HT Logs. Tips, FAQs, Analyze.

wsga05.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: wsga05
Filename: wsga05.exe
Command: C:\ProgramData\gra\wsga05.exe
Description: trojan Agent installed by Green AV fake antivirus program

How to remove: use these Green AV removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SaveArmor
Filename: SaveArmor.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SaveArmor

Command: C:\Program Files\SaveArmor Software\SaveArmor\SaveArmor.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SaveArmor] C:\Program Files\SaveArmor Software\SaveArmor\SaveArmor.exe -min

Description: main component of SaveArmor rogue antispyware program

How to remove: use these SaveArmor removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SaveDefender
Filename: SaveDefender.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SaveDefender

Command: C:\Program Files\SaveDefender Software\SaveDefender\SaveDefender.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SaveDefender] C:\Program Files\SaveDefender Software\SaveDefender\SaveDefender.exe -min

Description: main file of SaveDefender rogue antispyware program

How to remove: use these SaveDefender removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: revulazo
Filename: revulazo.dll
Command: c:\windows\system32\revulazo.dll
Description: component of a trojan Vundo

How to remove: use Malwarebytes` Anti-malware + use SUPERAntiSpyware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: wogipute
Filename: wogipute.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6933d543-b109-40aa-9185-58ccc8241c09}

Command: c:\windows\system32\wogipute.dll
CLSID: {6933d543-b109-40aa-9185-58ccc8241c09}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {6933d543-b109-40aa-9185-58ccc8241c09} – c:\windows\system32\wogipute.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6933d543-b109-40aa-9185-58ccc8241c09}]
2009-06-20 03:46 50688 –sha-w- c:\windows\system32\wogipute.dll

Description: trojan Vundo that installs rogue antispyware programs

How to remove: use Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: gitabiga
Filename: gitabiga.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | derijidob
hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler | {e826441e-0920-4e05-9b2c-84189ccd7cba}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | gefiraled

Command: c:\windows\system32\gitabiga.dll
CLSID: {e826441e-0920-4e05-9b2c-84189ccd7cba}
Startup Type: HKLM->Run, SharedTaskScheduler, ShellServiceObjectDelayLoad
HijackThis Category: O4, O21, O22
Combofix/RSIT Line:

2009-09-19 01:46 . 2009-06-19 01:46 88576 –sha-w- c:\windows\system32\gitabiga.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“derijidob”=”c:\windows\system32\gitabiga.dll” [2009-09-19 88576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
“{e826441e-0920-4e05-9b2c-84189ccd7cba}”= “c:\windows\system32\gitabiga.dll” [2009-09-19 88576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“gefiraled”= {e826441e-0920-4e05-9b2c-84189ccd7cba} – c:\windows\system32\gitabiga.dll [2009-09-19 88576]

Description: trojan Vundo

How to remove: use Malwarebytes` Anti-malware

ise32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ise32
Filename: ise32.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dac57b3a-30d1-11dd-ad23-0008a1a9244d}

Command: E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
CLSID: {dac57b3a-30d1-11dd-ad23-0008a1a9244d}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dac57b3a-30d1-11dd-ad23-0008a1a9244d}]
shell\AutoRun\command – E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command – E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Description: autorun.inf trojan also known as Trojan-DDoS.Win32.Agent

How to remove: use these autorun.inf trojans removal instructions + use Kaspersky virus removal tool

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: dwshd
Filename: dwshd.sys
Command: C:\WINDOWS\System32\drivers\dwshd.sys
Startup Type: Driver
Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dwshd.sys]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []

Description: trojan also known as trojan.Win32Agent.

How to remove: use Kaspersky virus removal tool

mradll.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: mradll
Filename: mradll.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | RANDOM CHARACTERS

Command: C:\Documents and Settings\All Users\Application Data\gra\mradll.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [RANDOM CHARACTERS] C:\Documents and Settings\All Users\Application Data\gra\mradll.exe

Description: component of Green AV also known as Green Antivirus (rogue antispyware program)

How to remove: use these Green AV removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: rwg
Filename: rwg.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | RANDOM CHARACTERS

Command: C:\Documents and Settings\All Users\Application Data\gwr\rwg.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [RANDOM CHARACTERS] C:\Documents and Settings\All Users\Application Data\gwr\rwg.exe

Description: component of Green AV rogue antivirus program

How to remove: use these Green AV removal instructions