HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sys64_nov
Filename: sys64_nov.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sys64_nov
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | sys64_nov

Command:

%WinDir%\system32\sys64_nov.exe
%UserProfile%\sys64_nov.exe

Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sys64_nov] C:\WINDOWS\system32\sys64_nov.exe
O4 – HKCU\..\Run: [sys64_nov] C:\Documents and Settings\user\sys64_nov.exe

DDS Line:

mRun: [sys64_nov] C:\WINDOWS\system32\sys64_nov.exe
uRun: [sys64_nov] C:\Documents and Settings\user\sys64_nov.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sys64_nov”=C:\WINDOWS\system32\sys64_nov.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“sys64_nov”=C:\Documents and Settings\user\sys64_nov.exe

Description: trojan agent that installed with rogue antispyware programs

How to remove: use HijackThis + Malwarebytes` Anti-malware

sshnas.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sshnas
Filename: sshnas.dll
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SSHNAS

Command: C:\Windows\system32\sshnas.dll
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork

DDS Line:

uRun: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SSHNAS”=rundll32.exe C:\Windows\system32\sshnas.dll,DllWork
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

Description: component of trojan FakeAlert

How to remove: use these sshnas.dll removal instructions.

winlogon86.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winlogon86
Filename: winlogon86.exe
Command: C:\WINDOWS\system32\winlogon86.exe
Startup Type: System.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe

Description: trojan that installed with rogue antispyware program.

How to remove: use HijackThis + Malwarebytes` Anti-malware

sysguard2010.microsoft.com is a malicious website

The site was created to spread Antivirus System Pro. If your browser is redirected to sysguard2010.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Site addess: sysguard2010.microsoft.com
Description: sysguard2010.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus System Pro.

How to remove: use these Antivirus System Pro removal instructions in order to remove this infection.

RESpyWare.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: RESpyWare
Filename: RESpyWare.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | RESpyWare.exe

Command: C:\Program Files\RESpyWare Software\RESpyWare\RESpyWare.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [RESpyWare.exe] C:\Program Files\RESpyWare Software\RESpyWare\RESpyWare.exe

DDS Line:

uRun: [RESpyWare.exe] C:\Program Files\RESpyWare Software\RESpyWare\RESpyWare.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“RESpyWare.exe”=C:\Program Files\RESpyWare Software\RESpyWare\RESpyWare.exe [2009-11-28 1637888]

Description: core component of RESpyWare. RESpyWare is a rogue antispyware program.

How to remove: use these RESpyWare removal instructions.

Antivir.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Antivir
Filename: Antivir.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AV

Command: C:\Program Files\AV\Antivir.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe

DDS Line:

uRun: [AV] C:\Program Files\AV\Antivir.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AV”=C:\Program Files\AV\Antivir.exe

Description: core part of Antivir. Antivir is a rogue antispyware program.

How to remove: use these Antivir removal instructions.

REAnti.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: REAnti
Filename: REAnti.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | REAnti.exe

Command: C:\Program Files\REAnti Software\REAnti\REAnti.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [REAnti.exe] C:\Program Files\REAnti Software\REAnti\REAnti.exe

DDS Line:

uRun: [REAnti.exe] C:\Program Files\REAnti Software\REAnti\REAnti.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“REAnti.exe”=C:\Program Files\REAnti Software\REAnti\REAnti.exe [2009-11-27 1638400]

Description: core component of REAnti. REAnti is a rogue antispyware program

How to remove: use these REAnti removal instructions.

KeepCop.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: KeepCop
Filename: KeepCop.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | KeepCop

Command: C:\Program Files\KeepCop Software\KeepCop\KeepCop.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [KeepCop] C:\Program Files\KeepCop Software\KeepCop\KeepCop.exe -min

DDS Line:

uRun: [KeepCop] C:\Program Files\KeepCop Software\KeepCop\KeepCop.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“KeepCop”=C:\Program Files\KeepCop Software\KeepCop\KeepCop.exe

Description: core component of KeepCop. KeepCop is a rogue antispyware program.

How to remove: use these KeepCop removal instructions.

alpha.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: alpha
Filename: alpha.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AAntivirus

Command: C:\Program Files\AAntivirus\alpha.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AAntivirus] C:\Program Files\AAntivirus\alpha.exe

DDS Line:

uRun: [AAntivirus] C:\Program Files\AAntivirus\alpha.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AAntivirus”=C:\Program Files\AAntivirus\alpha.exe

Description: core component of Alpha Antivirus. Alpha Antivirus is a rogue antispyware program.

How to remove: use these Alpha Antivirus removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ExplorerImages
Filename: ExplorerImages.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Command: C:\WINDOWS\system32\ExplorerImages.dll
CLSID: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &Advanced Explorer Editor – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\ExplorerImages.dll

DDS Line:

BHO: &Advanced Explorer Editor – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\ExplorerImages.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Description: component of Alpha Antivirus that hijacks InternetExplorer. Alpha Antivirus is a rogue antispyware program.

How to remove: use these Alpha Antivirus removal instructions.