
Filename: rihd.pno
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell
Command: Explorer.exe, rundll32.exe rihd.pno eaoydsi
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:
F2 – REG:system.ini: Shell=Explorer.exe, rundll32.exe rihd.pno eaoydsi
Description: component of Bredolab trojan
How to remove: use HijackThis + Malwarebytes` Anti-malware
April 13th, 2010 Driver, Trojan
PRAGMAd.sys is a harmful program.
Name: PRAGMAd
Filename: PRAGMAd.sys
Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PRAGMA{random}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PRAGMAd.sys
Command:
C:\WINDOWS\system32\drivers\PRAGMA{random}.sys
C:\WINDOWS\PRAGMArchxnseqxn\PRAGMAd.sys
Startup Type: hidden driver
RootRepeal shows infection:
Hidden Services
——————-
Service Name: PRAGMAd.sys
Image Path C:\WINDOWS\system32\drivers\PRAGMAewxhsvitbd.sys
Service Name: PRAGMArchxnseqxn
Image Path C:\WINDOWS\PRAGMArchxnseqxn\PRAGMAd.sys
GMER shows infection:
Service system32\drivers\PRAGMAewxhsvitbd.sys (*** hidden *** ) [SYSTEM] PRAGMAd.sys <-- ROOTKIT !!!
Service C:\WINDOWS\PRAGMArchxnseqxn\PRAGMAd.sys (*** hidden *** ) [SYSTEM] PRAGMArchxnseqxn <-- ROOTKIT !!!
Description: new variant of TDSS trojan
How to remove: use these TDSS trojan removal instructions.
April 12th, 2010 Rogue Antispyware/Antivirus
avprocess.com is a malicious website
 |
The site was created to spread Antivirus Suite. If your browser is redirected to avprocess.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 193.33.115.92
Site addess: avprocess.com
Description: avprocess.com is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Suite.
How to remove: use these Antivirus Suite removal instructions in order to remove this infection.
April 12th, 2010 Rogue Antispyware/Antivirus
Avfortress.com is a malicious website
|
The site was created to spread Antivirus Suite. If your browser is redirected to Avfortress.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 79.135.152.5
Site addess: Avfortress.com
Description: Avfortress.com is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Suite.
How to remove: use these Antivirus Suite removal instructions in order to remove this infection.
April 11th, 2010 Rogue Antispyware/Antivirus
Firm-av.com is a malicious website
|
The site was created to spread Antivirus Suite. If your browser is redirected to Firm-av.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 193.33.115.88
Site addess: Firm-av.com
Description: Firm-av.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Suite.
How to remove: use these Antivirus Suite removal instructions in order to remove this infection.
April 11th, 2010 Rogue Antispyware/Antivirus
Av-product.com is a malicious website
|
The site was created to spread Antivirus Suite. If your browser is redirected to Av-product.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 193.33.115.92
Site addess: Av-product.com
Description: Av-product.com is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called THREATNAME.
How to remove: use these Antivirus Suite removal instructions in order to remove this infection.
April 11th, 2010 O4, Rogue Antispyware/Antivirus, Run
digprot.exe is a harmful program.
Name: digprot
Filename: digprot.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Digital Protection
Command: C:\Program Files\Digital Protection\digprot.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Digital Protection] “C:\Program Files\Digital Protection\digprot.exe” -noscan
DDS Line:
uRun: [Digital Protection] C:\Program Files\Digital Protection\digprot.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Digital Protection”=C:\Program Files\Digital Protection\digprot.exe
Description: core component of Digital Protection. Digital Protection is a rogue antispyware program.
How to remove: use these Digital Protection removal instructions.
April 11th, 2010 O4, Run, Trojan
davclnt.exe is a harmful program.
Name: davclnt
Filename: davclnt.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | davclnt.exe
Command: %Temp%\davclnt.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [davclnt.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\davclnt.exe
DDS Line:
uRun: [davclnt.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\davclnt.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“davclnt.exe”=C:\DOCUME~1\comp\LOCALS~1\Temp\davclnt.exe
Description: trojanFakeAlert that installed with Digital Protection. Digital Protection is a rogue antispyware program.
How to remove: use these Digital Protection removal instructions.
April 10th, 2010 O4, Rogue Antispyware/Antivirus, Run
Antivirus Suite is a harmful program.
Name: Antivirus Suite
Filename: {random}tssd.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | {random}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {random}
Command: %AppData%\{random}\{random}tssd.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [{random}] C:\Documents and Settings\user\Local Settings\Application Data\{random}\{random}tssd.exe
O4 – HKCU\..\Run: [{random}] C:\Documents and Settings\user\Local Settings\Application Data\{random}\{random}tssd.exe
DDS Line:
mRun: [valuename] file
uRun: [valuename] file
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“{random}”=C:\Documents and Settings\user\Local Settings\Application Data\{random}\{random}tssd.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“{random}”=C:\Documents and Settings\user\Local Settings\Application Data\{random}\{random}tssd.exe
Description: {random}tssd.exe is a core component of Antivirus Suite. Antivirus Suite is a rogue antispyware program.
How to remove: use these Antivirus Suite removal instructions.
April 7th, 2010 Rogue Antispyware/Antivirus
antivirus-armature.com is a malicious website
|
The site was created to spread Antivirus Suite. If your browser is redirected to antivirus-armature.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 193.33.115.92
Site addess: antivirus-armature.com
Description: antivirus-armature.com is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Suite.
How to remove: use these Antivirus Suite removal instructions in order to remove this infection.
