April 7th, 2010 
Rogue Antispyware/Antivirus
Av-armor.com is a malicious website
 |
The site was created to spread Antivirus Suite. If your browser is redirected to Av-armor.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 193.33.115.92
Site addess: Av-armor.com
Description: Av-armor.com is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Suite.
How to remove: use these Antivirus Suite removal instructions in order to remove this infection.
April 6th, 2010 O4, Run, Trojan
YVIBBBHA8C is a harmful program.
Name: YVIBBBHA8C
Filename: [random 3 characters].exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | YVIBBBHA8C
Command: %Temp%\[random 3 characters].exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [YVIBBBHA8C] C:\DOCUME~1\user\LOCALS~1\Tem\Lpw.exe
DDS Line:
uRun: [YVIBBBHA8C] C:\DOCUME~1\user\LOCALS~1\Temp\Lpw.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“YVIBBBHA8C”=C:\DOCUME~1\user\LOCALS~1\Temp\Lpw.exe
Description: a trojan that also known as Downloader-CEW [McAfee], Mal/FakeAV-CX, Mal/FakeAV-CO [Sophos]
How to remove: use HijackThis + Malwarebytes` Anti-malware
April 6th, 2010 Rogue Antispyware/Antivirus
Pc-fortress.com is a malicious website
|
The site was created to spread Antivirus Suite. If your browser is redirected to Pc-fortress.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 79.135.152.5
Site addess: Pc-fortress.com
Description: Pc-fortress.com is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Suite.
How to remove: use these Antivirus Suite removal instructions in order to remove this infection.
April 5th, 2010 Rogue Antispyware/Antivirus
avtivirus-rampart.com is a malicious website
|
The site was created to spread Antivirus Suite. If your browser is redirected to avtivirus-rampart.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 193.33.115.92
Site addess: avtivirus-rampart.com
Description: avtivirus-rampart.com is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Suite.
How to remove: use these Antivirus Suite removal instructions in order to remove this infection.
April 5th, 2010 Rogue Antispyware/Antivirus
avtivirus-fortress.com is a malicious website
|
The site was created to spread Antivirus Suite. If your browser is redirected to avtivirus-fortress.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 193.33.115.88
Site addess: avtivirus-fortress.com
Description: avtivirus-fortress.com is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Suite.
How to remove: use these Antivirus Suite removal instructions in order to remove this infection.
April 2nd, 2010 O4, Rogue Antispyware/Antivirus, Run
urpprot.exe is a harmful program.
Name: urpprot
Filename: urpprot.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Your Protection
Command: C:\Program Files\Your Protection\urpprot.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Your Protection] “C:\Program Files\Your Protection\urpprot.exe” -noscan
DDS Line:
uRun: [Your Protection] C:\Program Files\Your Protection\urpprot.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Your Protection”=C:\Program Files\Your Protection\urpprot.exe
Description: core component of Your Protection. Your Protection is a rogue antispyware program.
How to remove: use these Your Protection removal instructions.
April 2nd, 2010 O4, Rogue Antispyware/Antivirus, Run
mplay32xe.exe is a harmful program.
Name: mplay32xe
Filename: mplay32xe.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | mplay32xe.exe
Command: %Temp%\mplay32xe.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [mplay32xe.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\mplay32xe.exe
DDS Line:
uRun: [mplay32xe.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\mplay32xe.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“mplay32xe.exe”=C:\DOCUME~1\comp\LOCALS~1\Temp\mplay32xe.exe
Description: trojan FakeAlert that installed with Your Protection. Your Protection is a rogue antispyware program.
How to remove: use these Your Protection removal instructions.
April 2nd, 2010 F2, Trojan, Winlogon\Shell
lgou.rlo is a harmful program.
Name: lgou
Filename: lgou.rlo
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell
Command: Explorer.exe rundll32.exe lgou.rlo nhemkk
Startup Type: Winlogon\Shell
HijackThis Category: F2
HijackThis Line:
F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe lgou.rlo nhemkk
Description: component of Bredolab trojan, also known as Trojan-Downloader.Win32.Agent.dkld [Kaspersky Lab], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft]
How to remove: use HijackThis + Malwarebytes` Anti-malware
April 1st, 2010 Rogue Antispyware/Antivirus
protectedlife.microsoft.com is a malicious website
|
The site was created to spread Antivirus Suite. If your browser is redirected to protectedlife.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
Site addess: protectedlife.microsoft.com
Description: protectedlife.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Suite.
How to remove: use these Antivirus Suite removal instructions in order to remove this infection.
April 1st, 2010 Rogue Antispyware/Antivirus
Avprotectsoft.net is a malicious website
|
The site was created to spread Antivirus Soft. If your browser is redirected to Avprotectsoft.net, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 193.33.115.88
Site addess: Avprotectsoft.net
Description: Avprotectsoft.net is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.
How to remove: use these Antivirus Soft removal instructions in order to remove this infection.
