freddy66.exe is part of worm Koobface

Comments
September 29th, 2009 O4, Run, Worm

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy66
Filename: freddy66.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: c:\windows\freddy66.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] c:\windows\freddy66.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=c:\windows\freddy66.exe [2009-09-25 77824]

Description: part of worm Koobface that takes over computers by spreading through the social networks

How to remove: use Malwarebytes` Anti-malware

How to remove SecureVeteran.exe, What is SecureVeteran.exe

Comments
September 29th, 2009 O4, Rogue Antispyware/Antivirus, Run

SecureVeteran.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SecureVeteran
Filename: SecureVeteran.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SecureVeteran

Command: C:\Program Files\SecureVeteran Software\SecureVeteran\SecureVeteran.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SecuritySoldier] C:\Program Files\SecureVeteran Software\SecureVeteran\SecureVeteran.exe -min

Description: main file of SecureVeteran rogue antispyware program

How to remove: use these SecureVeteran removal instructions

iehelpmod.dll is trojan fakeAlert

Comments
September 29th, 2009 BHO, O2, Rogue Antispyware/Antivirus, Trojan

iehelpmod.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: iehelpmod
Filename: iehelpmod.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Command: C:\WINDOWS\system32\iehelpmod.dll
CLSID: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &IE Help – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\iehelpmod.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}]
&IE Help – C:\WINDOWS\system32\iehelpmod.dll [2009-09-29 336896]

Description: trojan fakeAlert that installed by Total Security rogue antispyware program

How to remove: use these Total Security removal instructions

NDISRD.sys is trojan

Comments
September 28th, 2009 Driver, Rogue Antispyware/Antivirus, Trojan

NDISRD.sys is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: NDISRD
Filename: NDISRD.sys
Registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NDISRD

Command: C:\WINDOWS\system32\drivers\NDISRD.sys
Startup Type: Driver
Combofix/RSIT Line:

S1 NDISRD;NDISRD; C:\WINDOWS\system32\drivers\NDISRD.sys [2009-06-22 24576

Description: trojan also known as TrojanDownloader, it installed with Alpha Antivirus rogue antispyware program

How to remove: use these Alpha Antivirus removal instructions

msnaoladdon.dll is trojan.bho

Comments
September 28th, 2009 BHO, O2, Rogue Antispyware/Antivirus, Trojan

msnaoladdon.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: msnaoladdon
Filename: msnaoladdon.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A77D3539-581D-450C-9E44-A84C415A6172}

Command: C:\WINDOWS\system32\msnaoladdon.dll
CLSID: {A77D3539-581D-450C-9E44-A84C415A6172}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {A77D3539-581D-450C-9E44-A84C415A6172} – C:\WINDOWS\system32\msnaoladdon.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A77D3539-581D-450C-9E44-A84C415A6172}]
C:\WINDOWS\system32\msnaoladdon.dll [2009-09-26 403968]

Description: trojan that installed by Alpha Antivirus (fake antivirus application)

How to remove: use these Alpha Antivirus removal instructions

NetFilter.exe is trojan Agent

Comments
September 28th, 2009 O4, Rogue Antispyware/Antivirus, Run, Trojan

NetFilter.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: NetFilter
Filename: NetFilter.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | MSDRV

Command: C:\WINDOWS\system32\NetFilter.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [MSDRV] NetFilter.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“MSDRV”=C:\WINDOWS\system32\NetFilter.exe [2009-09-23 122880]

Description: trojan that installed by Alpha Antivirus rogue antispyware program

How to remove: use these Alpha Antivirus removal instructions

How to remove AlphaAV.exe, What is AlphaAV.exe

Comments
September 28th, 2009 O4, Rogue Antispyware/Antivirus, Run

AlphaAV.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AlphaAV
Filename: AlphaAV.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | AlphaAV

Command: C:\Program Files\AlphaAV\AlphaAV.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [AlphaAV] C:\Program Files\AlphaAV\AlphaAV.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“AlphaAV”=C:\Program Files\AlphaAV\AlphaAV.exe [2009-09-26 1581056]

Description: main file of Alpha Antivirus rogue antispyware program

How to remove: use these Alpha Antivirus removal instructions

How to remove SecuritySoldier.exe, What is SecuritySoldier.exe

Comments
September 26th, 2009 O4, Rogue Antispyware/Antivirus, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SecuritySoldier
Filename: SecuritySoldier.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SecuritySoldier

Command: C:\Program Files\SecuritySoldier Software\SecuritySoldier\SecuritySoldier.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SecuritySoldier] C:\Program Files\SecuritySoldier Software\SecuritySoldier\SecuritySoldier.exe -min

Description: main component of SecuritySoldier rogue antispyware program

How to remove: use these SecuritySoldier removal instructions

How to remove SecurityFighter.exe, What is SecurityFighter.exe

Comments
September 24th, 2009 O4, Rogue Antispyware/Antivirus, Run

SecurityFighter.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SecurityFighter
Filename: SecurityFighter.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SecurityFighter

Command: C:\Program Files\SecurityFighter Software\SecurityFighter\SecurityFighter.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SecurityFighter] C:\Program Files\SecurityFighter Software\SecurityFighter\SecurityFighter.exe -min

Description: main file of SecurityFighter fake antispyware program

How to remove: use these SecurityFighter removal instructions

wsn.bat is component of Green AV

Comments
September 22nd, 2009 O4, Rogue Antispyware/Antivirus, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wsn
Filename: wsn.bat
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | RANDOM NUMBERS

Command: C:\ProgramData\gra\wsn.bat
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [RANDOM NUMBERS] C:\ProgramData\gwr\wsn.bat
O4 – HKCU\..\Run: [RANDOM NUMBERS] C:\ProgramData\gra\wsn.bat

Description: component of Green AV rogue antivirus/antispyware program

How to remove: use these Green AV removal instructions

« Previous Entries
Next Entries »