Archive for January, 2009

MS32DLL.dll.vbs

Saturday, January 31st, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: MS32DLL.dll
Filename: MS32DLL.dll.vbs
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{665e2d89-b71e-11dc-b303-a1d3c996a05f}

Command: C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs
CLSID: 665e2d89-b71e-11dc-b303-a1d3c996a05f
Startup Type: autorun.inf
Description: autorun.inf trojan, VBS.Zodgila [Symantec]

How to remove: How to remove trojans that uses autorun.inf file

tel.xls.exe

Saturday, January 31st, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: tel.xls
Filename: tel.xls.exe
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f4d33b2-3b87-11dc-a66c-db09a7dc4b52}

Command: C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
CLSID: 4f4d33b2-3b87-11dc-a66c-db09a7dc4b52
Startup Type: autorun.inf
Description: autorun.inf trojan component
Threat Alias:

Backdoor.VB.ESE [PC Tools]
W32/USBAgent [McAfee]
W32.SillyFDC [Symantec]
WORM_VB.ERF [Trend Micro]
Trojan.Win32.VB.atg [Kaspersky Lab]

How to remove: How to remove trojans that uses autorun.inf file

d.com

Saturday, January 31st, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: d
Filename: d.com
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10219a1d-d86f-11dc-b316-a69dd264945f}

Command: F:\d.com
Startup Type: autorun.inf
Description: autorun.inf trojan component

How to remove: How to remove trojans that uses autorun.inf file

QW2010i.exe

Saturday, January 31st, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: QW2010i
Filename: QW2010i.exe
HijackThis line:

O4 – HKLM\..\Run: [Monitor calibrator] %CommonAppData%\QW2010\QW2010i.exe

Command: %CommonAppData%\QW2010\QW2010i.exe
Startup Type: HKLM->run
HijackThis Category: O4
Description: trojan fakealert, Antivirus 2010 component

How to remove: Use Malwarebytes Anti-malware

winsystems.dll is a trojan FakeAlert, component of Antivirus 360

Saturday, January 31st, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winsystems
Filename: winsystems.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}

Command: C:\WINDOWS\system32\winsystems.dll
CLSID: 0B014B81-4E12-46F9-806F-55867AF8FD3C
Startup Type: BHO
HijackThis Category: O2
Description: trojan FakeAlert, component of Antivirus 360

How to remove: Manually remove the file + use the instructions How to remove Antivirus 360

What is msansspc.dll, How to remove msansspc.dll

Saturday, January 31st, 2009

msansspc.dll is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: msansspc
Filename: msansspc.dll
Registry key:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders | “SecurityProviders”=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

Command: C:\WINDOWS\system32\msansspc.dll
Startup Type: SecurityProviders
Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
“SecurityProviders”=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

Description: trojan

How to remove: use Malwarebytes Anti-malware.

vdac.cmd

Saturday, January 31st, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: vdac
Filename: vdac.cmd
Registry key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{781ab33f-85fd-11dd-98e0-0015afe71045}
Command: J:\vdac.cmd
Startup Type: autorun.inf
Description: autorun.inf trojan component

How to remove: How to remove trojans that uses autorun.inf file

nqecmus.exe

Saturday, January 31st, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: nqecmus
Filename: nqecmus.exe
Registry key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30f0e414-95d0-11dd-992b-001f3ad30b24}
Startup Type: autorun.inf
Description: autorun.inf trojan component
Threat Alias:

Generic.dx [McAfee]
Packed/NSPack [PC Tools]
WORM_NSPACK.AG [Trend Micro]

How to remove: How to remove trojans that uses autorun.inf file

y82td3td.com

Saturday, January 31st, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: y82td3td
Filename: y82td3td.com
Registry key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{156348aa-6f7d-11dd-a36f-ffb4bd6902f1}
Command: G:\y82td3td.com
Startup Type: autorun.inf
Description: autorun.inf trojan component
Threat Aliases:

Trojan.Lineage.Gen!Pac.3 [PC Tools]
Mal/EncPk-CE [Sophos]
PWS-Gamania.gen.a [McAfee]
PWS-LegMir.gen.k [McAfee]
PWS:Win32/Frethog.gen!L [Microsoft]
Trojan.Packed.NsAnti [Symantec]
Worm.Win32.AutoRun.cva [Kaspersky Lab]
Mal_NSAnti-1 [Trend Micro]
Packed.Win32.PolyCrypt.h [Kaspersky Lab]
PE_SALITY.M [Trend Micro]
TSPY_ONLINEG.CTR [Trend Micro]
W32.Gammima.AG [Symantec]
W32/Sality.ae [McAfee]
Win32.Sality.AK [PC Tools]
Worm:Win32/Taterf.gen!C [Microsoft]

How to remove: How to remove trojans that uses autorun.inf file

systemguard.exe is a main file of System Guard 2009

Monday, January 26th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: systemguard
Filename: systemguard.exe
Command: C:\Program Files\System Guard 2009\systemguard.exe
Startup Type: registry run key
HijackThis Category: O4
Description: main file of System Guard 2009

How to remove: How to remove System Guard 2009 (Delete instructions)