cru629.dat is a component of braviax trojan

Comments
August 16th, 2009 AppInit DLLs, O20, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: cru629
Filename: cru629.dat
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS

Startup Type: AppInit DLLs
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: cru629.dat

Description: component of braviax trojan

How to remove: use these braviax trojan removal instructions.

braviax.exe is a trojan braviax

1 Comment
August 16th, 2009 O4, Run, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: braviax
Filename: braviax.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | braviax

Command: C:\WINDOWS\system32\braviax.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe

Description: component of trojan braviax that installs rogue antispyware programs.

How to remove: use these braviax removal instructions.

WiniShieldSvc.exe is a component of WiniShield

Comments
August 15th, 2009 O23, Rogue Antispyware/Antivirus, Service

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: WiniShieldSvc
Filename: WiniShieldSvc.exe
Command: C:\Program Files\WiniShield Software\WiniShield\WiniShieldSvc.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: WiniShield Security Service (WiniShieldSvc) – Unknown owner – C:\Program Files\WiniShield Software\WiniShield\WiniShieldSvc.exe

Description: component of WiniShield (rogue antispyware program)

How to remove: use these WiniShield removal instructions

WiniShield.exe is a main file of WiniShield

Comments
August 15th, 2009 O4, Rogue Antispyware/Antivirus, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: WiniShield
Filename: WiniShield.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WiniShield

Command: C:\Program Files\WiniShield Software\WiniShield\WiniShield.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [WiniShield] C:\Program Files\WiniShield Software\WiniShield\WiniShield.exe -min

Description: main component of WiniShield (rogue antispyware program)

How to remove: use these WiniShield removal instructions

PC_Antispyware2010.exe is main file of PC Antispyware 2010

3 Comments
August 3rd, 2009 O4, Rogue Antispyware/Antivirus, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: PC_Antispyware2010
Filename: PC_Antispyware2010.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PC Antispyware 2010

Command: C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [PC Antispyware 2010] “C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe” /hide

Description: main file of PC Antispyware 2010 (rogue antispyware program)

How to remove: use these PC Antispyware 2010 removal instructions.

desot.exe is a component of Windows Antivirus Pro

16 Comments
July 27th, 2009 File associations, Rogue Antispyware/Antivirus

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: desot
Filename: desot.exe
Registry key:

HKEY_CLASSES_ROOT\exefile\shell\open\command

Command: D:\WINDOWS\system32\desot.exe
Startup Type: File associations
Combofix/RSIT Line:

.exe – open – D:\WINDOWS\system32\desot.exe “%1” %*

Description: component of Windows Antivirus Pro (rogue antivirus program)

How to remove: use these Windows Antivirus Pro removal instructions.

svchast.exe is a component of Windows Antivirus Pro

Comments
July 27th, 2009 O23, Rogue Antispyware/Antivirus, Service

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: svchast
Filename: svchast.exe
Command: C:\WINDOWS\svchast.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: AntipyPro_12 (AntipPro2009_12) – Unknown owner – C:\WINDOWS\svchast.exe

Combofix/RSIT Line:

S2 AntipPro2009_12;AntipyPro_12; C:\WINDOWS\svchast.exe

Description: component of Windows Antivirus Pro (fake antivirus program)

How to remove: use these Windows Antivirus Pro removal instructions.

jwgkvsq.vmx is component of Conficker worm

2 Comments
July 26th, 2009 autorun.inf, Worm

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: jwgkvsq
Filename: jwgkvsq.vmx
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adaa1c54-332e-11de-bf44-001c25045ca7}

Command: F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
CLSID: {adaa1c54-332e-11de-bf44-001c25045ca7}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adaa1c54-332e-11de-bf44-001c25045ca7}]
shell\AutoRun\command – C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

Description: component of Conficker worm also known as Kido worm

How to remove: use these Conficker removal instructions

sfc.sys is a trojan Win32.Agent

Comments
July 26th, 2009 Driver, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sfc
Filename: sfc.sys
Registry key:

KEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SFC

Command: C:\WINDOWS\system32\drivers\sfc.sys
Startup Type: Driver
Combofix/RSIT Line:

S4 sfc;sfc; C:\WINDOWS\system32\drivers\sfc.sys

Description: trojan Win32.Agent

How to remove: try Malwarebytes` Anti-malware or ask for help at Spyware removal forum.

AVCare.exe is main file of AVCare

Comments
July 26th, 2009 O4, Rogue Antispyware/Antivirus, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AVCare
Filename: AVCare.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AV Care

Command: C:\Program Files\AV Care\AvCare.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AV Care] C:\Program Files\AV Care\AvCare.exe

Description: main file of AVCare (rogue antispyware program)

How to remove: use Malwarebytes` Anti-malware or use these AVCare removal instructions.

« Previous Entries
Next Entries »