December 1st, 2009 
O4, Run, Trojan
photo_id.exe is a harmful program.
Name: photo_id
Filename: photo_id.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | photo_id
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | photo_id
Command:
C:\WINDOWS\system32\photo_id.exe
%UserProfile%\photo_id.exe
C:\WINDOWS\system32\config\systemprofile\photo_id.exe
Startup Type: HKLM->Run. HKCU->Run
HijackThis Category:
HijackThis Line:
O4 – HKLM\..\Run: [photo_id] C:\WINDOWS\system32\photo_id.exe
O4 – HKCU\..\Run: [photo_id] C:\Documents and Settings\user\photo_id.exe
O4 – HKUS\S-1-5-18\..\Run: [photo_id] C:\WINDOWS\system32\config\systemprofile\photo_id.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [photo_id] C:\WINDOWS\system32\config\systemprofile\photo_id.exe (User ‘Default user’)
DDS Line:
mRun: [photo_id] C:\WINDOWS\system32\photo_id.exe
uRun: [photo_id] C:\Documents and Settings\user\photo_id.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“photo_id”=C:\WINDOWS\system32\photo_id.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“photo_id”=C:\Documents and Settings\user\photo_id.exe
Description: trojan
How to remove: use HijackThis + Malwarebytes` Anti-malware
December 1st, 2009 autorun.inf, Trojan
pbudsara.exe is a harmful program.
Name: pbudsara
Filename: pbudsara.exe
Command: c:\pbudsara.exe
Startup Type: autorun.inf
Description: trojan that using autorun.inf files to spread inself
How to remove: use these autorun.inf trojans removal instructions
December 1st, 2009 autorun.inf, O4, Run, Trojan
herss.exe is a harmful program.
Name: herss
Filename: herss.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cdoosoft
Command: %Temp%\herss.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [cdoosoft] %Temp%\herss.exe
DDS Line:
uRun: [cdoosoft] %Temp%\herss.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cdoosoft”=%Temp%\herss.exe
Description: trojan also known as Trojan-GameThief.Win32.Magania.cmla [Kaspersky Lab], Mal/Taterf-A [Sophos], Worm:Win32/Taterf.B [Microsoft], Trojan.Win32.Inhoo [Ikarus]
How to remove: use HijackThis + these autorun.inf trojans removal instructions.
December 1st, 2009 O4, Policies\Explorer\Run, Run, Trojan
wind7upd.exe is a harmful program.
Name: wind7upd
Filename: wind7upd.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup
Command: C:\Windows\wind7upd.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4:HKLM\..\Run: [Microsoft Driver Setup] C:\Windows\wind7upd.exe
O4:HKLM\..\policies\Explorer\Run: [Microsoft Driver Setup] C:\Windows\wind7upd.exe
DDS Line:
mRun: [Microsoft Driver Setup] C:\Windows\wind7upd.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
“Microsoft Driver Setup”=C:\Windows\wind7upd.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\Windows\wind7upd.exe
Description: trojan downloader
How to remove: use HijackThis + Malwarebytes` Anti-malware
December 1st, 2009 LSP, O10, Rogue Antispyware/Antivirus, Trojan
winhelper86.dll is a harmful program.
Name: winhelper86
Filename: winhelper86.dll
Command: C:\WINDOWS\system32\winhelper86.dll
Startup Type: LSP
HijackThis Category: O10
HijackThis Line:
O10 – Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll
MalwareBytes Anti-malware Log Line:
C:\WINDOWS\system32\winhelper86.dll (Trojan.Fakeinit)
Combofix:
LSP: c:\windows\system32\winhelper86.dll
Description: trojan that installed with Advanced Virus Remover
How to remove: use LSP Fix or these Advanced Virus Remover removal instructions.
December 1st, 2009 Rogue Antispyware/Antivirus
Winwarepro2010.microsoft.com is a malicious website
 |
The site was created to spread Antivirus System Pro. If your browser is redirected to Winwarepro2010.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
Site addess: Winwarepro2010.microsoft.com
Description: Winwarepro2010.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus System Pro.
How to remove: use these Antivirus System Pro removal instructions in order to remove this infection.
December 1st, 2009 O4, Rogue Antispyware/Antivirus, Run
AntiAdd.exe is a harmful program.
Name: AntiAdd
Filename: AntiAdd.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiAdd.exe
Command: C:\Program Files\AntiAdd Software\AntiAdd\AntiAdd.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [AntiAdd.exe] C:\Program Files\AntiAdd Software\AntiAdd\AntiAdd.exe
DDS Line:
uRun: [AntiAdd.exe] C:\Program Files\AntiAdd Software\AntiAdd\AntiAdd.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiAdd.exe”=C:\Program Files\AntiAdd Software\AntiAdd\AntiAdd.exe [2009-12-01 1638400]
Description: core component of AntiAdd. AntiAdd is a rogue antispyware program.
How to remove: use these AntiAdd removal instructions.
November 29th, 2009 O4, Run, Trojan
This is a harmful program.
Name: sys64_nov
Filename: sys64_nov.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sys64_nov
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | sys64_nov
Command:
%WinDir%\system32\sys64_nov.exe
%UserProfile%\sys64_nov.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [sys64_nov] C:\WINDOWS\system32\sys64_nov.exe
O4 – HKCU\..\Run: [sys64_nov] C:\Documents and Settings\user\sys64_nov.exe
DDS Line:
mRun: [sys64_nov] C:\WINDOWS\system32\sys64_nov.exe
uRun: [sys64_nov] C:\Documents and Settings\user\sys64_nov.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sys64_nov”=C:\WINDOWS\system32\sys64_nov.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“sys64_nov”=C:\Documents and Settings\user\sys64_nov.exe
Description: trojan agent that installed with rogue antispyware programs
How to remove: use HijackThis + Malwarebytes` Anti-malware
November 28th, 2009 O4, Run, Trojan
sshnas.dll is a harmful program.
Name: sshnas
Filename: sshnas.dll
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SSHNAS
Command: C:\Windows\system32\sshnas.dll
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork
DDS Line:
uRun: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SSHNAS”=rundll32.exe C:\Windows\system32\sshnas.dll,DllWork
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
Description: component of trojan FakeAlert
How to remove: use these sshnas.dll removal instructions.
November 28th, 2009 F2, system.ini, Trojan
winlogon86.exe is a harmful program.
Name: winlogon86
Filename: winlogon86.exe
Command: C:\WINDOWS\system32\winlogon86.exe
Startup Type: System.ini
HijackThis Category: F2
HijackThis Line:
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
Description: trojan that installed with rogue antispyware program.
How to remove: use HijackThis + Malwarebytes` Anti-malware
