podmena.sys is a Trojan.Downloader

Comments
June 12th, 2009 Driver, SvcHost, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: podmena
Filename: podmena.sys
Command: c:\program files\podmena\podmena.sys
Startup Type: driver

R1 podmenadrv;podmenadrv;c:\program files\podmena\podmena.sys [6/8/2009 11:31 AM 9472]
R2 podmena;podmena;c:\windows\system32\svchost.exe -k podmena [8/10/2004 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
podmena REG_MULTI_SZ podmena

Description: Trojan.Downloader

How to remove: use these podmena.sys removal instructions

poswin.dll is a trojan FakeAlert

Comments
June 12th, 2009 BHO, O2, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: poswin
Filename: poswin.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F60777DA-D6A6-40F6-B665-6F361C1017B6}

Command: C:\WINDOWS\poswin.dll
CLSID: {F60777DA-D6A6-40F6-B665-6F361C1017B6}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: PLAsim plugin – {F60777DA-D6A6-40F6-B665-6F361C1017B6} – C:\WINDOWS\poswin.dll

Description: trojan FakeAlert

How to remove: use HijackThis + use Malwarebytes Antimalware

rs32net.exe is TrojanDropper

Comments
June 12th, 2009 O4, Run, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: rs32net
Filename: rs32net.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | rs32net

Command: C:\WINDOWS\System32\rs32net.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“rs32net”=C:\WINDOWS\System32\rs32net.exe

Description: rs32net.exe is TrojanDropper, also known as Mal/Pushdo-A [Sophos], Trojan.Pandex [Symantec], FakeAlert-AG.gen.c [McAfee],

How to remove: Use HijackThis

ati3xmxx.sys is a trojan

Comments
June 12th, 2009 SafeBoot, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ati3xmxx
Filename: ati3xmxx.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3xmxx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3xmxx.sys

Startup Type: SafeBoot
Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3xmxx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3xmxx.sys]

Description: unknown trojan

brzycg.exe is an autorun.inf trojan

Comments
June 12th, 2009 autorun.inf, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: brzycg
Filename: brzycg.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {fd700ec2-fc05-11dd-b448-001fd00766ec}

CLSID: {fd700ec2-fc05-11dd-b448-001fd00766ec}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd700ec2-fc05-11dd-b448-001fd00766ec}]
shell\AutoRun\command – brzycg.exe
shell\explore\command – brzycg.exe
shell\open\command – brzycg.exe

Description: an autorun.inf trojan

How to remove: read the article – How to remove trojans that uses autorun.inf file

96857956.exe is component of System Security

Comments
June 12th, 2009 O4, Rogue Antispyware/Antivirus, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: 96857956
Filename: 96857956.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | 16847964

Command: C:\Documents and Settings\All Users\Application Data\16847964\16847964.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [16847964] C:\Documents and Settings\All Users\Application Data\16847964\16847964.exe

Description: component of System Security (rogue antispyware program)
Note: System Security uses random names for hide itself.

How to remove: use these System Security removal instructions.

MSIVXserv.sys is trojan

Comments
June 10th, 2009 Driver, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: MSIVXserv
Driver name: MSIVXserv.sys
Command: uses random file name (%windir%\system32\drivers\MSIVXvquesrhnkoyrrnpgwdkuydpqnmoxfqba.sys)
Startup Type: hidden driver
Description: trojan that uses rootkit techniques in order to hide itself.

How to remove: use these MSIVXserv.sys removal instructions.

WindOptimizer.exe is a main file of Wind Optimizer

Comments
June 10th, 2009 O4, Rogue Antispyware/Antivirus, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: WindOptimizer
Filename: WindOptimizer.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Wind Optimizer

Command: C:\Program Files\Wind Optimizer\WindOptimizer.exe
Startup Type: HKCU
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Wind Optimizer] “C:\Program Files\Wind Optimizer\WindOptimizer.exe” /s

Description: main file of Wind Optimizer (rogue antispyware)

How to remove: use Malwarebytes Antimalware

xpdeluxe.exe is main file of XP Deluxe Protector

2 Comments
June 4th, 2009 O4, Rogue Antispyware/Antivirus, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: xpdeluxe
Filename: xpdeluxe.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | xpprotect

Command: %UserProfile%\XP Deluxe Protector\xpdeluxe.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [xpprotect] C:\Documents and Settings\lab\XP Deluxe Protector\xpdeluxe.exe

Description: main file of XP Deluxe Protector (rogue antispyware program)

How to remove: use these XP Deluxe Protector removal instructions

iehostcx32.dll is trojan fakealert

Comments
June 4th, 2009 Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: iehostcx32
Filename: iehostcx32.dll
Command: c:\windows\system32\iehostcx32.dll

Description: trojan fakealert that installed with XP Deluxe Protector rogue antispyware program.

How to remove: use Malwarebytes Anti-malware

« Previous Entries
Next Entries »