HT Logs. Tips, FAQs, Analyze.

nnfj.tqo is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: nnfj
Filename: nnfj.tqo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe nnfj.tqo nhemkk
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe nnfj.tqo nhemkk

Description: trojan also known as Trojan.Win32.Sasfis.ajil [Kaspersky Lab], SpyAgent-br.dll [McAfee], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft], Win-Trojan/Xema.variant [AhnLab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Virdef.net is a malicious website

The site was created to spread Antivirus Soft. If your browser is redirected to Virdef.net, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 193.33.115.89
Site addess: Virdef.net
Description: Virdef.net is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

Syspck32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Syspck32
Filename: Syspck32.exe
Command: %UserProfile%\start menu\programs\startup\Syspck32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: syspck32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\syspck32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
syspck32.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

info-defender.com is a malicious website

The site was created to spread Antivirus Soft. If your browser is redirected to info-defender.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.5
Site addess: info-defender.com
Description: info-defender.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

virus-cleaner.net is a malicious website

The site was created to spread Antivirus Soft. If your browser is redirected to virus-cleaner.net, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.5
Site addess: virus-cleaner.net
Description: virus-cleaner.net is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

diskperfxp.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: diskperfxp
Filename: diskperfxp.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | diskperfxp.exe

Command: %UserProfile%\LOCALS~1\Temp\diskperfxp.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [diskperfxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\diskperfxp.exe

DDS Line:

uRun: [diskperfxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\diskperfxp.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“diskperfxp.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\diskperfxp.exe

Description: trojan fakeAlert that displays a lot fake security alerts and downloads and installs User Protection onto your computer. User Protection is a rogue antispyware program.

How to remove: use these User Protection removal instructions.

zipdkg32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: zipdkg32
Filename: zipdkg32.exe
Command: c:\documents and settings\user\start menu\programs\startup\zipdkg32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: zipdkg32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\zipdkg32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
zipdkg32.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

WEK9EMDHI9 is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: WEK9EMDHI9
Filename: [ranndom].exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WEK9EMDHI9

Command: C:\WINDOWS\Bhihuc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [WEK9EMDHI9] C:\WINDOWS\Bhihuc.exe

DDS Line:

uRun: [WEK9EMDHI9] C:\WINDOWS\Bhihuc.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“WEK9EMDHI9″=C:\WINDOWS\Bhihuc.exe [2010-03-15 40448]

Description: trojan FakeAlert

How to remove: use HijackThis + Malwarebytes` Anti-malware

usrprot.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: usrprot
Filename: usrprot.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | User Protection

Command: C:\Program Files\User Protection\usrprot.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [User Protection] “C:\Program Files\User Protection\usrprot.exe” -noscan

DDS Line:

uRun: [User Protection] C:\Program Files\User Protection\usrprot.exe

Combofix/RSIT Line:

<[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "User Protection"=C:\Program Files\User Protection\usrprot.exe

Description: core component of User Protection. User Protection is a rogue antispyware program.

How to remove: use these User Protection removal instructions.

msnfo32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: msnfo32
Filename: msnfo32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | msnfo32

Command: %WinDir%\system32\msnfo32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [msnfo32] C:\WINDOWS\system32\msnfo32.exe

DDS Line:

mRun: [msnfo32] C:\WINDOWS\system32\msnfo32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“msnfo32″=C:\WINDOWS\system32\msnfo32.exe

Description: trojan also known as trojan agent

How to remove: use HijackThis + Malwarebytes` Anti-malware