October 7th, 2009 
O4, Rogue Antispyware/Antivirus, Run
SafeFighter.exe is a harmful program.
Name: SafeFighter
Filename: SafeFighter.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SafeFighter
Command: command
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [SafeFighter] C:\Program Files\SafeFighter Software\SafeFighter\SafeFighter.exe -min
RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SafeFighter”=C:\Program Files\SafeFighter Software\SafeFighter\SafeFighter.exe [2009-10-08 831488]
Description: part of SafeFighter. SafeFighter is a scareware that utilizes false scan results and fake security alerts as method to scare you into buying the software.
How to remove: use these SafeFighter removal instructions.
October 7th, 2009 Rogue Antispyware/Antivirus
tsc.exe is a harmful program.
Name: tsc
Filename: tsc.exe
Command: C:\program Files\CS\tsc.exe
Description: part of Cyber Security. Cyber Security is fake security program (scareware).
Removal instructions: How to remove Cyber Security (Uninstall instructions)
October 5th, 2009 O4, Rogue Antispyware/Antivirus, Run
TrustCop.exe is a harmful program.
Name: TrustCop
Filename: TrustCop.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TrustCop
Command: C:\Program Files\TrustCop Software\TrustCop\TrustCop.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [TrustCop] C:\Program Files\TrustCop Software\TrustCop\TrustCop.exe -min
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“TrustCop”=C:\Program Files\TrustCop Software\TrustCop\TrustCop.exe [2009-10-06 786432]
Description: main file of TrustCop. TrustCop is a fake antispyware program.
Removal instructions: How to Remove TrustCop (Uninstall instructions).
October 2nd, 2009 O4, Rogue Antispyware/Antivirus, Run
SecureWarrior.exe is a harmful program.
Name: SecureWarrior
Filename: SecureWarrior.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SecureWarrior
Command: C:\Program Files\SecureWarrior Software\SecureWarrior\SecureWarrior.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [SecureWarrior] C:\Program Files\SecureWarrior Software\SecureWarrior\SecureWarrior.exe -min
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SecureWarrior”=C:\Program Files\SecureWarrior Software\SecureWarrior\SecureWarrior.exe [2009-10-02 830976]
Description: main component of SecureWarrior rogue antispyware software
How to remove: use these SecureWarrior removal instructins
October 1st, 2009 HijackThis
This is a harmful program.
Name: homeav
Filename: homeav.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | HomeAV
Command: C:\Program Files\Home Personal Antivirus\homeav.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [HomeAV] C:\Program Files\Home Personal Antivirus\homeav.exe
Description: component of Home Personal Antivirus (rogue antispyware program)
How to remove: use these Home Personal Antivirus removal instructions
September 30th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: SecureFighter
Filename: SecureFighter.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SecureFighter
Command: C:\Program Files\SecureFighter Software\SecureFighter\SecureFighter.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [SecureFighter] C:\Program Files\SecureFighter Software\SecureFighter\SecureFighter.exe -min
Description: component of SecureFighter rogue antispyware program
How to remove: use these SecureFighter removal instructions
September 29th, 2009 Driver, Trojan
This is a harmful program.
Name: fio32
Filename: fio32.sys
Command: C:\Windows\system32\drivers\fio32.sys
Startup Type: Driver
Combofix/RSIT Line:
R1 fio32;fio32; \??\C:\Windows\system32\drivers\fio32.sys [2009-09-23 37632]
Description: trojan that installed by worm koobface
How to remove: use Malwarebytes` Anti-malware
September 29th, 2009 SvcHost, Trojan
This is a harmful program.
Name: fioo32
Startup Type: SvcHost
Combofix/RSIT Line:
R2 fioo32;fioo32; C:\Windows\sYSteM32\SvchOst.eXE [2008-01-19 21504]
Description: trojan dropper that installed by worm koobface
How to remove: use Malwarebytes` Anti-malware
September 29th, 2009 O4, Run, Worm
This is a harmful program.
Name: ld14
Filename: ld14.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysldtray
Command: C:\Windows\ld14.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [sysldtray] C:\Windows\ld14.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysldtray”=C:\Windows\ld14.exe [2009-09-23 61440]
Description: component of worm koobface, that takes over computers by spreading through the social networks
How to remove: use Malwarebytes` Anti-malware
September 29th, 2009 O4, Run, Worm
This is a harmful program.
Name: pp12
Filename: pp12.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | pp
Command: C:\Windows\pp12.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [pp] C:\Windows\pp12.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“pp”=C:\Windows\pp12.exe [2009-09-23 49152]
Description: component of worm koobface
How to remove: use Malwarebytes` Anti-malware
