April 25th, 2009 
O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: tsc
Filename: tsc.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | random_name
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TS
Command:
C:\Program Files\TSC\tsc.exe
C:\Program Files\TS\tsc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [12840894984709702141078366734454] C:\Program Files\TSC\tsc.exe
O4 – HKCU\..\Run: [TS] C:\Program Files\TS\tsc.exe
Description: main file of Total Security (rogue antispyware program)
How to remove: use the instructions How to remove Total Security (Uninstall instructions)
April 25th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: pas
Filename: pas.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | P Antispyware 09
Command: C:\Program Files\P Antispyware 09\pas.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [P Antispyware 09] C:\Program Files\P Antispyware 09\pas.exe /autorun
Description: main file of PAntispyware09 (rogue antispyware program)
How to remove: use the instructions How to remove PAntispyware09 or P Antispyware 09 (Uninstall instructions)
April 25th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: sysshield
Filename: sysshield.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Windows applications server
Command: c:\windows\system32\sysshield.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Windows applications server] c:\windows\system32\sysshield.exe
Description: trojan, component of Antivirus09 (rogue antispyware software)
How to remove: use the instruction How to remove Antivirus’09 (Uninstall instructions)
April 25th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: ExtraAV
Filename: ExtraAV.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Extra Antivirus
Startup Type: HKCU->Run
HijackThis Category: O4
Description: main file of Extra Antivirus (rogue antispyware program)
How to remove: use the instructions How to uninstall Extra Antivirus (Removal instructions)
April 25th, 2009 Driver, Rootkit
This is a harmful program.
Name: gxvxcserv
Registry key:
HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_gxvxcserv.sys
HKEY_LOCAL_MACHINE\System\Controlset003\Enum\legacy_gxvxcserv.sys
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gxvxcserv.sys
Command: command
Startup Type: Hidden driver
Description: troajn w32.Tidserv. The trojan uses rootkit techniques designed to hide the software presence in the system.
How to remove: use the instructions How to remove gxvxcserv.sys trojan (Google redirect virus)
April 25th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: aap
Filename: aap.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Antivirus Agent Pro
Command: C:\Program Files\Antivirus Agent Pro\aap.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Antivirus Agent Pro] C:\Program Files\Antivirus Agent Pro\aap.exe
Description: main file of Antivirus Agent Pro – rogue antispyware program
How to remove: use the instructions How to remove Antivirus Agent Pro (Delete Instructions)
April 25th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is a harmful program.
Name: guard
Filename: guard.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | guard
Command: C:\WINDOWS\guard.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [guard] C:\WINDOWS\guard.exe
Description: component of Antivirus Agent Pro (rogue qntispyware program)
How to remove: use the instructions How to remove Antivirus Agent Pro (Delete Instructions)
April 21st, 2009 O4, Rogue Antispyware/Antivirus, Run, Trojan
This is a harmful program.
Name: se
Filename: se.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | se
Command: C:\WINDOWS\system\se.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [se] C:\WINDOWS\system\se.exe
Description: se.exe is a trojan that installed with Antivirus Plus
How to remove: use the instruction How to remove Antivirus Plus (Uninstall instructions)
April 21st, 2009 O4, Rogue Antispyware/Antivirus, Run, Trojan
This is a harmful program.
Name: rundll32
Filename: rundll32.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | shell
Command: C:\WINDOWS\system\rundll32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [shell] C:\WINDOWS\system\rundll32.exe 1
Description: trojan that installed with Antivirus Plus (rogue antispyware)
How to remove: use the instruction How to remove Antivirus Plus (Uninstall instructions)
April 21st, 2009 BHO, O2, Rogue Antispyware/Antivirus, Trojan
This is a harmful program.
Name: InternetExplorer
Filename: InternetExplorer.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}
Command: C:\WINDOWS\system32\InternetExplorer.dll
CLSID: {D032570A-5F63-4812-A094-87D007C23012}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: (no name) – {D032570A-5F63-4812-A094-87D007C23012} – C:\WINDOWS\system32\InternetExplorer.dll
Description: trojan bho that installed with Antivirus Plus (rogue antispyware program)
How to remove: use the instruction How to remove Antivirus Plus (Uninstall instructions)
