N1i.exe is a malware, main file of Anti-virus number 1

Comments
March 30th, 2009 O4, Rogue Antispyware/Antivirus, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: N1i
Filename: N1i.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Drive

Command: C:\Documents and Settings\All Users\Application Data\N1\N1i.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Drive] C:\Documents and Settings\All Users\Application Data\N1\N1i.exe

Description: main file of Anti-virus number 1 (rogue antispyware program)

How to remove: Use HijackThis + Use Malwarebytes Antimalware

svchost.exe is a trojan fake.alert

Comments
March 30th, 2009 O4, Run, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: svchost
Filename: svchost.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SVCHOST.EXE

Command: C:\WINDOWS\System32\drivers\svchost.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe

Description: trojan fake.alert

How to remove: Use HijackThis + Use Malwarebytes Antimalware

vitamine.dll is a trojan

Comments
March 30th, 2009 AppInit DLLs, O20, O21, O22, O4, Run, SharedTaskScheduler, ShellServiceObjectDelayLoad, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: vitamine
Filename: vitamine.dll
Command: c:\windows\system32\vitamine.dll
CLSID: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
Startup Type: HKLM->Run, AppInit DLL, SSODL, SharedTaskScheduler
HijackThis Category: O4, O20, O21, O22
HijackThis Line:

O4 – HKLM\..\Run: [CPMfbaed640] Rundll32.exe “c:\windows\system32\vitamine.dll”,a
O20 – AppInit_DLLs: c:\windows\system32\vitamine.dll
O21 – SSODL: SSODL – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\vitamine.dll
O22 – SharedTaskScheduler: STS – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\vitamine.dll

Description: trojan (Vundo)

How to remove: Use HijackThis + Use Malwarebytes Antimalware

higudivo.dll is a trojan Vundo

Comments
March 30th, 2009 O4, Run, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: higudivo
Filename: higudivo.dll
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | wawusavasi

Command: C:\WINDOWS\System32\higudivo.dll
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [wawusavasi] Rundll32.exe “C:\WINDOWS\System32\higudivo.dll”,s
O4 – HKUS\S-1-5-19\..\Run: [wawusavasi] Rundll32.exe “C:\WINDOWS\System32\higudivo.dll”,s (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [wawusavasi] Rundll32.exe “C:\WINDOWS\System32\higudivo.dll”,s (User ‘NETWORK SERVICE’)

Description: component of trojan Vundo

How to remove: Use HijackThis + Use Malwarebytes Antimalware

zenonabi.dll is a trojan Vundo

Comments
March 30th, 2009 O4, Run, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: zenonabi
Filename: zenonabi.dll
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | f89de5dc

Command: C:\WINDOWS\System32\zenonabi.dll
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [f89de5dc] rundll32.exe “C:\WINDOWS\System32\zenonabi.dll”,b

Description: trojan Vundo component

How to remove: Use HijackThis + Use Malwarebytes Antimalware

gumapoke.dll is a trojan Vundo component

Comments
March 30th, 2009 BHO, O2, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: gumapoke
Filename: gumapoke.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18865f87-42b0-47d6-8fc4-5301aa0f0f80}

Command: C:\WINDOWS\System32\gumapoke.dll
CLSID: {18865f87-42b0-47d6-8fc4-5301aa0f0f80}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {18865f87-42b0-47d6-8fc4-5301aa0f0f80} – C:\WINDOWS\System32\gumapoke.dll

Description: BHO module, trojan Vundo component

How to remove: Use HijackThis + Use Malwarebytes Antimalware

svchost.exe is a trojan

Comments
March 30th, 2009 O23, Service, Trojan

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: svchost
Filename: svchost.exe
Command: C:\Program Files\Outlook Express\svchost.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: Window Net Dns (MyDNS) – Unknown owner – C:\Program Files\Outlook Express\svchost.exe

Description: unknown trojan component

How to remove: Use HijackThis + Use Malwarebytes Antimalware

DisableRegedit=1, result of trojan activity

3 Comments
March 30th, 2009 O7, Trojan

This is a signature of trojan activity.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name of trojan activity: DisableRegedit
HijackThis Category: O7
HijackThis Line:

O7 – HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Description: Disabled Regedit tools is a signature of trojan activity

How to remove: Use HijackThis or Use Malwarebytes Antimalware

XP-4A87B914.EXE is a trojan

Comments
March 30th, 2009 O4, Startup folder, Trojan

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: XP-4A87B914
Filename: XP-4A87B914.EXE
Command: C:\WINDOWS\system32\XP-4A87B914.EXE
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-4A87B914.EXE

Description: unknown trojan

How to remove: Use HijackThis

regsvr.exe is a trojan

Comments
March 30th, 2009 F2, system.ini, Trojan

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: regsvr
Filename: regsvr.exe
Startup Type: system.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe regsvr.exe

Description: regsvr.exe is a trojan

How to remove: Use HijackThis + Use Malwarebytes Antimalware

« Previous Entries
Next Entries »