December 29th, 2009 
O4, Rogue Antispyware/Antivirus, Run
GreatDefender.exe is a harmful program.
Name: GreatDefender
Filename: GreatDefender.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | GreatDefender.exe
Command: C:\Program Files\GreatDefender Software\GreatDefender\GreatDefender.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [GreatDefender.exe] C:\Program Files\GreatDefender Software\GreatDefender\GreatDefender.exe
DDS Line:
uRun: [GreatDefender.exe] C:\Program Files\GreatDefender Software\GreatDefender\GreatDefender.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“GreatDefender.exe”=C:\Program Files\GreatDefender Software\GreatDefender\GreatDefender.exe
Description: core component of GreatDefender. GreatDefender is a rogue antispyware program.
How to remove: use these GreatDefender removal instructions.
December 29th, 2009 O4, Rogue Antispyware/Antivirus, Run
sysclpro.exe is a harmful program.
Name: sysclpro
Filename: sysclpro.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SystemCleanerPRO
Command: C:\Program Files\SystemCleanerPRO\sysclpro.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [SystemCleanerPRO] “C:\Program Files\SystemCleanerPRO\sysclpro.exe” /autorun
DDS Line:
uRun: [SystemCleanerPRO] C:\Program Files\SystemCleanerPRO\sysclpro.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SystemCleanerPRO”=C:\Program Files\SystemCleanerPRO\sysclpro.exe [2009-04-01 931840]
Description: core component of SystemCleanerPRO. SystemCleanerPRO is a rogue antispyware program.
How to remove: use these SystemCleanerPRO removal instructions.
December 29th, 2009 O4, Rogue Antispyware/Antivirus, Run
restore.exe is a harmful program.
Name: restore
Filename: restore.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Restore
Command: C:\Documents and Settings\All Users\Application Data\F\restore.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Restore] C:\Documents and Settings\All Users\Application Data\F\restore.exe
DDS Line:
uRun: [Restore] C:\Documents and Settings\All Users\Application Data\F\restore.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Restore”=C:\Documents and Settings\All Users\Application Data\F\restore.exe [2009-12-29 22528]
Description: core components of Antispyware Shield Pro. Antispyware Shield Pro is a rogue antispyware program.
How to remove: use these Antispyware Shield Pro removal instructions.
December 27th, 2009 Microsoft active setup, Trojan
wivrs.exe is a harmful program.
Name: wivrs
Filename: wivrs.exe
Registry key:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5}
Command: c:\windows\system32\wivrs.exe
CLSID: {43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5}
Startup Type: Microsoft active setup
DDS Line:
mASetup: {43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5} – c:\windows\system32\wivrs.exe
Combofix:
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5}]
c:\windows\system32\wivrs.exe
Description: trojan
How to remove: use Windows registry editor (regedit) + Malwarebytes` Anti-malware
December 27th, 2009 O4, Rogue Antispyware/Antivirus, Run
Total PC Defender.exe is a harmful program.
Name: Total PC Defender
Filename: Total PC Defender.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Total PC Defender
Command: C:\Program Files\Total PC Defender\Total PC Defender.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Total PC Defender] C:\Program Files\Total PC Defender\Total PC Defender.exe
DDS Line:
mRun: [Total PC Defender] C:\Program Files\Total PC Defender\Total PC Defender.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Total PC Defender”=C:\Program Files\Total PC Defender\Total PC Defender.exe [2009-12-27 1247744]
Description: core component of Total PC Defender. Total PC Defender is a rogue antispyware program.
How to remove: use these Total PC Defender removal instructions.
December 26th, 2009 O4, Run, Worm
pp14.exe is a harmful program.
Name: pp14
Filename: pp14.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | pp
Command: C:\Windows\pp14.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [pp] C:\Windows\pp14.exe
DDS Line:
mRun: [pp] C:\Windows\pp14.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“pp”=C:\Windows\pp14.exe
Description: component of Koobface worm
How to remove: use these Koobface removal instructions.
December 26th, 2009 O17, Trojan
193.104.110.38 is a malicious DNS server
 |
If your browser is hijacked or Google, Yahoo, MSN search results are redirected to non related sites, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 193.104.110.38
HijackThis Category: O17
HijackThis Line:
O17 – HKLM\System\CCS\Services\Tcpip\..\{1C45AC7D-FB10-4D86-9C82-ABC6221372F6}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254
O17 – HKLM\System\CS1\Services\Tcpip\..\{1C45AC7D-FB10-4D86-9C82-ABC6221372F6}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254
MalwareBytes` Anti-malware shows infection:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1C45AC7D-FB10-4D86-9C82-ABC6221372F6}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38
Description: 193.104.110.38 used as DNS server to redirect browser to non related sites
How to remove: use HijackThis + Malwarebytes` Anti-malware
December 24th, 2009 O4, Rogue Antispyware/Antivirus, Run
APCProtect.exe is a harmful program.
Name: APCProtect
Filename: APCProtect.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | APCProtect.exe
Command: C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [APCProtect.exe] C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe
DDS Line:
uRun: [APCProtect.exe] C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“APCProtect.exe”=C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe [2009-12-25 1798144]
Description: core component of APCProtect. APCProtect is a rogue antispyware program.
How to remove: use these APCProtect removal instructions.
December 24th, 2009 Driver, Rootkit, Trojan
H8SRT.sys is a harmful driver.
Driver name: H8SRT.sys
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys
Command: C:\WINDOWS\system32\drivers\H8SRT[random].sys
Startup Type: Driver
Description: trojan-rootkit also known as Rootkit.TDSS.
How to remove: use these H8SRT trojan removal instructions.
December 23rd, 2009 O4, Rogue Antispyware/Antivirus, Run
Security Central.exe is a harmful program.
Name: Security Central
Filename: Security Central.exe
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Security Central
Command: C:\Program Files\Security Central\Security Central.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Security Central] C:\Program Files\Security Central\Security Central.exe
DDS Line:
mRun: [Security Central] C:\Program Files\Security Central\Security Central.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Security Central”=C:\Program Files\Security Central\Security Central.exe
Description: core component of Security Central. Security Central is a rogue antispyware program.
How to remove: use these Security Central removal instructions.
