av.exe – core part of Vista Guardian, Antivirus Vista 2010, Vista Antispyware 2010, Vista Antivirus Pro, Vista Internet Security 2010

Comments
January 29th, 2010 File associations, Rogue Antispyware/Antivirus

av.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: av
Filename: av.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_CLASSES_ROOT\.exe\shell\open\command | @= “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_CLASSES_ROOT\secfile\shell\open\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”

Command: %UserProfile%\Local Settings\Application Data\av.exe
Startup Type: File associations
Description: core component of Vista Guardian, Antivirus Vista 2010, Vista Antispyware 2010, Vista Antivirus Pro, Vista Internet Security 2010

How to remove: use these Vista Guardian, Antivirus Vista 2010, Vista Antispyware 2010, Vista Antivirus Pro, Vista Internet Security 2010 removal instructions.

What is freddy82.exe, How to remove freddy82.exe

Comments
January 28th, 2010 O4, Run, Worm

freddy82.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy82
Filename: freddy82.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy82.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy82.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy82.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy82.exe

Description: component of koobface worm

How to remove: use these koobface removal instructions.

What is incognito.exe, How to remove incognito.exe

12 Comments
January 28th, 2010 Microsoft active setup, Trojan

incognito.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: incognito
Filename: incognito.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB}

Command: c:\windows\system32\incognito.exe
CLSID: {ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB}
Startup Type: Microsoft active setup
DDS Line:

mASetup: {ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB} – c:\windows\system32\incognito.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB}]
c:\windows\system32\incognito.exe

Description: trojan also known as Trojan.Win32.Buzus.dahy [Kaspersky Lab], Mal/Generic-A [Sophos]

How to remove: use Kaspersky virus removal tool or Windows Registry editor

What is av.exe, How to remove av.exe

Comments
January 28th, 2010 File associations, Rogue Antispyware/Antivirus

av.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: av
Filename: av.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\secfile

Command: %Appdata%\av.exe
Startup Type: File associations
Description: core component of XP Internet Security 2010. XP Internet Security 2010 also known as XP Guardian, Antivirus XP 2010 is a rogue antispyware program.

How to remove: use these XP Internet Security 2010, XP Guardian, Antivirus XP 2010 removal instructions.

What is PcSecureNet.exe, How to remove PcSecureNet.exe

Comments
January 28th, 2010 O4, Rogue Antispyware/Antivirus, Run

PcSecureNet.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: PcSecureNet
Filename: PcSecureNet.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | PcSecureNet

Command: C:\Program Files\PcSecureNet Software\PcSecureNet\PcSecureNet.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [PcSecureNet] C:\Program Files\PcSecureNet Software\PcSecureNet\PcSecureNet.exe -min

DDS Line:

uRun: [PcSecureNet] C:\Program Files\PcSecureNet Software\PcSecureNet\PcSecureNet.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“PcSecureNet”=C:\Program Files\PcSecureNet Software\PcSecureNet\PcSecureNet.exe

Description: core component of PcSecureNet. PcSecureNet is a rogue antispyware program.

How to remove: use these PcSecureNet removal instructions.

What is IAPro.exe, How to remove IAPro.exe

Comments
January 27th, 2010 O4, Rogue Antispyware/Antivirus, Run

IAPro.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: IAPro
Filename: IAPro.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Live Enterprise Suite

Command: C:\program files\Internet Antivirus Pro\IAPro.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Live Enterprise Suite] “C:\program files\Internet Antivirus Pro\IAPro.exe” /s

DDS Line:

uRun: [Live Enterprise Suite] “c:\program files\internet antivirus pro\IAPro.exe” /s

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Live Enterprise Suite”=C:\program files\Internet Antivirus Pro\IAPro.exe [2010-01-27 1623552]

Description: core component of Live Enterprise Suite. Live Enterprise Suite is a rogue antispyware program.

How to remove: use these Live Enterprise Suite removal instructions.

What is PcsSecure.exe, How to remove PcsSecure.exe

Comments
January 25th, 2010 O4, Rogue Antispyware/Antivirus, Run

PcsSecure.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: PcsSecure
Filename: PcsSecure.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PcsSecure

Command: C:\Program Files\PcsSecure Software\PcsSecure\PcsSecure.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [PcsSecure] C:\Program Files\PcsSecure Software\PcsSecure\PcsSecure.exe -min

DDS Line:

mRun: [PcsSecure] C:\Program Files\PcsSecure Software\PcsSecure\PcsSecure.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“PcsSecure”=C:\Program Files\PcsSecure Software\PcsSecure\PcsSecure.exe

Description: core component of PcsSecure. PcsSecure is a rogue antispyware program.

How to remove: use these PcsSecure removal instructions.

What is livemessenger.exe, How to remove livemessenger.exe

Comments
January 23rd, 2010 O4, Run, RunOnce, RunOnceEx, Worm

livemessenger.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: livemessenger
Filename: livemessenger.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Microsoft Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | Microsoft Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx | Microsoft Update

Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Update] livemessenger.exe

DDS Line:

mRun: [Microsoft Update] livemessenger.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Update”=livemessenger.exe

Description: Backdoor.Win32.Rbot.bll [Kaspersky Lab], W32.IRCBot [Symantec], W32/Sdbot.worm.gen.t [McAfee]

How to remove: use HijackThis + Kaspersky virus removal tool

What is msdrv32.exe, How to remove msdrv32.exe

Comments
January 23rd, 2010 O4, Policies\Explorer\Run, Run, Worm

msdrv32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: msdrv32
Filename: msdrv32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Driver Setup

Command: %WinDir%\msdrv32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Driver Setup] C:\Windows\msdrv32.exe
O4 – HKLM\..\policies\Explorer\Run: [Microsoft Driver Setup] C:\Windows\msdrv32.exe

DDS Line:

mRun: [Microsoft Driver Setup] C:\Windows\msdrv32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\Windows\msdrv32.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
“Microsoft Driver Setup”=C:\Windows\msdrv32.exe

Description: worm also known as Worm:Win32/Pushbot.gen [Microsoft], Backdoor.Win32.IRCBot.gen [Kaspersky Lab], Exploit-DcomRpc.gen [McAfee], Mal/Behav-134, Mal/IRCBot-B [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool

What is APcSafe.exe, How to remove APcSafe.exe

Comments
January 23rd, 2010 O4, Rogue Antispyware/Antivirus, Run

APcSafe.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: APcSafe
Filename: APcSafe.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | APcSafe

Command: C:\Program Files\APcSafe Software\APcSafe\APcSafe.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [APcSafe] C:\Program Files\APcSafe Software\APcSafe\APcSafe.exe -min

DDS Line:

mRun: [APcSafe] C:\Program Files\APcSafe Software\APcSafe\APcSafe.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“APcSafe”=C:\Program Files\APcSafe Software\APcSafe\APcSafe.exe

Description: core component of APcSafe. APcSafe is a rogue antispyware program.

How to remove: use these APcSafe removal instructions.

« Previous Entries
Next Entries »