Archive for November, 2009

What is sys64_nov.exe, How to remove sys64_nov.exe

Sunday, November 29th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sys64_nov
Filename: sys64_nov.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sys64_nov
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | sys64_nov

Command:

%WinDir%\system32\sys64_nov.exe
%UserProfile%\sys64_nov.exe

Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sys64_nov] C:\WINDOWS\system32\sys64_nov.exe
O4 – HKCU\..\Run: [sys64_nov] C:\Documents and Settings\user\sys64_nov.exe

DDS Line:

mRun: [sys64_nov] C:\WINDOWS\system32\sys64_nov.exe
uRun: [sys64_nov] C:\Documents and Settings\user\sys64_nov.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sys64_nov”=C:\WINDOWS\system32\sys64_nov.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“sys64_nov”=C:\Documents and Settings\user\sys64_nov.exe

Description: trojan agent that installed with rogue antispyware programs

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is sshnas.dll, How to remove sshnas.dll

Saturday, November 28th, 2009

sshnas.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sshnas
Filename: sshnas.dll
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SSHNAS

Command: C:\Windows\system32\sshnas.dll
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork

DDS Line:

uRun: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SSHNAS”=rundll32.exe C:\Windows\system32\sshnas.dll,DllWork
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

Description: component of trojan FakeAlert

How to remove: use these sshnas.dll removal instructions.

What is winlogon86.exe, How to remove winlogon86.exe

Saturday, November 28th, 2009

winlogon86.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winlogon86
Filename: winlogon86.exe
Command: C:\WINDOWS\system32\winlogon86.exe
Startup Type: System.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe

Description: trojan that installed with rogue antispyware program.

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is sysguard2010.microsoft.com, How to remove sysguard2010.microsoft.com

Saturday, November 28th, 2009

sysguard2010.microsoft.com is a malicious website

remove The site was created to spread Antivirus System Pro. If your browser is redirected to sysguard2010.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Site addess: sysguard2010.microsoft.com
Description: sysguard2010.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus System Pro.

How to remove: use these Antivirus System Pro removal instructions in order to remove this infection.

What is RESpyWare.exe, How to remove RESpyWare.exe

Friday, November 27th, 2009

RESpyWare.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: RESpyWare
Filename: RESpyWare.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | RESpyWare.exe

Command: C:\Program Files\RESpyWare Software\RESpyWare\RESpyWare.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [RESpyWare.exe] C:\Program Files\RESpyWare Software\RESpyWare\RESpyWare.exe

DDS Line:

uRun: [RESpyWare.exe] C:\Program Files\RESpyWare Software\RESpyWare\RESpyWare.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“RESpyWare.exe”=C:\Program Files\RESpyWare Software\RESpyWare\RESpyWare.exe [2009-11-28 1637888]

Description: core component of RESpyWare. RESpyWare is a rogue antispyware program.

How to remove: use these RESpyWare removal instructions.

What is Antivir.exe, How to remove Antivir.exe

Friday, November 27th, 2009

Antivir.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Antivir
Filename: Antivir.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AV

Command: C:\Program Files\AV\Antivir.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe

DDS Line:

uRun: [AV] C:\Program Files\AV\Antivir.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AV”=C:\Program Files\AV\Antivir.exe

Description: core part of Antivir. Antivir is a rogue antispyware program.

How to remove: use these Antivir removal instructions.

What is REAnti.exe, How to remove REAnti.exe

Thursday, November 26th, 2009

REAnti.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: REAnti
Filename: REAnti.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | REAnti.exe

Command: C:\Program Files\REAnti Software\REAnti\REAnti.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [REAnti.exe] C:\Program Files\REAnti Software\REAnti\REAnti.exe

DDS Line:

uRun: [REAnti.exe] C:\Program Files\REAnti Software\REAnti\REAnti.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“REAnti.exe”=C:\Program Files\REAnti Software\REAnti\REAnti.exe [2009-11-27 1638400]

Description: core component of REAnti. REAnti is a rogue antispyware program

How to remove: use these REAnti removal instructions.

What is KeepCop.exe, How to remove KeepCop.exe

Tuesday, November 24th, 2009

KeepCop.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: KeepCop
Filename: KeepCop.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | KeepCop

Command: C:\Program Files\KeepCop Software\KeepCop\KeepCop.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [KeepCop] C:\Program Files\KeepCop Software\KeepCop\KeepCop.exe -min

DDS Line:

uRun: [KeepCop] C:\Program Files\KeepCop Software\KeepCop\KeepCop.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“KeepCop”=C:\Program Files\KeepCop Software\KeepCop\KeepCop.exe

Description: core component of KeepCop. KeepCop is a rogue antispyware program.

How to remove: use these KeepCop removal instructions.

What is alpha.exe, How to remove alpha.exe

Monday, November 23rd, 2009

alpha.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: alpha
Filename: alpha.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AAntivirus

Command: C:\Program Files\AAntivirus\alpha.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AAntivirus] C:\Program Files\AAntivirus\alpha.exe

DDS Line:

uRun: [AAntivirus] C:\Program Files\AAntivirus\alpha.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AAntivirus”=C:\Program Files\AAntivirus\alpha.exe

Description: core component of Alpha Antivirus. Alpha Antivirus is a rogue antispyware program.

How to remove: use these Alpha Antivirus removal instructions.

What is ExplorerImages.dll, How to remove ExplorerImages.dll

Monday, November 23rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ExplorerImages
Filename: ExplorerImages.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Command: C:\WINDOWS\system32\ExplorerImages.dll
CLSID: {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: &Advanced Explorer Editor – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\ExplorerImages.dll

DDS Line:

BHO: &Advanced Explorer Editor – {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} – C:\WINDOWS\system32\ExplorerImages.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Description: component of Alpha Antivirus that hijacks InternetExplorer. Alpha Antivirus is a rogue antispyware program.

How to remove: use these Alpha Antivirus removal instructions.