February 28th, 2009 
O4, Run, Trojan
This is an harmful program.
Name: msiconf
Filename: msiconf.exe
Startup Type: HKUS->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User ‘Default user’)
Description: Trojan
How to remove: Use HijackThis
February 28th, 2009 Rogue Antispyware/Antivirus
This is an harmful program.
Name: ExtSecurityCenter
Filename: ExtSecurityCenter.exe
Command: %programfiles%\VirusRemover2009\ExtSecurityCenter.exe
Description: component of VirusRemover2009
Notes:
ExtSecurityCenter.exe generates fake alerts, and the XP Security Center screen that looks like legitimate Windows Security Center
How to remove: How to remove VirusRemover2009 (Delete instructions)
February 28th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is an harmful program.
Name: VRM2009
Filename: VRM2009.exe
Command: C:\Program Files\VirusRemover2009\VRM2009.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [VirusRemover2009] C:\Program Files\VirusRemover2009\VRM2009.exe
Description: component of VirusRemover2009
How to remove: How to remove VirusRemover2009 (Delete instructions)
February 28th, 2009 BHO, O2, Rogue Antispyware/Antivirus
This is an harmful program.
Name: IEPlugin163
Filename: IEPlugin163.dll
Command: C:\Program Files\WinCleaner\modules\IEPlugin163.dll
CLSID: {2F3D01F3-2A8E-4814-AA0F-8315172D22BF}
Startup Type: BHO
HijackThis Category: O4
HijackThis Line:
O2 – BHO: AntiSyware (IE PlugIn) – {2F3D01F3-2A8E-4814-AA0F-8315172D22BF} – C:\Program Files\WinCleaner\modules\IEPlugin163.dll
Description: component of WinCleaner 2009
How to remove: How to remove WinCleaner 2009 (Delete instructions)
February 28th, 2009 O4, Rogue Antispyware/Antivirus, Startup folder
This is an harmful program.
Name: WinCleaner
Filename: WinCleaner.exe
Command: C:\Program Files\WinCleaner\WinCleaner.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:
O4 – Startup: ASC-AntiSpyware.lnk = C:\Program Files\WinCleaner\WinCleaner.exe
Description: component of WinCleaner 2009
How to remove: How to remove WinCleaner 2009 (Delete instructions)
February 27th, 2009 Shell, Worm
This is an harmful program.
Name: SbCtri
Filename: SbCtri.exe
Registry key:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = “Explorer.exe %System%\drivers\SbCtri.exe”
Command: %WinDir%\System32\drivers\SbCtri.exe
Startup Type: Winlogon->Shell
Description: Win32/IRCBot.GF
How to remove: Use Spyware removal forum.
February 21st, 2009 O4, Rogue Antispyware/Antivirus, Run
This is an harmful program.
Name: TotalVirusProtection
Filename: TotalVirusProtection.exe
Command: C:\Program Files\TotalVirusProtection\TotalVirusProtection.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Total Virus Protection] C:\Program Files\TotalVirusProtection\TotalVirusProtection.exe
Description: component of Total Virus Protection rogue antivirus/antispyware
How to remove: How to remove Total Virus Protection (Delete instructions)
February 21st, 2009 O4, Rogue Antispyware/Antivirus, Run
This is an harmful program.
Name: Malware Doctor
Filename: Malware Doctor.exe
Command: C:\Program Files\Malware Doctor\Malware Doctor.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Alcmtr] C:\Program Files\Malware Doctor\Malware Doctor.exe
Description: component of Malware Doctor rogue antispyware
How to remove: How to remove MalwareDoc or Malware Doctor (Delete instructions)
February 19th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is an harmful program.
Name: AV1i
Filename: AV1i.exe
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Monitor calibration”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Drives swap”
Command: C:\Documents and Settings\All Users\Application Data\AV1\AV1i.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Monitor calibration] C:\Documents and Settings\All Users\Application Data\AV1\AV1i.exe
O4 – HKLM\..\Run: [Drives swap] C:\Documents and Settings\All Users\Application Data\AV1\AV1i.exe
Description: component of Anti-virus-1 and Anti-virus number 1
How to remove: How to remove Anti-virus-1 (Delete instructions)
February 19th, 2009 BHO, O2, Rogue Antispyware/Antivirus
This is an harmful program.
Name: QWProtect
Filename: QWProtect.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70FEAD04-A7FD-4B89-B814-8A8251C90EF7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D187DFF-423F-41d3-A331-A60DE5886675}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2182220D-AA70-4764-B4E6-1F5BBA322C9C}
Command: C:\Documents and Settings\All Users\Application Data\AV1\QWProtect.dll
CLSID:
{70FEAD04-A7FD-4B89-B814-8A8251C90EF7}
{8D187DFF-423F-41d3-A331-A60DE5886675}
{2182220D-AA70-4764-B4E6-1F5BBA322C9C}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: QWProtectBHO – {70FEAD04-A7FD-4B89-B814-8A8251C90EF7} – C:\Documents and Settings\All Users\Application Data\AV1\QWProtect.dll
O2 – BHO: QWProtectBHO – {8D187DFF-423F-41d3-A331-A60DE5886675} – C:\Documents and Settings\All Users\Application Data\AV1\QWProtect.dll
O2 – BHO: QWProtectBHO – {2182220D-AA70-4764-B4E6-1F5BBA322C9C} – C:\Documents and Settings\All Users\Application Data\N1\QWProtect.dll
Description: component of Anti-virus-1 and Anti-virus number 1
How to remove: How to remove Anti-virus-1 (Delete instructions)
