What is protectsoft.net, How to remove protectsoft.net

Comments
March 12th, 2010 O4, Rogue Antispyware/Antivirus, Run

protectsoft.net is a malicious website

remove The site was created to spread Antivirus Soft. If your browser is redirected to protectsoft.net, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 195.88.190.54
Site addess: protectsoft.net
Description: protectsoft.net is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

What is SmartSecurity.exe, How to remove SmartSecurity.exe

Comments
March 10th, 2010 O4, Rogue Antispyware/Antivirus, Run

SmartSecurity is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SmartSecurity
Filename: SmartSecurity.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SmartSecurity

Command: C:\Program Files\Smart Security\SmartSecurity.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SmartSecurity] C:\Program Files\Smart Security\SmartSecurity.exe

DDS Line:

uRun: [SmartSecurity] C:\Program Files\Smart Security\SmartSecurity.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SmartSecurity”=C:\Program Files\Smart Security\SmartSecurity.exe

Description: core component of SmartSecurity. SmartSecurity (Smart Security) is a rogue antispyware program.

How to remove: use these SmartSecurity removal instructions.

CleanUp Antivirus – CUA[random].exe

Comments
March 10th, 2010 O4, Rogue Antispyware/Antivirus, Run

CUA[random].exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: CleanUp Antivirus
Filename: CUA[random].exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | CleanUp Antivirus

Command: C:\Documents and Settings\All Users\Application Data\9be96\CU515.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [CleanUp Antivirus] “C:\Documents and Settings\All Users\Application Data\9be96\CU515.exe” /s /d

DDS Line:

uRun: [CleanUp Antivirus] C:\Documents and Settings\All Users\Application Data\9be96\CU515.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“CleanUp Antivirus”=C:\Documents and Settings\All Users\Application Data\9be96\CU515.exe

Description: core component of CleanUp Antivirus. CleanUp Antivirus is a fake antivirus program, that also known as rogue antispyware.

How to remove: use these CleanUp Antivirus removal instructions.

What is AV-Guru.net, How to remove AV-Guru.net

Comments
March 7th, 2010 Rogue Antispyware/Antivirus

AV-Guru.net is a malicious website

remove The site was created to spread Antivirus Soft. If your browser is redirected to AV-Guru.net, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.5
Site addess: AV-Guru.net
Description: AV-Guru.net is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

What is bill103.exe, How to remove bill103.exe

Comments
March 7th, 2010 O4, Run, Worm

bill103.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: bill103
Filename: bill103.exe
Registry key:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: %Windir%\bill103.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\bill103.exe

DDS Line:

mRun: [sysfbtray] C:\windows\bill103.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\bill103.exe

Description: new variant of koobface worm

How to remove: use these koobface removal instructions.

What is overlapp32.dll, How to remove overlapp32.dll

Comments
March 5th, 2010 O21, ShellServiceObjectDelayLoad, Trojan

overlapp32.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: overlapp32
Filename: overlapp32.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck

Command: %Windir%\System32\overlapp32.dll
CLSID: {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: WebCheck – {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C} – overlapp32.dll

DDS Line:

SSODL: WebCheck – {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C} – overlapp32.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck – {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C} – overlapp32.dll

Description: trojan also known as Trojan-PSW.Generic [PCTools], Infostealer [Symantec], Downloader-BZS [McAfee], Trojan.KeyLogger.4260 [DrWEB], Win32:Malware-gen [AVAST]

How to remove: use HijackThis +Kaspersky virus removal tool

What is microsft.exe, How to remove microsft.exe

Comments
March 5th, 2010 Malware, Microsoft active setup

microsft.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: microsft
Filename: microsft.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C77088EB-52B1-173B-F6D5-36B5619926BD}

Command: %Program Files%\whyu\microsft.exe
CLSID: {C77088EB-52B1-173B-F6D5-36B5619926BD}
Startup Type: Microsoft active setup
DDS Line:

mASetup: {C77088EB-52B1-173B-F6D5-36B5619926BD} – C:\Program Files\whyu\microsft.exe s

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C77088EB-52B1-173B-F6D5-36B5619926BD}]
C:\Program Files\whyu\microsft.exe s

Description: malware also known as Mal/VB-Z [Sophos]

How to remove: Registry editor + Kaspersky virus removal tool

What is amht.xfo, How to remove amht.xfo

Comments
March 5th, 2010 O4, Run, Trojan

amht.xfo is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: amht
Filename: amht.xfo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe amht.xfo kixxkk
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe amht.xfo kixxkk

Description: trojan also known as Trojan.Sasfis [PCTools], Trojan.Sasfis [Symantec], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is RTHDBPL, How to remove RTHDBPL

Comments
March 5th, 2010 O4, Run, Trojan

RTHDBPL is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: RTHDBPL
Filename: lsass.exe
Registry key:

Command: %userProfile%\Application Data\SystemProc\lsass.exe
CLSID: clsid
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\user\Application Data\SystemProc\lsass.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“RTHDBPL”=C:\Documents and Settings\user\Application Data\SystemProc\lsass.exe

Description: trojan also known as Trojan.Gen [Symantec], Mal/VBInject-D [Sophos], WORM_BUZUS.EHM [TrendMicro]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is TOY5KNQ8OC, How to remove TOY5KNQ8OC

Comments
March 5th, 2010 O4, Run, Trojan

TOY5KNQ8OC is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: TOY5KNQ8OC
Filename: [random 3 characters].ex
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TOY5KNQ8OC

Command: %UserProfile%\LOCALS~1\Temp\[random 3 characters].exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\user\LOCALS~1\Temp\Xb1.exe

DDS Line:

uRun: [TOY5KNQ8OC] C:\DOCUME~1\user\LOCALS~1\Temp\Xb1.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“TOY5KNQ8OC”=C:\DOCUME~1\user\LOCALS~1\Temp\Xb1.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

« Previous Entries
Next Entries »