February 14th, 2009 
autorun.inf, Trojan
This is an harmful program.
Name: RavMon
Filename: RavMon.exe
CLSID: {6aa9cf46-be16-11dc-bbe3-00c09fcd8ea0}
Startup Type: autorun.inf
Combofix/RSIT Line:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6aa9cf46-be16-11dc-bbe3-00c09fcd8ea0}]
shell\AutoRun\command – RavMon.exe
Description: component of autorun.inf trojan
How to remove: How to remove trojans that uses autorun.inf file
February 14th, 2009 autorun.inf, Trojan
This is an harmful program.
Name: xn1i9x
Filename: xn1i9x.com
Command: E:\xn1i9x.com
CLSID: {553a93c0-a1bf-11dc-bb98-00c09fcd8ea0}
Startup Type: autorun.inf
Combofix/RSIT Line:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{553a93c0-a1bf-11dc-bb98-00c09fcd8ea0}]
shell\AutoRun\command – E:\xn1i9x.com
shell\explore\command – E:\xn1i9x.com
shell\open\command – E:\xn1i9x.com
Description: component of autorun.inf trojan
How to remove: How to remove trojans that uses autorun.inf file
February 14th, 2009 autorun.inf, Trojan
This is an harmful program.
Name: adp
Filename: adp.exe
Command: E:\adp.exe
CLSID: {0ba21128-2e71-11dc-b73f-00c09fcd8ea0}
Startup Type: autorun.inf
Combofix/RSIT Line:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ba21128-2e71-11dc-b73f-00c09fcd8ea0}]
shell\Auto\command – E:\adp.exe
shell\AutoRun\command – C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL adp.exe
Description: component of autorun.inf trojan
How to remove: How to remove trojans that uses autorun.inf file
February 14th, 2009 adware, O4, Policies\Explorer\Run
This is an harmful program.
Name: wcs
Filename: wcs.exe
Command: %programfiles%\Applications\wcs.exe
Startup Type: HKLM->Policies\Explorer\Run:
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
Description: variant of the Adware/Netproject malware
How to remove: Use HijackThis.
February 14th, 2009 O4, Run, Trojan
This is an harmful program.
Name: algg
Filename: algg.exe
Registry key: key
Command: %windir%\system32\algg.exe
Startup Type: HKCU->run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe
Description: trojan downloader
How to remove: Use HijackThis.
February 14th, 2009 O4, Rogue Antispyware/Antivirus, Run
This is an harmful program.
Name: VirusRL2009
Filename: VirusRL2009.exe
Command: %programfiles%\VirusRL2009\VirusRL2009.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [VirusRL2009] “C:\Program Files\VirusRL2009\VirusRL2009.exe”
Description: Virus Response Lab 2009 rogue antivirus component
How to remove: How to remove VirusResponseLab
February 14th, 2009 O4, RunServices
This is an harmful program.
Name: lockx
Filename: lockx.exe
Command: %windir%\system32\lockx.exe
Startup Type: HKLM->RunServices, HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\RunServices: [strtas] lockx.exe
O4 – HKCU\..\Run: [strtas] lockx.exe
Description: W32/Sdbot-ADD worm
How to remove: Use HijackThis
February 14th, 2009 BHO, O2
This is an harmful program.
Name: bfgtoolbar
Filename: bfgtoolbar.dll
Command: [%PROGRAM_FILES%]\bfgtoolbar\bfgtoolbar.dll
CLSID: {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: (no name) – {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} – (no file)
Description: Adware OneToolBar
Notes: Big Fish Games Toolbar
How to remove: Use HijackThis.
February 8th, 2009 Trojan
This is an harmful program.
Name: TDSStkdv
Filename: TDSStkdv.log
Command: c:\windows\system32\TDSStkdv.log
Description: Trojan TDSSserv component
How to remove: How to remove trojan TDSSserv (TDSSserv.sys), clbdriver.sys and seneka.sys
February 8th, 2009 Trojan
This is an harmful program.
Name: TDSSosvn
Filename: TDSSosvn.dat
Command: c:\windows\system32\TDSSosvn.dat
Description: Trojan TDSSserv component
How to remove: How to remove trojan TDSSserv (TDSSserv.sys), clbdriver.sys and seneka.sys
