February 15th, 2010 
O4, Rogue Antispyware/Antivirus, Run
SE2010.exe is a harmful program.
Name: SE2010
Filename: SE2010.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Security essentials 2010
Command: C:\Program Files\Securityessentials2010\SE2010.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe
DDS Line:
uRun: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Security essentials 2010″=C:\Program Files\Securityessentials2010\SE2010.exe
Description: core component of Security Essentials 2010. Security Essentials 2010 is a rogue antispyware program.
How to remove: use these Security Essentials 2010 removal instructions.
February 13th, 2010 F2, Rogue Antispyware/Antivirus, Winlogon\Shell
ccmain.exe is a harmful program.
Name: ccmain
Filename: ccmain.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell
Command: %UserProfile%\Application Data\Control-Center\ccagent.exe
Startup Type: Winlogon\Shell
HijackThis Category: F2
HijackThis Line:
F2 – REG:system.ini: %UserProfile%\Application Data\Control-Center\ccagent.exe
Description: core component of Control Center. Control Center isa fake Windows optimization program.
How to remove: use these Control Center removal instructions.
February 12th, 2010 O4, Rogue Antispyware/Antivirus, Run
MS176.exe is a harmful program.
Name: MS176
Filename: MS176.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | My Security Wall
Command: C:\Documents and Settings\All Users\Application Data\15a2f\MS176.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [My Security Wall] “C:\Documents and Settings\All Users\Application Data\15a2f\MS176.exe” /s /d
DDS Line:
uRun: [My Security Wall] C:\Documents and Settings\All Users\Application Data\15a2f\MS176.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“My Security Wall”=C:\Documents and Settings\All Users\Application Data\15a2f\MS176.exe
Description: core component of My Security Wall. My Security Wall is a rogue antispyware program.
How to remove: use these My Security Wall removal instructions.
February 12th, 2010 O4, Run, Trojan
taskmandb.exe is a harmful program.
Name: taskmandb
Filename: taskmandb.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | taskmandb.exe
Command: %UserProfile%\LOCALS~1\Temp\taskmandb.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [taskmandb.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\taskmandb.exe
DDS Line:
uRun: [taskmandb.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\taskmandb.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“taskmandb.exe”=C:\DOCUME~1\comp\LOCALS~1\Temp\taskmandb.exe
Description: trojan FakeAlert
How to remove: use HijackThis + Malwarebytes` Anti-malware
February 12th, 2010 O4, Run, Worm
freddy101.exe is a harmful program.
Name: freddy101
Filename: freddy101.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray
Command: C:\windows\freddy101.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy101.exe
DDS Line:
mRun: [sysfbtray] C:\windows\freddy101.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy101.exe
Description: component of Koobface worm.
How to remove: use these Koobface removal instructions.
February 11th, 2010 O2, Rogue Antispyware/Antivirus, Run
AvBho.dll is a harmful program.
Name: AvBho
Filename: AvBho.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d541c6a-573b-4888-b35e-6816e68c3620}
Command: C:\Program Files\Antivirus\AvBho.dll
CLSID: {9d541c6a-573b-4888-b35e-6816e68c3620}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: BhoApp – {9d541c6a-573b-4888-b35e-6816e68c3620} – C:\Program Files\Antivirus\AvBho.dll
DDS Line:
BHO: BhoApp: {9d541c6a-573b-4888-b35e-6816e68c3620} – C:\Program Files\Antivirus\AvBho.dll
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d541c6a-573b-4888-b35e-6816e68c3620}]
BhoApp – C:\Program Files\Antivirus\AvBho.dll
Description: malicious BHO module, component of Antivirus. Antivirus is a rogue antispyware program.
How to remove: use these Antivirus removal instructions.
February 10th, 2010 O4, Run, Worm
freddy100.exe is a harmful program.
Name: freddy100
Filename: freddy100.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray
Command: C:\windows\freddy100.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy100.exe
DDS Line:
mRun: [sysfbtray] C:\windows\freddy100.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy100.exe
Description: component of koobface worm
How to remove: use these koobface removal instructions.
February 10th, 2010 O4, Rogue Antispyware/Antivirus, Run
SA[random].exe is a harmful program.
Name: SA[random]
Filename: SA[random].exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Security Antivirus
Command: C:\Documents and Settings\All Users\Application Data\[random]\SA[random].exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Security Antivirus] “C:\Documents and Settings\All Users\Application Data\27a1f\SAc9a.exe” /s /d
DDS Line:
uRun: [Security Antivirus] C:\Documents and Settings\All Users\Application Data\27a1f\SAc9a.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Security Antivirus”=C:\Documents and Settings\All Users\Application Data\27a1f\SAc9a.exe
Description: core component of Security Antivirus. Security Antivirus is a rogue antispyware program.
How to remove: use the Security Antivirus removal instructions.
February 9th, 2010 O4, Rogue Antispyware/Antivirus, Run
ddexpshare.exe is a harmful program.
Name: ddexpshare
Filename: ddexpshare.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ddexpshare.exe
Command: %UserProfile%\LOCALS~1\Temp\ddexpshare.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [ddexpshare.exe] C:\DOCUME~1\user\LOCALS~1\Temp\ddexpshare.exe
DDS Line:
uRun: [ddexpshare.exe] C:\DOCUME~1\user\LOCALS~1\Temp\ddexpshare.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ddexpshare.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\ddexpshare.exe [2010-02-09 786432]
Description: trojan FakeAler that uses to promote Paladin Antivirus. Paladin Antivirus is a rogue antispyware program.
How to remove: use these Paladin Antivirus removal instructions.
February 9th, 2010 O4, Rogue Antispyware/Antivirus, Run
SecurePcAv.exe is a harmful program.
Name: SecurePcAv
Filename: SecurePcAv.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SecurePcAv
Command: C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [SecurePcAv] C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe -min
DDS Line:
uRun: [SecurePcAv] C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SecurePcAv”=C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe
Description: core component of SecurePcAv. SecurePcAv is a rogue antispyware program.
How to remove: use these SecurePcAv removal instructions.
