HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: mstdl
Filename: mstdl.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | wsc

Command: C:\Program Files\msca\mstdl.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [wsc] C:\Program Files\msca\mstdl.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“wsc”=C:\Program Files\msca\mstdl.exe

Description: component of MaCatte Antivirus 2009. MaCatte Antivirus 2009 is a rogue antispyware program.

How to remove: use these MaCatte Antivirus 2009 removal instructions.

spyware-list.com is a malicious website

The site was created to spread Alpha Antivirus. If your browser is redirected to spyware-list.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 94.102.58.252
Site addess: spyware-list.com
Description: The site used to promote the rogue antispyware program called Alpha Antivirus.

How to remove: use these Alpha Antivirus removal instructions in order to remove this infection.

spyware-url.com is a malicious website

The site was created to spread Alpha Antivirus. If your browser is redirected to spyware-url.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 95.143.207.4
Site addess: spyware-url.com
Description: The site used to promote the rogue antispyware program called Alpha Antivirus.

How to remove: use these Alpha Antivirus removal instructions in order to remove this infection.

malware-url.com is a malicious website

The site was created to spread Alpha Antivirus. If your browser is redirected to malware-url.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 95.143.207.4
Site addess: malware-url.com
Description: The site used to promote the rogue antispyware program called Alpha Antivirus.

How to remove: use these Alpha Antivirus removal instructions in order to remove this infection.

BlockProtector.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: BlockProtector
Filename: BlockProtector.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BlockProtector.exe

Command: C:\Program Files\BlockProtector Software\BlockProtector\BlockProtector.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [BlockProtector.exe] C:\Program Files\BlockProtector Software\BlockProtector\BlockProtector.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“BlockProtector.exe”=C:\Program Files\BlockProtector Software\BlockProtector\BlockProtector.exe [2009-11-05 772608]

Description: core component of BlockProtector. BlockProtector is a rogue antispyware program.

How to remove: use these BlockProtector removal instructions.

logon.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: logon
Filename: logon.exe
Startup Type: system.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe logon.exe

Description: trojan that installed with a rogue antispyware program

How to remove: use HijackThis + Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sysnet
Filename: sysnet.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | SysNet

Command: C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll
CLSID: {13E9115E-2CB0-4CAB-91D0-507E9368ED1B}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: SysNet – {13E9115E-2CB0-4CAB-91D0-507E9368ED1B} – C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll

RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SysNet – {13E9115E-2CB0-4CAB-91D0-507E9368ED1B} – C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll

Description: trojan agent that installed with a rogue antispyware program

How to remove: use HijackThis + Malwarebytes` Anti-malware

csrss1.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: csrss1
Filename: csrss1.dll
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Csrss

Command: c:\windows\system32\csrss1.dll
Startup Type: Winlogon Notify
HijackThis Category: O20
HijackThis Line:

O20 – Winlogon Notify: Csrss – c:\windows\system32\csrss1.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Csrss]
2009-10-20 17:31 139264 —-a-w- c:\windows\system32\csrss1.dll

Description: unknown trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

ossecure2009.microsoft.com is a malicious website

The site was created to spread Antivirus System Pro. If your browser is redirected to ossecure2009.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 91.212.127.226
Site addess: ossecure2009.microsoft.com
HijackThis Category: O1
HijackThis Line:

O1 – Hosts: 91.212.127.226 ossecure2009.microsoft.com

Description: ossecure2009.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus System Pro.

How to remove: use these Antivirus System Pro removal instructions in order to remove this infection.

browser-security.microsoft.com is a malicious website

The site was created to spread Antivirus System Pro. If your browser is redirected to browser-security.microsoft.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 195.245.119.131
Site addess: browser-security.microsoft.com
HijackThis Category: O1
HijackThis Line:

O1 – Hosts: 195.245.119.131 browser-security.microsoft.com

Description: browser-security.microsoft.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus System Pro.

How to remove: use these Antivirus System Pro removal instructions in order to remove this infection.