March 1st, 2009 
O4, Rogue Antispyware/Antivirus, Run
This is an harmful program.
Name: cfrog
Filename: cfrog.exe
Command: c:\windows\system32\cfrog.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [c:\windows\system32\cfrog.exe] c:\windows\system32\cfrog.exe
Description: component of WiniGuard
How to remove: Use HijackThis
March 1st, 2009 O4, Run, Trojan
This is an harmful program.
Name: promo
Filename: promo.exe
Command: c:\windows\system32\promo.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [promo.exe] c:\windows\system32\promo.exe
Description: trojan (found with WiniGuard)
How to remove: How to remove WiniGuard (Delete instructions) or Use HijackThis.
February 28th, 2009 Malware, O4, Run
This is an harmful program.
Name: xivop
Filename: xivop.exe
Command: C:\WINDOWS\xivop.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [xivop] C:\WINDOWS\xivop.exe
Description: component of unknown malware
How to remove: Use HijackThis
February 28th, 2009 Malware, O4, Run
This is an harmful program.
Name: qwbqgkxr
Filename: qwbqgkxr.exe
Command: C:\WINDOWS\qwbqgkxr.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [MaG78PfJs] C:\WINDOWS\qwbqgkxr.exe
Description: component of unknown malware
How to remove: Use HijackThis
February 28th, 2009 BHO, Malware, O2
This is an harmful program.
CLSID: {69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: (no name) – {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} – (no file)
Combofix/RSIT Line:
Description: part of SPYW_IMISERV.C, looks here
How to remove: Use HijackThis
February 28th, 2009 Driver, Trojan
This is an harmful program.
Name: uacinit
Filename: uacinit.dll
Command: %windir%\System32\uacinit.dll
Startup Type: Driver
Description: component of UACd.sys trojan (windowsclick.com hijacker)
How to remove: How to remove windowsclick.com redirect [UACd.sys trojan]
February 28th, 2009 autorun.inf, Trojan
This is an harmful program.
Name: m9ma
Filename: m9ma.exe
Registry key:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e1c83a-e730-11dd-80d2-001731eea33c}
CLSID: {f2e1c83a-e730-11dd-80d2-001731eea33c}
Startup Type: autorun.inf
Combofix/RSIT Line:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e1c83a-e730-11dd-80d2-001731eea33c}]
shell\AutoRun\command – m9ma.exe
shell\explore\command – m9ma.exe
shell\open\command – m9ma.exe
Description: Trojan/Win32.Inject.ldi (W32/Backdoor2)
How to remove: How to remove trojans that uses autorun.inf file
February 28th, 2009 autorun.inf, Trojan
This is an harmful program.
Name: nfdmg
Filename: nfdmg.com
Registry key:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0b9b731-e792-11dd-80d3-001731eea33c}
CLSID: {a0b9b731-e792-11dd-80d3-001731eea33c}
Startup Type: autorun.inf
Combofix/RSIT Line:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0b9b731-e792-11dd-80d3-001731eea33c}]
shell\AutoRun\command – nfdmg.com
shell\explore\command – nfdmg.com
shell\open\command – nfdmg.com
Description: Trojan.Win32.VB (virus)
How to remove: How to remove nfdmg.com – trojan that uses autorun.inf file
February 28th, 2009 AppInit DLLs, O20, Trojan
This is an harmful program.
Name: wcpfvd
Filename: wcpfvd.dll
Startup Type: AppInit DLLs
HijackThis Category: O20
HijackThis Line:
O20 – AppInit_DLLs: wcpfvd.dll
Description: component of a trojan
How to remove: Use HijackThis
February 28th, 2009 LSP, O10, Trojan
This is an harmful program.
Name: ntdll64
Filename: ntdll64.dll
Command: c:\windows\temp\ntdll64.dll
Startup Type: LSP
HijackThis Category: O10
HijackThis Line:
O10 – Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
Description: Trojan
How to remove: How to use LSP Fix to repair Winsock 2 settings
