Archive for April, 2009
Saturday, April 25th, 2009
This is a harmful program.
Name: winav
Filename: winav.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysav
Command: %UserProfile%\Application Data\winav.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [sysav] %UserProfile%\Application Data\winav.exe
Description: main file of WinPC Antivirus (rogue antispyware)
How to remove: use the instruction How to remove WinPC Antivirus (Uninstall instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: lsascs
Filename: lsascs.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | System Protector
Command: %UserProfile%\Application Data\lsascs.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [System Protector] %UserProfile%\Application Data\lsascs.exe
Description: component of System Protector
How to remove: use the instructions How to remove System Protector (Uninstall instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: winsource
Filename: winsource.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}
Command: C:\WINDOWS\system32\winsource.dll
CLSID: {D263FA6D-84CC-48A8-9AF6-C664362B7A5B}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: &Research – {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} – C:\WINDOWS\system32\winsource.dll
Description: trojan.bho, installed with Total Security
How to remove: use the instruction How to remove Total Security (Uninstall instructions)
Posted in BHO, O2, Rogue Antispyware/Antivirus, Trojan | 2 Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: tsc
Filename: tsc.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | random_name
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TS
Command:
C:\Program Files\TSC\tsc.exe
C:\Program Files\TS\tsc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [12840894984709702141078366734454] C:\Program Files\TSC\tsc.exe
O4 – HKCU\..\Run: [TS] C:\Program Files\TS\tsc.exe
Description: main file of Total Security (rogue antispyware program)
How to remove: use the instructions How to remove Total Security (Uninstall instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: pas
Filename: pas.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | P Antispyware 09
Command: C:\Program Files\P Antispyware 09\pas.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [P Antispyware 09] C:\Program Files\P Antispyware 09\pas.exe /autorun
Description: main file of PAntispyware09 (rogue antispyware program)
How to remove: use the instructions How to remove PAntispyware09 or P Antispyware 09 (Uninstall instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: sysshield
Filename: sysshield.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Windows applications server
Command: c:\windows\system32\sysshield.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Windows applications server] c:\windows\system32\sysshield.exe
Description: trojan, component of Antivirus09 (rogue antispyware software)
How to remove: use the instruction How to remove Antivirus’09 (Uninstall instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: ExtraAV
Filename: ExtraAV.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Extra Antivirus
Startup Type: HKCU->Run
HijackThis Category: O4
Description: main file of Extra Antivirus (rogue antispyware program)
How to remove: use the instructions How to uninstall Extra Antivirus (Removal instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: gxvxcserv
Registry key:
HKEY_LOCAL_MACHINE\System\Controlset001\Enum\legacy_gxvxcserv.sys
HKEY_LOCAL_MACHINE\System\Controlset003\Enum\legacy_gxvxcserv.sys
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gxvxcserv.sys
Command: command
Startup Type: Hidden driver
Description: troajn w32.Tidserv. The trojan uses rootkit techniques designed to hide the software presence in the system.
How to remove: use the instructions How to remove gxvxcserv.sys trojan (Google redirect virus)
Posted in Driver, Rootkit | 3 Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: aap
Filename: aap.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Antivirus Agent Pro
Command: C:\Program Files\Antivirus Agent Pro\aap.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Antivirus Agent Pro] C:\Program Files\Antivirus Agent Pro\aap.exe
Description: main file of Antivirus Agent Pro – rogue antispyware program
How to remove: use the instructions How to remove Antivirus Agent Pro (Delete Instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Saturday, April 25th, 2009
This is a harmful program.
Name: guard
Filename: guard.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | guard
Command: C:\WINDOWS\guard.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [guard] C:\WINDOWS\guard.exe
Description: component of Antivirus Agent Pro (rogue qntispyware program)
How to remove: use the instructions How to remove Antivirus Agent Pro (Delete Instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
