October 31st, 2009 
O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: WEb691
Filename: WEb691.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Windows Enterprise Suite
Command: C:\Documents and Settings\All Users\Application Data\b6918f6\WEb691.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Windows Enterprise Suite] “C:\Documents and Settings\All Users\Application Data\b6918f6\WEb691.exe” /s /d
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Windows Enterprise Suite”=C:\Documents and Settings\All Users\Application Data\b6918f6\WEb691.exe [2009-10-30 1897472]
Description: part of Windows Enterprise Suite. Windows Enterprise Suite is a rogue antispyware program.
How to remove: use these Windows Enterprise Suite removal instructions
October 31st, 2009 O4, Rogue Antispyware/Antivirus, Run
BlockWatcher.exe is a harmful program.
Name: BlockWatcher
Filename: BlockWatcher.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | BlockWatcher
Command: C:\Program Files\BlockWatcher Software\BlockWatcher\BlockWatcher.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [BlockWatcher] C:\Program Files\BlockWatcher Software\BlockWatcher\BlockWatcher.exe -min
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“BlockWatcher”=C:\Program Files\BlockWatcher Software\BlockWatcher\BlockWatcher.exe [2009-10-28 786944]
Description: part of BlockWatcher. BlockWatcher is a rogue antispyware program.
How to remove: use these BlockWatcher removal instructions
October 28th, 2009 LSP, O10, Rogue Antispyware/Antivirus
siglsp.dll is a harmful program.
Name: siglsp
Filename: siglsp.dll
Command: c:\program files\desktop defender 2010\siglsp.dll
Startup Type: Winsock LSP
HijackThis Category: O10
HijackThis Line:
O10 – Unknown file in Winsock LSP: c:\program files\desktop defender 2010\siglsp.dll
Description: a component of Desktop Defender 2010 (rogue antispyware program)
How to remove: use these Desktop Defender 2010 removal instructions
October 28th, 2009 O4, Rogue Antispyware/Antivirus, Run
Desktop Defender 2010.exe is a harmful program.
Name: Desktop Defender 2010
Filename: Desktop Defender 2010.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Desktop Defender 2010
Command: C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Desktop Defender 2010] C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Desktop Defender 2010″=C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe [2009-10-26 22007808]
Description: component of Desktop Defender 2010. Desktop Defender 2010 is a rogue antispyware program.
How to remove: use these Desktop Defender 2010 removal instructions
October 28th, 2009 BHO, O2, Rogue Antispyware/Antivirus
IEAddon.dll is a harmful program.
Name: IEAddon
Filename: IEAddon.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
Command: C:\Program Files\Desktop Defender 2010\IEAddon.dll
CLSID: {CCB5551D-8594-4999-85F9-1E3EABCB95AC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: StatusBarPane – {CCB5551D-8594-4999-85F9-1E3EABCB95AC} – C:\Program Files\Desktop Defender 2010\IEAddon.dll
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}]
StatusBarPane Class – C:\Program Files\Desktop Defender 2010\IEAddon.dll [2009-06-12 57344]
Description: component of Desktop Defender 2010. Desktop Defender 2010 is a rogue antispyware program.
How to remove: use these Desktop Defender 2010 removal instructions
October 28th, 2009 O4, Rogue Antispyware/Antivirus, Run
SoftBarrier.exe is a harmful program.
Name: SoftBarrier
Filename: SoftBarrier.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SoftBarrier
Command: C:\Program Files\SoftBarrier Software\SoftBarrier\SoftBarrier.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [SoftBarrier] C:\Program Files\SoftBarrier Software\SoftBarrier\SoftBarrier.exe -min
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SoftBarrier”=C:\Program Files\SoftBarrier Software\SoftBarrier\SoftBarrier.exe [2009-10-28 786944]
Description: component of SoftBarrier. SoftBarrier is a rogue antispyware program.
How to remove: use these SoftBarrier removal instructions
October 28th, 2009 O4, Run, Worm
freddy72.exe is a harmful program.
Name: freddy72
Filename: freddy72.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray
Command: C:\windows\freddy72.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy71.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy72.exe [2009-10-27 73,728]
Description: component of koobface worm
How to remove: use HijackThis and Malwarebytes` Anti-malware
October 27th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: VSeda.exe
Filename: VSeda.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Volcano Security Suite
Command: C:\Documents and Settings\All Users\Application Data\1dc89\VSeda.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Volcano Security Suite] “C:\Documents and Settings\All Users\Application Data\1dc89\VSeda.exe” /s /d
RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Volcano Security Suite”=C:\Documents and Settings\All Users\Application Data\1dc89\VSeda.exe [2009-10-27 2603521]
Description: component of Volcano Security Suite. Volcano Security Suite is a rogue antispyware program.
How to remove: use these Volcano Security Suite removal instructions
October 26th, 2009 O4, Run, Trojan
calc.dll is a harmful program.
Name: calc
Filename: calc.dll
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | calc
Command: C:\WINDOWS\system32\calc.dll
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“calc”=rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
Description: a trojan that installed with ntuser.dll trojan and scandisk.dll trojan
How to remove: use HijackThis and Malwarebytes` Anti-malware or Kaspersky virus removal tool
October 26th, 2009 O4, Run, Trojan
ntuser.dll is a harmful program.
Name: ntuser
Filename: ntuser.dll
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | calc
Command: %UserProfile%\ntuser.dll
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\username\ntuser.dll,_IWMPEvents@0
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“calc”=rundll32.exe C:\DOCUME~1\username\ntuser.dll,_IWMPEvents@0
Description: a trojan that installed with scandisk.dll trojan
How to remove: use HijackThis and use Malwarebytes` Anti-malware or use Kaspersky virus removal tool
