Archive for April, 2009
Tuesday, April 28th, 2009
This is a harmful program.
Name: tazeyubo
Filename: tazeyubo.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS
Command: C:\WINDOWS\system32\tazeyubo.dll
Startup Type: AppInit DLLs
HijackThis Category: O20
HijackThis Line:
O20 – AppInit_DLLs: C:\WINDOWS\system32\tazeyubo.dll
Description: trojan Vundo component
How to remove: use the instructions How to remove Trojan Vundo
Posted in AppInit DLLs, O20, Trojan | No Comments »
Tuesday, April 28th, 2009
This is a harmful program.
Name: gadcom
Filename: gadcom.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | gadcom
Command: C:\Documents and Settings\user\Application Data\gadcom\gadcom.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [gadcom] “C:\Documents and Settings\user\Application Data\gadcom\gadcom.exe”
Description: trojan, installed with rogue antispyware programs and other malware
How to remove: use Malwarebytes Antimalware
Posted in O4, Run, Trojan | No Comments »
Tuesday, April 28th, 2009
This is a harmful program.
Name: AntivirusXP
Filename: AntivirusXP.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntivirusXP.exe
Command: C:\Program Files\AntivirusXP\AntivirusXP.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [AntivirusXP.exe] C:\Program Files\AntivirusXP\AntivirusXP.exe
Description: main file of Antivirus XP Pro (rogue antispyware program)
How to remove: use the instructions How to remove Antivirus XP Pro (Delete instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Monday, April 27th, 2009
This is a harmful program.
Name: svchost
Filename: svchost.exe
Command: C:\WINDOWS\svchost.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:
O23 – Service: AntipyWarex32_ (AntipWinsx32_) – Unknown owner – C:\WINDOWS\svchost.exe
Description: malware, component of Win Antivirus (rogue antispyware program)
How to remove: use the instructions How to remove ASC AntiSpyware or Win Antivirus Vista/XP (Delete instructions)
Posted in O23, Rogue Antispyware/Antivirus, Service | No Comments »
Monday, April 27th, 2009
This is a harmful program.
Name: WinAntivirus
Filename: WinAntivirus.exe
Command: C:\Program Files\Win-Antivirus\WinAntivirus.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:
O4 – Startup: ASC-AntiSpyware.lnk = C:\Program Files\Win-Antivirus\WinAntivirus.exe
Description: main file of Win Antivirus (rogue antispyware program)
How to remove: use the instructions How to remove ASC AntiSpyware or Win Antivirus Vista/XP (Delete instructions)
Posted in O4, Rogue Antispyware/Antivirus, Startup folder | No Comments »
Monday, April 27th, 2009
This is a harmful program.
Name: dddesot
Filename: dddesot.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F54AF7DE-6038-4026-8433-CC30E3F17212}
Command: C:\WINDOWS\system32\dddesot.dll
CLSID: {F54AF7DE-6038-4026-8433-CC30E3F17212}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: ICQSys (IE PlugIn) – {F54AF7DE-6038-4026-8433-CC30E3F17212} – C:\WINDOWS\system32\dddesot.dll
Description: trojan.bho, component of Win Antivirus and ASC AntiSpyware (rogue antivirus programs)
How to remove: use the instructions How to remove ASC AntiSpyware or Win Antivirus Vista/XP (Delete instructions)
Posted in BHO, O2, Rogue Antispyware/Antivirus | No Comments »
Monday, April 27th, 2009
This is a harmful program.
Name: IEPlugin163
Filename: IEPlugin163.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F3D01F3-2A8E-4814-AA0F-8315172D22BF}
Command: C:\Program Files\Win-Antivirus\modules\IEPlugin163.dll<
CLSID: {2F3D01F3-2A8E-4814-AA0F-8315172D22BF}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: AntiSyware (IE PlugIn) – {2F3D01F3-2A8E-4814-AA0F-8315172D22BF} – C:\Program Files\Win-Antivirus\modules\IEPlugin163.dll
Description: trojan.bho, component of Win Antivirus (rogue antispyware program)
How to remove: use the instructions How to remove ASC AntiSpyware or Win Antivirus Vista/XP (Delete instructions)
Posted in BHO, O2, Rogue Antispyware/Antivirus | No Comments »
Monday, April 27th, 2009
This is a harmful program.
Name: Malware Doctor
Filename: Malware Doctor.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Alcmtr
Command: C:\Program Files\Malware Doctor\Malware Doctor.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Alcmtr] C:\Program Files\Malware Doctor\Malware Doctor.exe
Description: main file of Malware Doctor (rogue antispyware program)
How to remove: use the instructions How to remove MalwareDoc or Malware Doctor (Delete instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Sunday, April 26th, 2009
This is a harmful program.
Name: UACd
Filename: UACd.sys
Registry key:
HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_UACd.sys
Startup Type: hidden driver
Description: trojan that uses rootkit-specific techniques designed to hide itself.
How to remove: use the instruction How to remove windowsclick.com redirect [UACd.sys trojan]
Posted in Driver, Rootkit, Trojan | No Comments »
Sunday, April 26th, 2009
This is a harmful program.
Name: gaopdxserv
Filename: gaopdxserv.sys
Registry key:
HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_gaopdxserv.sys
Startup Type: hidden driver
Description:variant of TDSSserv trojan (uses rootkit-specific techniques designed to hide the software presence in the system.)
How to remove: use the instruction How to remove Google searches redirect/vimax ads [gaopdxserv.sys trojan]
Posted in Driver, Rootkit, Trojan | No Comments »
