November 5th, 2009 
Rogue Antispyware/Antivirus
malware-url.com is a malicious website
 |
The site was created to spread Alpha Antivirus. If your browser is redirected to malware-url.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 95.143.207.4
Site addess: malware-url.com
Description: The site used to promote the rogue antispyware program called Alpha Antivirus.
How to remove: use these Alpha Antivirus removal instructions in order to remove this infection.
November 4th, 2009 O4, Rogue Antispyware/Antivirus, Run
BlockProtector.exe is a harmful program.
Name: BlockProtector
Filename: BlockProtector.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BlockProtector.exe
Command: C:\Program Files\BlockProtector Software\BlockProtector\BlockProtector.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [BlockProtector.exe] C:\Program Files\BlockProtector Software\BlockProtector\BlockProtector.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“BlockProtector.exe”=C:\Program Files\BlockProtector Software\BlockProtector\BlockProtector.exe [2009-11-05 772608]
Description: core component of BlockProtector. BlockProtector is a rogue antispyware program.
How to remove: use these BlockProtector removal instructions.
November 4th, 2009 F2, system.ini, Trojan
logon.exe is a harmful program.
Name: logon
Filename: logon.exe
Startup Type: system.ini
HijackThis Category: F2
HijackThis Line:
F2 – REG:system.ini: Shell=Explorer.exe logon.exe
Description: trojan that installed with a rogue antispyware program
How to remove: use HijackThis + Malwarebytes` Anti-malware
November 4th, 2009 O21, ShellServiceObjectDelayLoad, Trojan
This is a harmful program.
Name: sysnet
Filename: sysnet.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | SysNet
Command: C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll
CLSID: {13E9115E-2CB0-4CAB-91D0-507E9368ED1B}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:
O21 – SSODL: SysNet – {13E9115E-2CB0-4CAB-91D0-507E9368ED1B} – C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll
RSIT Line:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SysNet – {13E9115E-2CB0-4CAB-91D0-507E9368ED1B} – C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll
Description: trojan agent that installed with a rogue antispyware program
How to remove: use HijackThis + Malwarebytes` Anti-malware
November 4th, 2009 O20, Trojan, Winlogon\Notify
csrss1.dll is a harmful program.
Name: csrss1
Filename: csrss1.dll
Registry key:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Csrss
Command: c:\windows\system32\csrss1.dll
Startup Type: Winlogon Notify
HijackThis Category: O20
HijackThis Line:
O20 – Winlogon Notify: Csrss – c:\windows\system32\csrss1.dll
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Csrss]
2009-10-20 17:31 139264 —-a-w- c:\windows\system32\csrss1.dll
Description: unknown trojan
How to remove: use HijackThis + Malwarebytes` Anti-malware
November 4th, 2009 O1, Rogue Antispyware/Antivirus
ossecure2009.microsoft.com is a malicious website
|
The site was created to spread Antivirus System Pro. If your browser is redirected to ossecure2009.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 91.212.127.226
Site addess: ossecure2009.microsoft.com
HijackThis Category: O1
HijackThis Line:
O1 – Hosts: 91.212.127.226 ossecure2009.microsoft.com
Description: ossecure2009.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus System Pro.
How to remove: use these Antivirus System Pro removal instructions in order to remove this infection.
November 4th, 2009 O1, Rogue Antispyware/Antivirus
browser-security.microsoft.com is a malicious website
|
The site was created to spread Antivirus System Pro. If your browser is redirected to browser-security.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 195.245.119.131
Site addess: browser-security.microsoft.com
HijackThis Category: O1
HijackThis Line:
O1 – Hosts: 195.245.119.131 browser-security.microsoft.com
Description: browser-security.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus System Pro.
How to remove: use these Antivirus System Pro removal instructions in order to remove this infection.
November 4th, 2009 O1, Rogue Antispyware/Antivirus
winguard2009.microsoft.com is a malicious website
|
The site was created to spread Antivirus System Pro. If your browser is redirected to winguard2009.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum. |
IP Address: 91.212.127.226
Site addess: winguard2009.microsoft.com
HijackThis Category: O1
HijackThis Line:
O1 – Hosts: 91.212.127.226 winguard2009.microsoft.com
Description: winguard2009.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus System Pro.
How to remove: use these Antivirus System Pro removal instructions in order to remove this infection.
November 3rd, 2009 O4, Rogue Antispyware/Antivirus, Run
BlockKeeper.exe is a harmful program.
Name: BlockKeeper
Filename: BlockKeeper.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | BlockKeeper
Command: C:\Program Files\BlockKeeper Software\BlockKeeper\BlockKeeper.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [BlockKeeper] C:\Program Files\BlockKeeper Software\BlockKeeper\BlockKeeper.exe -min
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“BlockKeeper”=C:\Program Files\BlockKeeper Software\BlockKeeper\BlockKeeper.exe [2009-11-03 830976]
Description: part of BlockKeeper. BlockKeeper is a rogue antispyware program.
How to remove: use these BlockKeeper removal insructions
October 31st, 2009 O4, Rogue Antispyware/Antivirus, Run
BlockScanner.exe is a harmful program.
Name: BlockScanner
Filename: BlockScanner.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | BlockScanner
Command: C:\Program Files\BlockScanner Software\BlockScanner\BlockScanner.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [BlockScanner] C:\Program Files\BlockScanner Software\BlockScanner\BlockScanner.exe -min
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“BlockScanner”=C:\Program Files\BlockScanner Software\BlockScanner\BlockScanner.exe [2009-10-31 830976]
Description: part of BlockScanner. BlockScanner is a rogue antispyware program.
How to remove: use these BlockScanner removal instructions.
