What is scandisk.dll, How to remove scandisk.dll

Comments
October 26th, 2009 O4, Startup folder, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: scandisk
Filename: scandisk.dll
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: scandisk.dll
O4 – Startup: scandisk.lnk = ?

Combofix/RSIT Line:

C:\Documents and Settings\Chie Cheng\Start Menu\Programs\Startup
scandisk.dll
scandisk.lnk – C:\WINDOWS\system32\rundll32.exe

Description: a trojan also known as Trojan.Win32.Opachki and Trojan.Win32.Scar

How to remove: use HijackThis or use Malwarebytes` Anti-malware or use Kaspersky virus removal tool

What is mstmdm.dll, How to remove mstmdm.dll

Comments
October 26th, 2009 O21, ShellServiceObjectDelayLoad, Trojan

mstmdm.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mstmdm
Filename: mstmdm.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | UpdateCheck

Command: C:\WINDOWS\system32\mstmdm.dll
CLSID: {3D232827-DCDB-455D-9B12-8F8C7DE41935}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: UpdateCheck – {3D232827-DCDB-455D-9B12-8F8C7DE41935} – C:\WINDOWS\system32\mstmdm.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UpdateCheck – {3D232827-DCDB-455D-9B12-8F8C7DE41935} – C:\WINDOWS\system32\mstmdm.dll

Description: a trojans also known as Trojan.Win32.Agent.bve

How to remove: use Kaspersky virus removal tool

What is lsm32.sys, How to remove lsm32.sys

Comments
October 26th, 2009 Trojan

lsm32.sys is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: lsm32
Filename: lsm32.sys
Command: c:\windows\system32\lsm32.sys
Description: trojan agent, installed with FastNetSrv.exe trojan

How to remove: use Malwarebytes` Anti-malware or use SUPERAntiSpyware

What is BtwSrv, How to remove BtwSrv

Comments
October 26th, 2009 Service, Trojan

BtwSrv is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: BtwSrv
Filename: BtwSrv.dll
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\btwsrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsrv

Startup Type: Service
Combofix/RSIT Line:

R4 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 6:00 AM 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost – NetSvcs
BtwSrv

Description: trojan agent

How to remove: use Malwarebytes` Anti-malware or use SUPERAntiSpyware

What is FastNetSrv.exe, How to remove FastNetSrv.exe

1 Comment
October 26th, 2009 O23, Service, Trojan

FastNetSrv.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: FastNetSrv
Filename: FastNetSrv.exe
Command: c:\windows\SYSTEM32\FastNetSrv.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: fastnetsrv Service (fastnetsrv) – Sigma Designs In – C:\WINDOWS\system32\FastNetSrv.exe

Combofix/RSIT Line:

R2 fastnetsrv;fastnetsrv Service;c:\windows\SYSTEM32\FastNetSrv.exe [8/4/2004 6:00 AM 93696]

Description: trojan agent

How to remove: use Malwarebytes` Anti-malware or use SUPERAntiSpyware

What is ShieldSafeness.exe, How to remove ShieldSafeness.exe

Comments
October 25th, 2009 O4, Rogue Antispyware/Antivirus, Run

ShieldSafeness.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ShieldSafeness
Filename: ShieldSafeness.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ShieldSafeness

Command: C:\Program Files\ShieldSafeness Software\ShieldSafeness\ShieldSafeness.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [ShieldSafeness] C:\Program Files\ShieldSafeness Software\ShieldSafeness\ShieldSafeness.exe -min

RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ShieldSafeness”=C:\Program Files\ShieldSafeness Software\ShieldSafeness\ShieldSafeness.exe [2009-10-25 785920]

Description: component of ShieldSafeness. ShieldSafeness.exe is a rogue antispyware program.

How to remove: use these ShieldSafeness removal instructions

What is ikowin32.exe, How to remove ikowin32.exe

Comments
October 24th, 2009 O4, Startup folder, Trojan

ikowin32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ikowin32
Filename: ikowin32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: ikowin32.exe

Description: a trojan that installed with a rogue antispyware program (Antivirus Pro 2010 for example)

How to remove: use HijackThis + use Malwarebytes` Anti-malware

What is restorer64_a.exe, How to remove restorer64_a.exe

Comments
October 24th, 2009 O4, Run, Trojan

restorer64_a.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: restorer64_a
Filename: restorer64_a.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | restorer64_a
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | restorer64_a

Command: C:\Documents and Settings\Nancy\restorer64_a.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 – HKCU\..\Run: [restorer64_a] C:\Documents and Settings\Nancy\restorer64_a.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“restorer64_a” = C:\Documents and Settings\Nancy\restorer64_a.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“restorer64_a” = C:\Documents and Settings\Nancy\restorer64_a.exe

Description: a trojan that installed with Antivirus Pro 2010 (rogue antispyware program)

How to remove: use HijackThis + use Malwarebytes` Anti-malware

What is rundll22.exe, How to remove rundll22.exe

Comments
October 24th, 2009 O4, Rogue Antispyware/Antivirus, Run

rundll22.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: rundll22
Filename: rundll22.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ttool

Command: C:\WINDOWS\rundll22.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [ttool] C:\WINDOWS\rundll22.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ttool”=C:\WINDOWS\rundll22.exe

Description: a trojan that installed with Antivirus Pro 2010 (rogue antispyware program)

How to remove: use HijackThis + use Malwarebytes` Anti-malware

What is servises.Exe, How to remove servises.Exe

Comments
October 24th, 2009 O4, Policies\Explorer\Run, Rogue Antispyware/Antivirus, Run

servises.Exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: servises
Filename: servises.Exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | servises
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | servises
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | servises
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | servises

Command: C:\Windows\system32\servises.Exe
Startup Type: HKCU->Run, HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKCU\..\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKLM\..\Policies\Explorer\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKCU\..\Policies\Explorer\Run: [servises] C:\Windows\system32\servises.Exe

Description: trojan that installed with Antivirus System Pro (rogue antispyware program)

How to remove: use these Antivirus System Pro removal instructions.

« Previous Entries
Next Entries »