What is svchust.exe, How to remove svchust.exe

Comments
December 13th, 2009 O23, Service, Trojan

svchust.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: svchust
Filename: svchust.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Net_Login

Command: c:\windows\svchust.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: Net_Login (Net_Login) – Sigma Designs In – C:\WINDOWS\svchust.exe

DDS/Combofix/RSIT Line:

R2 Net_Login;Net_Login;c:\windows\svchust.exe

Description: trojan also known as W32.Pinfi [Symantec], Virus.Win32.Parite.b [Kaspersky Lab], W32/Pate.b [McAfee], PE_PARITE.A [Trend Micro], W32/Parite-B [Sophos], Virus:Win32/Parite.B [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is notepad.dll, How to remove notepad.dll

Comments
December 13th, 2009 O4, Run, Trojan

notepad.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: notepad
Filename: notepad.dll
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | notepad

Command: c:\windows\system32\notepad.dll
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [notepad] rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0

DDS Line:

mRun: [notepad] rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“notepad”=rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0

Description: trojan also known as Packed.Generic.271 [Symantec], Mal/FakeAV-BX, Mal/TibsPk-A [Sophos]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is ntload.dll, How to remove ntload.dll

1 Comment
December 13th, 2009 O4, Run, Trojan

ntload.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ntload
Filename: ntload.dll
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | notepad

Command: %UserProfile%\ntload.dll
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [notepad] rundll32.exe %UserProfile%\ntload.dll,_IWMPEvents@0

DDS Line:

uRun: [notepad] rundll32.exe %UserProfile%\ntload.dll,_IWMPEvents@0

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“notepad”=rundll32.exe %UserProfile%\ntload.dll,_IWMPEvents@0

Description: trojan also know as Packed.Generic.271 [Symantec], Mal/FakeAV-BX, Mal/TibsPk-A [Sophos]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is mstre26.exe, How to remove mstre26.exe

Comments
December 12th, 2009 O4, Run, Worm

mstre26.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mstre26
Filename: mstre26.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SySmstray

Command: c:\windows\mstre26.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [SySmstray] C:\windows\mstre26.exe

DDS Line:

mRun: [SySmstray] C:\windows\mstre26.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“SySmstray”=c:\windows\mstre26.exe

Description: component of Koobface worm.

How to remove: use these Koobface removal instructions.

What is IGuardPc.exe, How to remove IGuardPc.exe

Comments
December 11th, 2009 O4, Rogue Antispyware/Antivirus, Run

IGuardPc.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: IGuardPc
Filename: IGuardPc.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | IGuardPc.exe

Command: C:\Program Files\IGuardPc Software\IGuardPc\IGuardPc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [IGuardPc.exe] C:\Program Files\IGuardPc Software\IGuardPc\IGuardPc.exe

DDS Line:

uRun: [IGuardPc.exe] C:\Program Files\IGuardPc Software\IGuardPc\IGuardPc.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“IGuardPc.exe”=C:\Program Files\IGuardPc Software\IGuardPc\IGuardPc.exe [2009-12-12 1798144]

Description: core component of IGuardPc. IGuardPc is a rogue antispyware program.

How to remove: use these IGuardPc removal instructions.

What is ld16.exe, How to remove ld16.exe

Comments
December 11th, 2009 O4, Run, Worm

ld16.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ld16
Filename: ld16.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysldtray

Command: command
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysldtray] C:\windows\ld16.exe

DDS Line:

mRun: [sysldtray] C:\windows\ld16.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysldtray”=C:\windows\ld16.exe

Description: component of Koobface worm

How to remove: use these Koobface removal instructions.

What is pp13.exe, How to remove pp13.exe

Comments
December 11th, 2009 O4, Run, Worm

pp13.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: pp13
Filename: pp13.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | pp

Command: C:\Windows\pp13.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [pp] C:\Windows\pp13.exe

DDS Line:

mRun: [pp] C:\Windows\pp13.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“pp”=C:\Windows\pp13.exe

Description: component of Koobface worm.

How to remove: use these Koobface removal instructions.

What is freddy76.exe, How to remove freddy76.exe

Comments
December 11th, 2009 O4, Run, Worm

freddy76.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy76
Filename: freddy76.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy76.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy76.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy76.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy76.exe

Description: component of Koobface worm.

How to remove: use these Koobface removal instructions.

What is IS2010.exe, How to remove IS2010.exe

19 Comments
December 10th, 2009 O4, Rogue Antispyware/Antivirus, Run

IS2010.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: IS2010
Filename: IS2010.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Internet Security 2010

Command: C:\Program Files\InternetSecurity2010\IS2010.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe

DDS Line:

uRun: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Internet Security 2010″=C:\Program Files\InternetSecurity2010\IS2010.exe [2009-12-11 1391616]

Description: core component of Internet Security 2010. Internet Security 2010 is a rogue antispyware program.

How to remove: use these Internet Security 2010 removal instructions.

What is SiteAdware.exe, How to remove SiteAdware.exe

Comments
December 10th, 2009 O4, Rogue Antispyware/Antivirus, Run

SiteAdware.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SiteAdware
Filename: SiteAdware.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SiteAdware.exe

Command: C:\Program Files\SiteAdware Software\SiteAdware\SiteAdware.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SiteAdware.exe] C:\Program Files\SiteAdware Software\SiteAdware\SiteAdware.exe

DDS Line:

uRun: [SiteAdware.exe] C:\Program Files\SiteAdware Software\SiteAdware\SiteAdware.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SiteAdware.exe”=C:\Program Files\SiteAdware Software\SiteAdware\SiteAdware.exe [2009-12-11 1638912]

Description: core component of SiteAdware. SiteAdware is a rogue antispyware program.

How to remove: use these SiteAdware removal instructions.

« Previous Entries
Next Entries »