March 30th, 2009 
autorun.inf, Trojan
This is an harmful program.
Name: uxdeiect
Filename: uxdeiect.com
CLSID: {8e508249-a76f-11dd-8359-001e4cf19625}
Startup Type: autorun.inf
Combofix/RSIT Line:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e508249-a76f-11dd-8359-001e4cf19625}]
shell\AutoRun\command – uxdeiect.com
shell\explore\command – uxdeiect.com
shell\open\command – uxdeiect.com
Description: malware (autorun.inf trojan)
How to remove: use the instructions How to remove trojans that uses autorun.inf file + manually remove the file.
March 30th, 2009 autorun.inf, Trojan
This is an harmful program.
Name: printer
Filename: printer.exe
CLSID: {86d2e059-9871-11dd-94d9-001e4cf19625}
Startup Type: autorun.inf
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86d2e059-9871-11dd-94d9-001e4cf19625}]
shell\Auto\command – F:\printer.exe
shell\AutoRun\command – C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\printer.exe
Description: malware (autorun.inf trojan)
How to remove: use the instructions How to remove trojans that uses autorun.inf file + manually remove the file.
March 30th, 2009 autorun.inf, Trojan
This is an harmful program.
Name: semo2x
Filename: semo2x.exe
Startup Type: autorun.inf
Combofix/RSIT Line:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{638d42eb-be6f-11dd-a9f6-001e4cf19625}]
shell\AutoRun\command – semo2x.exe
shell\explore\command – semo2x.exe
shell\open\command – semo2x.exe
Description: malware (autorun.inf trojan)
How to remove: use the instructions How to remove trojans that uses autorun.inf file + manually remove the file
March 26th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is an harmful program.
Name: VAlarm
Filename: VAlarm.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Virus Alarm
Command: C:\Documents and Settings\All Users\Application Data\a023\VAlarm.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Virus Alarm] “C:\Documents and Settings\All Users\Application Data\a023\VAlarm.exe” /s
Description: main file of Virus Alarm (rogue antispyware program)
How to remove: Use HijackThis or use the instructions How to remove Virus Alert (Uninstall instructions)
March 26th, 2009 BHO, O2, Rogue Antispyware/Antivirus
This is an harmful program.
Name: spbho
Filename: spbho.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}
Command: C:\Program Files\Privacy center\tools\sp\spbho.dll
CLSID: {D032570A-5F63-4812-A094-87D007C23012}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: (no name) – {D032570A-5F63-4812-A094-87D007C23012} – C:\Program Files\Privacy center\tools\sp\spbho.dll
Description: Internet Explorer BHO module, component of Privacy center
How to remove: Use HijackThis or Use Malwarebytes Antimalware
March 26th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is an harmful program.
Name: agent
Filename: agent.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | agent.exe
Command: C:\Program Files\Privacy center\agent.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [agent.exe] C:\Program Files\Privacy center\agent.exe
Description: component of Privacy center
How to remove: Use HijackThis or Use Malwarebytes Antimalware
March 18th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is an harmful program.
Name: pcdefender
Filename: pcdefender.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | sysav
Command: %UserProfile%\Application Data\pcdefender.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [sysav] %UserProfile%\Application Data\pcdefender.exe
Description: main component of WinPC Defender
How to remove: use the instructions How to remove WinPC Defender
March 18th, 2009 BHO, O2, Rogue Antispyware/Antivirus
This is an harmful program.
Name: ieocx
Filename: ieocx.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eedc4410-6b4d-4d68-a6bd-c386f0335c1b}
Command: C:\WINDOWS\ieocx.dll
CLSID:
{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}
{eedc4410-6b4d-4d68-a6bd-c386f0335c1b}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: IEocx Class – {96ad72e4-2e2b-4ffc-a5bb-279c2714af12} – C:\WINDOWS\ieocx.dll
O2 – BHO: WinHTTP Class – {eedc4410-6b4d-4d68-a6bd-c386f0335c1b} – C:\WINDOWS\ieocx.dll
Description: Internet Explorer BHO module, component of WinPC Defender
How to remove: use the instructions How to remove WinPC Defender
March 18th, 2009 O23, Rogue Antispyware/Antivirus, Service
This is an harmful program.
Name: services
Filename: services.exe
Command: %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:
O23 – Service: Guard Service (ITGrdEngine) – Unknown owner – %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
Description: trojan, component of Personal Antivirus
How to remove: use the instructions How to remove Personal Antivirus (Uninstall instructions)
March 18th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is an harmful program.
Name: iv
Filename: iv.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | iv
Command: C:\Documents and Settings\lab\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Policies\Explorer\Run: [iv] “C:\Documents and Settings\lab\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe”
Description: trojan, component of Personal Antivirus
How to remove: use the instructions How to remove Personal Antivirus (Uninstall instructions)
