What is Avg.exe, How to remove Avg.exe

2 Comments
December 23rd, 2009 O4, Run, Trojan

Avg.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Avg
Filename: Avg.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Avg.exe

Command: C:\windows\Avg.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Avg.exe] C:\windows\Avg.exe

DDS Line:

uRun: [Avg.exe] C:\windows\Avg.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Avg.exe”=C:\windows\Avg.exe

Description: trojan also known as Trojan-Banker.Win32.Banker.etk [Kaspersky Lab], Trojan-Banker.Win32.Banker [Ikarus], TrojanSpy:Win32/Bancos.gen!C [Microsoft], Mal/DelpBanc-A, Mal/Banspy-F, Mal/Banspy-I [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool

What is ldfrmmd.exe, How to remove ldfrmmd.exe

Comments
December 23rd, 2009 O4, Run, Trojan

ldfrmmd.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ldfrmmd
Filename: ldfrmmd.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cximddl

Command: C:\WINDOWS\system32\ldfrmmd.exe
Startup Type: HKCU->run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cximddl] C:\WINDOWS\system32\ldfrmmd.exe

DDS Line:

uRun: [cximddl] C:\WINDOWS\system32\ldfrmmd.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cximddl”=C:\WINDOWS\system32\ldfrmmd.exe

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

What is jdsuml.exe, How to remove jdsuml.exe

Comments
December 23rd, 2009 O4, Run, Trojan

jdsuml.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: jdsuml
Filename: jdsuml.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | qaswww
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Taskman

Command: C:\WINDOWS\system32\jdsuml.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [qaswww] C:\WINDOWS\system32\jdsuml.exe

DDS Line:

uRun: [qaswww] C:\WINDOWS\system32\jdsuml.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“qaswww”=C:\WINDOWS\system32\jdsuml.exe

Description: trojan also known as Malware.Virut [PCTools], W32.Virut.CF [Symantec], Trojan.Win32.Buzus.cqmu [Kaspersky Lab], Troj/Agent-LXF [Sophos], Trojan:Win32/Lethic.B

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is providd.exe, How to remove providd.exe

Comments
December 23rd, 2009 O4, Run, Trojan

providd.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: providd
Filename: providd.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | sqlpdro

Command: C:\WINDOWS\system32\providd.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [sqlpdro] C:\WINDOWS\system32\providd.exe

DDS Line:

uRun: [sqlpdro] C:\WINDOWS\system32\providd.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“sqlpdro”=C:\WINDOWS\system32\providd.exe

Description: trojan dropper

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is ihaupd32.exe, How to remove ihaupd32.exe

Comments
December 23rd, 2009 O4, Startup folder, Trojan

ihaupd32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ihaupd32
Filename: ihaupd32.exe
Command: %UserProfile%\start menu\programs\startup\ihaupd32.exe
Startup Type: StartupFolder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: ihaupd32.exe

Combofix/RSIT Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\ihaupd32.exe

Description: trojan dropper. It installed with updxsp32.exe trojan.

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is updxsp32.exe, How to remove updxsp32.exe

Comments
December 23rd, 2009 O4, Startup folder, Trojan

updxsp32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: updxsp32
Filename: updxsp32.exe
Command: %UserProfile%\start menu\programs\startup\updxsp32.exe
Startup Type: StartupFolder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: updxsp32.exe

Combofix/RSIT Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\updxsp32.exe

Description: Trojan.Dropper

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is Googlev2010.com, How to remove Googlev2010.com

Comments
December 21st, 2009 Trojan

Googlev2010.com is a malicious website

remove The site was created to hijack a web browsers and redirect them to unwanted and irrelevant search results. If your browser is redirected to Googlev2010.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Site addess: Googlev2010.com

How to remove: use Malwarebytes` Anti-malware

What is freddy79.exe, How to remove freddy79.exe

2 Comments
December 21st, 2009 O4, Run, Worm

freddy79.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy79
Filename: freddy79.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy79.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy79.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy79.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy79.exe

Description: component of Koobface worm.

How to remove: use these Koobface removal instructions.

What is ProtectPcs.exe, How to remove ProtectPcs.exe

Comments
December 20th, 2009 O4, Rogue Antispyware/Antivirus, Run

ProtectPcs.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ProtectPcs
Filename: ProtectPcs.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ProtectPcs.exe

Command: C:\Program Files\ProtectPcs Software\ProtectPcs\ProtectPcs.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [ProtectPcs.exe] C:\Program Files\ProtectPcs Software\ProtectPcs\ProtectPcs.exe

DDS Line:

uRun: [ProtectPcs.exe] C:\Program Files\ProtectPcs Software\ProtectPcs\ProtectPcs.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ProtectPcs.exe”=C:\Program Files\ProtectPcs Software\ProtectPcs\ProtectPcs.exe [2009-12-21 1638912]

Description: core component of ProtectPcs. ProtectPcs is a rogue antispyware program.

How to remove: use these ProtectPcs removal instructions.

What is mdefense.exe, How to remove mdefense.exe

Comments
December 20th, 2009 O4, Rogue Antispyware/Antivirus, Run

mdefense.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mdefense
Filename: mdefense.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Malware Defense

Command: C:\Program Files\Malware Defense\mdefense.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Malware Defense] “C:\Program Files\Malware Defense\mdefense.exe” -noscan

DDS Line:

uRun: [Malware Defense] C:\Program Files\Malware Defense\mdefense.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Malware Defense”=C:\Program Files\Malware Defense\mdefense.exe [2009-12-20 1756088]

Description: core component of Malware Defense. Malware Defense is a rogue antispyware program.

How to remove: use these Malware Defense removal instructions.

« Previous Entries
Next Entries »