HT Logs. Tips, FAQs, Analyze.

bill104.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: bill104
Filename: bill104.exe
Registry key:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: %Windir%\bill104.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\bill104.exe

DDS Line:

mRun: [sysfbtray] C:\windows\bill104.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\bill104.exe

Description: new variant of koobface worm

How to remove: use these koobface removal instructions.

eventtriggersxp.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: eventtriggersxp
Filename: eventtriggersxp.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | eventtriggersxp.exe

Command: %Temp%\eventtriggersxp.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [eventtriggersxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\eventtriggersxp.exe

DDS Line:

uRun: [eventtriggersxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\eventtriggersxp.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“eventtriggersxp.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\eventtriggersxp.exe

Description: trojan fakeAlert that once started will display a lot of fake security alerts and will suggest to download and install Dr. Guard. Dr. Guard is a rogue antispyware program.

How to remove: use these Dr. Guard removal instructions in order to remove Dr. Guard and the eventtriggersxp.exe trojan fakealert.

ave.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ave
Filename: ave.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\secfile

Command: %Appdata%\ave.exe
Startup Type: File associations
Description: core component of Total Vista Security (Vista Security Tool 2010). Total Vista Security (Vista Security Tool 2010) is a rogue antispyware program.

How to remove: use these ave.exe removal instructions.

infoprotector.net is a malicious website

The site was created to spread Antivirus Soft. If your browser is redirected to infoprotector.net, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 195.88.190.54
Site addess: infoprotector.net
Description: infoprotector.net is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called THREATNAME.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

Info-protector.com is a malicious website

The site was created to spread Antivirus Soft. If your browser is redirected to Info-protector.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.5
Site addess: Info-protector.com
Description: Info-protector.com is not related with legit Security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

mlthnj.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: mlthnj
Filename: mlthnj.dll
Registry key:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls

Command: c:\windows\system32\config\systemprofile\Local Settings\Application Data\Windows Server\mlthnj.dll
Startup Type: AppSecDll
Combofix:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ c:\windows\system32\config\systemprofile\Local Settings\Application Data\Windows Server\mlthnj.dll

Description: desc
Notes: trojan also known as Trojan.Agent/Gen-FakeAV, which is installed with a rogue antispyware program.

How to remove: use Registry editor + Malwarebytes` Anti-malware

UpdateExplorer.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: UpdateExplorer
Filename: UpdateExplorer.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}

Command: C:\Windows\System32\UpdateExplorer.dll
CLSID: {E2BFE352-A303-4EA8-88FE-CE35361D7E8B}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &UpdateCheck.dll – {E2BFE352-A303-4EA8-88FE-CE35361D7E8B} – C:\Windows\System32\UpdateExplorer.dll

DDS Line:

BHO: &UpdateCheck.dll: {E2BFE352-A303-4EA8-88FE-CE35361D7E8B} – C:\Windows\System32\UpdateExplorer.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2BFE352-A303-4EA8-88FE-CE35361D7E8B}]
UpdateCheck.dll – C:\Windows\System32\UpdateExplorer.dll

Description: malicious add-on to Internet Explorer that installed by Antivirus 7. Antivirus 7 is a rogue antispyware program.

How to remove: use these Antivirus 7 removal instructions.

antivirus7.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: antivirus7
Filename: antivirus7.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AV7

Command: C:\Program Files\AV7\antivirus7.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AV7] C:\Program Files\AV7\antivirus7.exe

DDS Line:

uRun: [AV7] C:\Program Files\AV7\antivirus7.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AV7″=C:\Program Files\AV7\antivirus7.exe

Description: core component of Antivirus 7. Antivirus 7 is a rogue antispyware program.

How to remove: use these Antivirus 7 removal instructions.

pc-inspector.net is a malicious website

The site was created to spread Antivirus Soft. If your browser is redirected to pc-inspector.net, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.5
Site addess: pc-inspector.net
Description: pc-inspector.net is not related with legit company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

av-2010.com is a malicious website

The site was created to spread Antivirus Soft. If your browser is redirected to av-2010.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.5
Site addess: av-2010.com
Description: av-2010.com is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called THREATNAME.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.