WiniFighter.exe is main file of WiniFighter

Comments
July 10th, 2009 O4, Rogue Antispyware/Antivirus, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: WiniFighter
Filename: WiniFighter.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WiniFighter

Command: C:\Program Files\WiniFighter Software\WiniFighter\WiniFighter.exe -min
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [WiniFighter] C:\Program Files\WiniFighter Software\WiniFighter\WiniFighter.exe -min

Description: main file of WiniFighter (rogue antispyware program)

How to remove: use these WiniFighter removal instructions.

smrtdefp.exe is main file of Smart Defender PRO

Comments
July 9th, 2009 O4, Rogue Antispyware/Antivirus, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: smrtdefp
Filename: smrtdefp.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Smart Defender PRO

Command: %appdata%\Smart Defender PRO\smrtdefp.exe
Startup Type: HKCU
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Smart Defender PRO] %appdata%\Smart Defender PRO\smrtdefp.exe

Description: main file of Smart Defender PRO (rogue antispyware software)

How to remove: use these Smart Defender PRO removal instructions

systemdb.exe is main file of Barracuda Antivirus

Comments
July 7th, 2009 O4, Rogue Antispyware/Antivirus, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: systemdb
Filename: systemdb.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | system

Command: C:\Windows\systemdb.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [system] C:\Windows\systemdb.exe

Description: main file of Barracuda Antivirus (rogue antispyware program)

How to remove: use Malwarebytes Antimalware

WIf5bc.exe – is main file of Windows Security Suite

Comments
July 7th, 2009 O4, Rogue Antispyware/Antivirus, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: WIf5bc
Filename: WIf5bc.exe (uses random names)
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Windows Security Suite

Command: C:\Documents and Settings\All Users\Application Data\f5bc4e8\WIf5bc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Windows Security Suite] “C:\Documents and Settings\All Users\Application Data\f5bc4e8\WIf5bc.exe” /s /d

Description: main file of Windows Security Suite (rogue antispyware program)

How to remove: use these Windows Security Suite removal instructions

ddrawx.dll is component of USAntiSpy

Comments
July 4th, 2009 BHO, O2, Rogue Antispyware/Antivirus

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ddrawx
Filename: ddrawx.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}

Command: C:\WINDOWS\system32\ddrawx.dll
CLSID: {0B014B81-4E12-46F9-806F-55867AF8FD3C}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: & – {0B014B81-4E12-46F9-806F-55867AF8FD3C} – C:\WINDOWS\system32\ddrawx.dll

Description: BHO component of USAntiSpy (rogue antispyware program)

How to remove: use Malwarebytes Antimalware

usa.exe is main file of USAntiSpy

Comments
July 4th, 2009 O4, Rogue Antispyware/Antivirus, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: usa
Filename: usa.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | USA

Command: C:\Program Files\USA\usa.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [USA] C:\Program Files\USA\usa.exe

Description: main file of USAntiSpy (rogue antispyware program)

How to remove: use Malwarebytes Antimalware

drv.sys is worm Koobface

Comments
July 4th, 2009 Driver, O4, Service, SvcHost

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: drv
Filename: drv.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DRV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost | drv

Command: c:\program files\drv\drv.sys
Startup Type: driver, svchost
Combofix/RSIT Line:

R1 drvdrv;drvdrv;c:\program files\drv\drv.sys [7/1/2009 2:55 PM 9344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
drv REG_MULTI_SZ drv

Description: worm Koobface also known as Win32.Agent.auoy, Trojan-Dropper.Agent

How to remove: use Malwarebytes Antimalware

twext.exe is trojan [Zbot.gen, Infostealer.Banker]

Comments
July 4th, 2009 F2, system.ini, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: twext
Filename: twext.exe
Command: C:\WINDOWS\system32\twext.exe
Startup Type: system.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,

Description: trojan Infostealer.Banker, also known as Zbot, PWS-Zbot.gen.c, Mal/EncPk-CZ

How to remove: Malwarebytes Antimalware

oembios.exe is a trojan [Zbot.gen, Infostealer.Banker]

Comments
July 4th, 2009 O4, Run, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: oembios
Filename: oembios.exe
Command: C:\WINDOWS\system32\oembios.exe
Startup Type: HKUS->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\oembios.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\oembios.exe (User ‘Default user’)

Description: trojan Zbot, also known as Infostealer.Banker, PWS-Zbot.gen.c, Mal/EncPk-CZ

How to remove: use Malwarebytes Antimalware

AntiMalware_Pro.exe is main file of AntiMalwarePro

Comments
July 4th, 2009 O4, Rogue Antispyware/Antivirus, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiMalware_Pro
Filename: AntiMalware_Pro.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiMalware_ProNET

Command: C:\Program Files\AntiMalware_Pro\AntiMalware_Pro.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiMalware_ProNET] C:\Program Files\AntiMalware_Pro\AntiMalware_Pro.exe

Description: main file of AntiMalwarePro (rogue antispyware application)

How to remove: use Malwarebytes Antimalware

« Previous Entries
Next Entries »