December 8th, 2009 
Trojan
 |
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: lib
Filename: lib.dll
Command: C:\Program Files\Shared\lib.dll
Description: Trojan.BHO [MalwareBytes Anti-malware]
How to remove: use Malwarebytes` Anti-malware
December 8th, 2009 O4, Run, Worm
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: mstre25
Filename: mstre25.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SySmstray
Command: C:\windows\mstre25.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [SySmstray] C:\windows\mstre25.exe
DDS Line:
mRun: [SySmstray] C:\windows\mstre25.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“SySmstray”=c:\windows\mstre25.exe
Description: component of Koobface worm.
How to remove: use these Koobface removal instructions.
December 8th, 2009 O4, Rogue Antispyware/Antivirus, Run
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: name
Filename: filename
Registry key:
Command: C:\Documents and Settings\All Users\Application Data\RANDOM_NUMBERS\RANDOM_NUMBERS.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [RANDOM_NUMBERS] C:\Documents and Settings\All Users\Application Data\RANDOM_NUMBERS\RANDOM_NUMBERS.exe
DDS Line:
mRun: [RANDOM_NUMBERS] C:\Documents and Settings\All Users\Application Data\RANDOM_NUMBERS\RANDOM_NUMBERS.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“RANDOM_NUMBERS”=C:\Documents and Settings\All Users\Application Data\RANDOM_NUMBERS\RANDOM_NUMBERS.exe
Description: core component of Security Tool. Security Tool is a rogue antispyware program.
How to remove: use these Security Tool removal instructions.
December 8th, 2009 O4, Rogue Antispyware/Antivirus, Run
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: AntiTroy
Filename: AntiTroy.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | antitroy.exe
Command: C:\Program Files\AntiTroy Software\AntiTroy\AntiTroy.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [antitroy.exe] C:\Program Files\AntiTroy Software\AntiTroy\AntiTroy.exe
DDS Line:
uRun: [antitroy.exe] C:\Program Files\AntiTroy Software\AntiTroy\AntiTroy.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“antitroy.exe”=C:\Program Files\AntiTroy Software\AntiTroy\AntiTroy.exe
Description: core component of AntiTroy. AntiTroy is a rogue antispyware program.
How to remove: use these AntiTroy removal instructions.
December 7th, 2009 O4, Startup folder, Trojan
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: siszyd32
Filename: siszyd32.exe
Command: %userProfile%\start menu\programs\startup\siszyd32.exe
Startup Type: StartUp folder
HijackThis Category: O4
HijackThis Line:
O4 – Startup: siszyd32.exe
DDS Line:
StartupFolder: c:\documents and settings\user\start menu\programs\startup\siszyd32.exe
Combofix/RSIT Line:
C:\Documents and Settings\user\Start Menu\Programs\Startup
siszyd32.exe
Description: trojan
How to remove: use HijackThis + Kaspersky virus removal tool
December 7th, 2009 O4, Run, Trojan
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: av_md
Filename: av_md.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | av_md
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | av_md
Command:
%WinDir%\system32\av_md.exe
%UserProfile%\av_md.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [av_md] C:\WINDOWS\system32\av_md.exe
O4 – HKCU\..\Run: [av_md] C:\Documents and Settings\user\av_md.exe
O4 – HKUS\S-1-5-18\..\Run: [av_md] C:\Documents and Settings\user\av_md.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [av_md] C:\Documents and Settings\user\av_md.exe (User ‘Default user’)
DDS Line:
mRun: [av_md] C:\WINDOWS\system32\av_md.exe
uRun: [av_md] C:\Documents and Settings\user\av_md.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“av_md”=C:\WINDOWS\system32\av_md.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“av_md”=C:\Documents and Settings\user\av_md.exe
Description: trojan also known as Trojan.Pandex [Symantec], Backdoor.Win32.HareBot.alo [Kaspersky Lab], Mal/Generic-A [Sophos]
How to remove: use HijackThis + Kaspersky virus removal tool
December 7th, 2009 O4, Policies\Explorer\Run, Run, Trojan
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: ccdrive32
Filename: ccdrive32.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Driver Setup
Command: C:\Windows\ccdrive32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Microsoft Driver Setup] C:\Windows\ccdrive32.exe
O4 – HKLM\..\policies\Explorer\Run: [Microsoft Driver Setup] C:\Windows\ccdrive32.exe
DDS Line:
mRun: [Microsoft Driver Setup] C:\Windows\ccdrive32.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\Windows\ccdrive32.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
“Microsoft Driver Setup”=C:\Windows\ccdrive32.exe
Description: trojan also known as Trojan.Win32.Buzus.crty [Kaspersky Lab], Worm:Win32/Pushbot.gen [Microsoft]
How to remove: use HijackThis + Malwarebytes` Anti-malware
December 7th, 2009 O4, Rogue Antispyware/Antivirus, Run
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: [random]sysguard
Filename: [random]sysguard.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | [random]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | [random]
Command: %UserProfile%\Local Settings\Application Data\[random]\[random]sysguard.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category:
HijackThis Line:
O4 – HKLM\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
O4 – HKCU\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
DDS Line:
mRun: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
uRun: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“[random]”=C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“[random]”=C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
Description: core part of Antivirus Live. Antivirus Live is a rogue antispyware program.
How to remove: use these Antivirus Live removal instructions.
December 7th, 2009 O4, Run, Trojan
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: mydpla
Filename: mydpla.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Technology NT
Command: C:\Windows\System32\mydpla.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Technology NT] C:\Windows\System32\mydpla.exe
DDS Line:
mRun: [Technology NT] C:\Windows\System32\mydpla.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Technology NT”=C:\Windows\System32\mydpla.exe
Description: trojan also known as Trojan-Banker.Win32.Banker.apxq [Kaspersky Lab]
How to remove: use HijackThis + Kaspersky virus removal tool
December 7th, 2009 O4, Run, Trojan
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: ntfs_ext7
Filename: ntfs_ext7.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | NTFS_ext_drv
Command: \?\globalroot\Windows\System32\ntfs_ext7.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [NTFS_ext_drv] \\?\globalroot\Windows\System32\ntfs_ext7.exe
DDS Line:
mRun: [NTFS_ext_drv] \?\globalroot\Windows\System32\ntfs_ext7.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“NTFS_ext_drv”=\?\globalroot\Windows\System32\ntfs_ext7.exe
Description: trojan agent
How to remove: use HijackThis
