What is clspackxq.exe, How to remove clspackxq.exe

Comments
December 19th, 2009 O4, Run, Trojan

clspackxq.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: clspackxq
Filename: clspackxq.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | clspackxq.exe

Command: %Temp%\clspackxq.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [clspackxq.exe] c:\docume~1\user\locals~1\temp\clspackxq.exe

DDS Line:

uRun: [clspackxq.exe] c:\docume~1\user\locals~1\temp\clspackxq.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“clspackxq.exe”=c:\docume~1\user\locals~1\temp\clspackxq.exe

Description: trojan FakeAlert

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is SysDefence.exe, How to remove SysDefence.exe

Comments
December 17th, 2009 O4, Rogue Antispyware/Antivirus, Run

SysDefence.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SysDefence
Filename: SysDefence.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SysDefence.exe

Command: C:\Program Files\SysDefence Software\SysDefence\SysDefence.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SysDefence.exe] C:\Program Files\SysDefence Software\SysDefence\SysDefence.exe

DDS Line:

uRun: [SysDefence.exe] C:\Program Files\SysDefence Software\SysDefence\SysDefence.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SysDefence.exe”=C:\Program Files\SysDefence Software\SysDefence\SysDefence.exe [2009-12-17 1638912]

Description: core component of SysDefence. SysDefence is positioned as an anti-spyware software, but in reality it is a malicious program, which must be removed immediately after getting on the computer!

How to remove: use these SysDefence removal instructions.

What is TheDefend.exe, How to remove TheDefend.exe

Comments
December 16th, 2009 O4, Rogue Antispyware/Antivirus, Run

TheDefend.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: TheDefend
Filename: TheDefend.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TheDefend.exe

Command: C:\Program Files\TheDefend Software\TheDefend\TheDefend.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [TheDefend.exe] C:\Program Files\TheDefend Software\TheDefend\TheDefend.exe

DDS Line:

uRun: [TheDefend.exe] C:\Program Files\TheDefend Software\TheDefend\TheDefend.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“TheDefend.exe”=C:\Program Files\TheDefend Software\TheDefend\TheDefend.exe [2009-12-17 1638912]

Description: core component of TheDefend. TheDefend is positioned as a program to remove malware, but in reality it is a malicious program, which must be removed immediately after getting on the computer!

How to remove: use these TheDefend removal instructions.

What is winsecurepro2010.microsoft.com, How to remove winsecurepro2010.microsoft.com

Comments
December 16th, 2009 Rogue Antispyware/Antivirus

winsecurepro2010.microsoft.com is a malicious website

remove The site was created to spread Antivirus Live. If your browser is redirected to winsecurepro2010.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Site addess: winsecurepro2010.microsoft.com
Description: winsecurepro2010.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Live.

How to remove: use these Antivirus Live removal instructions in order to remove this infection.

What is GuardPcs.exe, How to remove GuardPcs.exe

Comments
December 15th, 2009 O4, Rogue Antispyware/Antivirus, Run

GuardPcs.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: GuardPcs
Filename: GuardPcs.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | GuardPcs.exe

Command: C:\Program Files\GuardPcs Software\GuardPcs\GuardPcs.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [GuardPcs.exe] C:\Program Files\GuardPcs Software\GuardPcs\GuardPcs.exe

DDS Line:

uRun: [GuardPcs.exe] C:\Program Files\GuardPcs Software\GuardPcs\GuardPcs.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“GuardPcs.exe”=C:\Program Files\GuardPcs Software\GuardPcs\GuardPcs.exe [2009-12-15 1638912]

Description: core component of GuardPcs. GuardPcs is a rogue antispyware program.

How to remove: use these GuardPcs removal instructions.

What is Freddy77.exe, How to remove Freddy77.exe

Comments
December 14th, 2009 O4, Run, Worm

Freddy77.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Freddy77
Filename: Freddy77.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy77.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy77.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy77.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy77.exe

Description: part of Koobface worm

How to remove: use these Koobface removal instructions.

What is winsts.sys, How to remove winsts.sys

Comments
December 13th, 2009 O23, Service, Trojan

winsts.sys is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winsts
Filename: winsts.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsts

Command: c:\windows\system32\winsts.sys
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: winsts (winsts) – – C:\WINDOWS\system32\winsts.sys

DDS/Combofix/RSIT Line:

S3 winsts;winsts;c:\windows\system32\winsts.sys

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool or ask for help in the Spyware removal forum.
How to remove: link

What is ansid.exe, How to remove ansid.exe

Comments
December 13th, 2009 O23, Service, Virus

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ansid
Filename: ansid.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvcRDSessMgr

Command: c:\windows\SYSTEM32\ansid.exe
Startup Type: Service
HijackThis Category:
HijackThis Line:

O23 – Service: NetMeeting Remote Desktop Sharing mnmsrvcRDSessMgr (mnmsrvcRDSessMgr) – – C:\WINDOWS\system32\ansid.exe srv

DDS/Combofix/RSIT Line:

R2 mnmsrvcRDSessMgr;NetMeeting Remote Desktop Sharing mnmsrvcRDSessMgr;c:\windows\SYSTEM32\ansid.exe srv

Description: virus also known as W32.Virut.CF [Symantec], Virus.Win32.Virut.ce [Kaspersky Lab], W32/Virut.n.gen [McAfee], W32/Scribble-B [Sophos], Virus:Win32/Virut.BM [Microsoft]

How to remove: use Kaspersky virus removal tool

What is services.exe, How to remove services.exe

Comments
December 13th, 2009 O4, Run, Trojan

services.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: services
Filename: services.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | exec

Command: %FontsDir%\services.exe
Startup Type:
HijackThis Category:
HijackThis Line:

HKLM\..\Run: [exec] %FontsDir%\services.exe

DDS Line:

mRun: [exec] %FontsDir%\services.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“exec”=%FontsDir%\services.exe

Description: trojan, also known as Trojan Horse [Symantec], Trojan-Spy.Win32.VB.bzc [Kaspersky Lab], Adclicker-GV [McAfee], Troj/VB-EHN [Sophos], Trojan:Win32/Puzlice.A [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is wincert.dll, How to remove wincert.dll

Comments
December 13th, 2009 AppCertDlls, Trojan

wincert.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wincert
Filename: wincert.dll
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls | AppSecDll

Command: C:\Windows\System32\wincert.dll
Startup Type: AppCertDlls
Description: trojan also known as Mal/Xilcter-A [Sophos]

How to remove: use Malwarebytes` Anti-malware + Kaspersky virus removal tool

« Previous Entries
Next Entries »