April 27th, 2009 
O23, Rogue Antispyware/Antivirus, Service
This is a harmful program.
Name: svchost
Filename: svchost.exe
Command: C:\WINDOWS\svchost.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:
O23 – Service: AntipyWarex32_ (AntipWinsx32_) – Unknown owner – C:\WINDOWS\svchost.exe
Description: malware, component of Win Antivirus (rogue antispyware program)
How to remove: use the instructions How to remove ASC AntiSpyware or Win Antivirus Vista/XP (Delete instructions)
April 27th, 2009 O4, Rogue Antispyware/Antivirus, Startup folder
This is a harmful program.
Name: WinAntivirus
Filename: WinAntivirus.exe
Command: C:\Program Files\Win-Antivirus\WinAntivirus.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:
O4 – Startup: ASC-AntiSpyware.lnk = C:\Program Files\Win-Antivirus\WinAntivirus.exe
Description: main file of Win Antivirus (rogue antispyware program)
How to remove: use the instructions How to remove ASC AntiSpyware or Win Antivirus Vista/XP (Delete instructions)
April 27th, 2009 BHO, O2, Rogue Antispyware/Antivirus
This is a harmful program.
Name: dddesot
Filename: dddesot.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F54AF7DE-6038-4026-8433-CC30E3F17212}
Command: C:\WINDOWS\system32\dddesot.dll
CLSID: {F54AF7DE-6038-4026-8433-CC30E3F17212}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: ICQSys (IE PlugIn) – {F54AF7DE-6038-4026-8433-CC30E3F17212} – C:\WINDOWS\system32\dddesot.dll
Description: trojan.bho, component of Win Antivirus and ASC AntiSpyware (rogue antivirus programs)
How to remove: use the instructions How to remove ASC AntiSpyware or Win Antivirus Vista/XP (Delete instructions)
April 27th, 2009 BHO, O2, Rogue Antispyware/Antivirus
This is a harmful program.
Name: IEPlugin163
Filename: IEPlugin163.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F3D01F3-2A8E-4814-AA0F-8315172D22BF}
Command: C:\Program Files\Win-Antivirus\modules\IEPlugin163.dll<
CLSID: {2F3D01F3-2A8E-4814-AA0F-8315172D22BF}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: AntiSyware (IE PlugIn) – {2F3D01F3-2A8E-4814-AA0F-8315172D22BF} – C:\Program Files\Win-Antivirus\modules\IEPlugin163.dll
Description: trojan.bho, component of Win Antivirus (rogue antispyware program)
How to remove: use the instructions How to remove ASC AntiSpyware or Win Antivirus Vista/XP (Delete instructions)
April 27th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: Malware Doctor
Filename: Malware Doctor.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Alcmtr
Command: C:\Program Files\Malware Doctor\Malware Doctor.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Alcmtr] C:\Program Files\Malware Doctor\Malware Doctor.exe
Description: main file of Malware Doctor (rogue antispyware program)
How to remove: use the instructions How to remove MalwareDoc or Malware Doctor (Delete instructions)
April 26th, 2009 Driver, Rootkit, Trojan
This is a harmful program.
Name: UACd
Filename: UACd.sys
Registry key:
HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_UACd.sys
Startup Type: hidden driver
Description: trojan that uses rootkit-specific techniques designed to hide itself.
How to remove: use the instruction How to remove windowsclick.com redirect [UACd.sys trojan]
April 26th, 2009 Driver, Rootkit, Trojan
This is a harmful program.
Name: gaopdxserv
Filename: gaopdxserv.sys
Registry key:
HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_gaopdxserv.sys
Startup Type: hidden driver
Description:variant of TDSSserv trojan (uses rootkit-specific techniques designed to hide the software presence in the system.)
How to remove: use the instruction How to remove Google searches redirect/vimax ads [gaopdxserv.sys trojan]
April 25th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: winav
Filename: winav.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysav
Command: %UserProfile%\Application Data\winav.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [sysav] %UserProfile%\Application Data\winav.exe
Description: main file of WinPC Antivirus (rogue antispyware)
How to remove: use the instruction How to remove WinPC Antivirus (Uninstall instructions)
April 25th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: lsascs
Filename: lsascs.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | System Protector
Command: %UserProfile%\Application Data\lsascs.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [System Protector] %UserProfile%\Application Data\lsascs.exe
Description: component of System Protector
How to remove: use the instructions How to remove System Protector (Uninstall instructions)
April 25th, 2009 BHO, O2, Rogue Antispyware/Antivirus, Trojan
This is a harmful program.
Name: winsource
Filename: winsource.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}
Command: C:\WINDOWS\system32\winsource.dll
CLSID: {D263FA6D-84CC-48A8-9AF6-C664362B7A5B}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: &Research – {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} – C:\WINDOWS\system32\winsource.dll
Description: trojan.bho, installed with Total Security
How to remove: use the instruction How to remove Total Security (Uninstall instructions)
