What is raidhost.exe, How to remove raidhost.exe

Comments
December 7th, 2009 O4, Run, Trojan

raidhost.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: raidhost
Filename: raidhost.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | raidhost

Command: C:\Windows\raidhost.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [raidhost] raidhost.exe

DDS Line:

mRun: [raidhost] raidhost.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“raidhost”=raidhost.exe

Description: trojan also known as Backdoor.Trojan [Symantec], Worm.Win32.AutoRun.gow [Kaspersky Lab], W32/Autorun.worm!fi [McAfee], Backdoor:Win32/IRCbot [Microsoft], Backdoor.Win32.IRCBot [Ikarus]

How to remove: use HijackThis + Kaspersky virus removal tool

What is Corpor.dll, How to remove Corpor.dll

Comments
December 7th, 2009 BHO, O2, Trojan

Corpor.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Corpor
Filename: Corpor.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FF40C83-9F3A-449C-8874-4C867931D5EA}

Command: C:\Windows\System32\Corpor.dll
CLSID: {8FF40C83-9F3A-449C-8874-4C867931D5EA}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: IEE – {8FF40C83-9F3A-449C-8874-4C867931D5EA} – C:\Windows\System32\Corpor.dll

DDS Line:

BHO: IEE: {8FF40C83-9F3A-449C-8874-4C867931D5EA} – C:\Windows\System32\Corpor.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FF40C83-9F3A-449C-8874-4C867931D5EA}]
IEE – C:\Windows\System32\Corpor.dll

Description: trojan also known as Trojan-Downloader.Win32.Agent.cwyk [Kaspersky Lab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is Winsecure2010.microsoft.com, How to remove Winsecure2010.microsoft.com

Comments
December 7th, 2009 Rogue Antispyware/Antivirus

Winsecure2010.microsoft.com is a malicious website

remove The site was created to spread Antivirus System Pro. If your browser is redirected to Winsecure2010.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Site addess: Winsecure2010.microsoft.com
Description: Winsecure2010.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus System Pro.

How to remove: use these Antivirus System Pro removal instructions in order to remove this infection.

What is sysdiag64.exe, How to remove sysdiag64.exe

Comments
December 5th, 2009 O4, Run, Trojan

sysdiag64.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sysdiag64
Filename: sysdiag64.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | MSN

Command: C:\Windows\sysdiag64.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [MSN] C:\Windows\sysdiag64.exe

DDS Line:

uRun: [MSN] C:\Windows\sysdiag64.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“MSN”=C:\Windows\sysdiag64.exe

Description: trojan

How to remove: use HijackThis + SUPERAntiSpyware

What is winhbt.exe, How to remove winhbt.exe

Comments
December 5th, 2009 O4, Run, Trojan

winhbt.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winhbt
Filename: winhbt.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | winhbt.exe

Command: %Temp%\winhbt.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [winhbt.exe] %Temp%\winhbt.exe

DDS Line:

uRun: [winhbt.exe] %Temp%\winhbt.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“winhbt.exe”=%Temp%\winhbt.exe

Description: trojan FakeAV

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is richtx64.exe, How to remove richtx64.exe

Comments
December 5th, 2009 O4, Run, Trojan

richtx64.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: richtx64
Filename: richtx64.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | richtx64.exe

Command: %Temp%\richtx64.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\richtx64.exe

DDS Line:

uRun: [richtx64.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\richtx64.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“richtx64.exe”=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\richtx64.exe

Description: trojan FakeAlert

How to remove: use these richtx64.exe (trojan FakeAlert) removal instructions.

What is ieso0.dll, How to remove ieso0.dll

Comments
December 5th, 2009 BHO, O2, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: name
Filename: filename
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}

Command: C:\Windows\System32\ieso0.dll
CLSID: {CE7C3CF0-4B15-11D1-ABED-709549C10000}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: IEHlprObj – {CE7C3CF0-4B15-11D1-ABED-709549C10000} – C:\Windows\System32\ieso0.dll

DDS Line:

BHO: IEHlprObj: {CE7C3CF0-4B15-11D1-ABED-709549C10000} – C:\Windows\System32\ieso0.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
IEHlprObj – C:\Windows\System32\ieso0.dll

Description: component of autorun.inf trojan. It installed with kxvo.exe

How to remove: use HijackThis + these autorun.inf trojans removal instructions

What is kxvo.exe, How to remove kxvo.exe

Comments
December 5th, 2009 O4, Run, Trojan

kxvo.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: kxvo
Filename: kxvo.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | kxva

Command: C:\WINDOWS\system32\kxvo.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe

DDS Line:

uRun: [kxva] C:\WINDOWS\system32\kxvo.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“kxva”=C:\WINDOWS\system32\kxvo.exe

Description: trojan also known as W32.Gammima [Symantec], Trojan.Win32.Vaklik.yl [Kaspersky Lab], PWS-Gamania.gen.a [McAfee], TROJ_VAKLIK.EQ [Trend Micro], Mal/EncPk-CE [Sophos], Worm:Win32/Taterf.B [Microsoft], Dropper/Malware.158261 [AhnLab]. It uses autorun.inf files to spread itself.

How to remove: use these autorun.inf trojans removal instructions

What is essledv.exe, How to remove essledv.exe

1 Comment
December 4th, 2009 O4, Run, Trojan

essledv.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: essledv
Filename: essledv.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ttool

Command: C:\Windows\essledv.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [ttool] C:\Windows\essledv.exe

DDS Line:

uRun: [ttool] C:\Windows\essledv.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ttool”=C:\Windows\essledv.exe

Description: trojan also known as Trojan.Generic [PCTools], Trojan Horse [Symantec], Trojan-PSW.Win32.Papras.og [Kaspersky Lab], Troj/PWS-BFX [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool

What is regsvr.exe, How to remove regsvr.exe

Comments
December 4th, 2009 O4, Run, Trojan

regsvr.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: regsvr
Filename: regsvr.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Msn Messsenger

Command: C:\Windows\System32
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Msn Messsenger] C:\Windows\System32\regsvr.exe

DDS Line:

uRun: [Msn Messsenger] C:\Windows\System32regsvr.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Msn Messsenger”=C:\Windows\System32regsvr.exe

Description: trojan also known as W32.Imaut [Symantec], Worm.Win32.AutoIt.x, not-a-virus:Monitor.Win32.Ardamax.ae [Kaspersky Lab], W32/Autorun.worm.bm [McAfee], Mal/Generic-A [Sophos], VirTool:Win32/ModTool.A [Microsoft]

How to remove: use HijackThis + Kaspersky virus removal tool

« Previous Entries
Next Entries »