Archive for June, 2009
Friday, June 26th, 2009
This is a harmful program.
Name: SysShield
Filename: SysShield.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Windows applications server
Command: C:\WINDOWS\system32\SysShield.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Windows applications server] C:\WINDOWS\system32\SysShield.exe
Description: component of Antivirus Protection (rogue antivirus/antispyware program)
How to remove: use these Antivirus Protection removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Friday, June 26th, 2009
This is a harmful program.
Name: AVP
Filename: AVP.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | AntiVirus Protection
Command: C:\Program Files\AntiVirus Protection\AVP.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [AntiVirus Protection] C:\Program Files\AntiVirus Protection\AVP.exe
Description: main file of Antivirus Protection (rogue antivirus/antispyware program)
How to remove: use these Antivirus Protection removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Monday, June 22nd, 2009
This is a harmful program.
Name: MD[random]
Filename: MD[random].exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Malware Destructor 2009
Command: C:\Documents and Settings\All Users\Application Data\f5bc4e8\MDf5bc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Malware Destructor 2009] “C:\Documents and Settings\All Users\Application Data\f5bc4e8\MDf5bc.exe” /s /d
Description: main file of Malware Destructor 2009 (rogue antispyware program). Uses random file names for hide itself.
How to remove: use these Malware Destructor 2009 removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Thursday, June 18th, 2009
This is a harmful program.
Name: ld08
Filename: ld08.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysldtray
Command: c:\windows\ld08.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [sysldtray] c:\windows\ld08.exe
Description: worm koobface is a worm that spreads through Myspace and Facebook. Also known as Net-Worm.Win32.Koobface.hn, W32/Koobfa-Gen.
How to remove: use these koobface removal instructions
Posted in O4, Run, Worm | No Comments »
Thursday, June 18th, 2009
This is a harmful program.
Name: virusremover
Filename: virusremover.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Virus Remover Profesional
Command: %ProgramFiles%\Virus Remover Professional\virusremover.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Virus Remover Profesional] C:\Program Files\Virus Remover Professional\virusremover.exe
Description: main file of Virus Remover Profesional (rogue antvirus/antispyware program)
How to remove: use Malwarebytes Antimalware
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Thursday, June 18th, 2009
This is a harmful program.
Name: mediacodec
Filename: mediacodec.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | mediacodec.exe
Command: %UserProfile%\Temp\mediacodec.exe
Startup Type: HKCU->Run
HijackThis Category:O4
HijackThis Line:
O4 – HKCU\..\Run: [mediacodec.exe] %UserProfile%\Temp\mediacodec.exe
Description: main file of VSCodec Pro (fake codec)
How to remove: use SmitFraudFix
Posted in Fake codec, O4, Run | No Comments »
Monday, June 15th, 2009
This is a harmful program.
Name: psystem
Filename: psystem.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Protection System
Command: C:\Program Files\Protection System\psystem.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Protection System] C:\Program Files\Protection System\psystem.exe
Description: main file of Protection System (rogue antispyware program)
How to remove: use Malwarebytes Antimalware
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Monday, June 15th, 2009
This is a harmful program.
Name: wingenocx
Filename: wingenocx.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
Command: C:\WINDOWS\system32\wingenocx.dll
CLSID: {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: BhoApp – {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} – C:\WINDOWS\system32\wingenocx.dll
Description: trojan BHO that installed with Protection System (rogue antispyware software)
How to remove: use Malwarebytes Antimalware
Posted in BHO, O2, Rogue Antispyware/Antivirus, Trojan | No Comments »
Monday, June 15th, 2009
This is a harmful program.
Name: pp10
Filename: pp10.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | pp
Command: c:\windows\pp10.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [pp] c:\windows\pp10.exe
Description: component of worm koobface (spreads through social networking sites)
How to remove: use these koobface removal instructions
Posted in O4, Run, Worm | No Comments »
Monday, June 15th, 2009
This is a harmful program.
Name: ld09
Filename: ld09.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysldtray
Command: c:\windows\ld09.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [sysldtray] c:\windows\ld09.exe
Description: worm koobface is a worm that spreads through social networking sites (Myspace and Facebook).
How to remove: use these koobface removal instructions
Posted in O4, Run, Worm | No Comments »
