Archive for December, 2009

What is settdebugx.exe, How to remove settdebugx.exe

Wednesday, December 30th, 2009

settdebugx.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: settdebugx
Filename: settdebugx.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | settdebugx.exe

Command: %Temp%\settdebugx.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\user\LOCALS~1\Temp\settdebugx.exe

DDS Line:

uRun: [settdebugx.exe] C:\DOCUME~1\user\LOCALS~1\Temp\settdebugx.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“settdebugx.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\settdebugx.exe

Description: variant of trojan FakeAlert

How to remove: use these settdebugx.exe removal instructions.

What is avpc2009.exe, How to remove avpc2009.exe

Wednesday, December 30th, 2009

avpc2009.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: avpc2009.exe
Filename: avpc2009.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Antivirus PC 2009
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Antivirus PC 2009

Command: C:\Program Files\Antivirus PC 2009\avpc2009.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Antivirus PC 2009] cmd /C cd “C:\Program Files\Antivirus PC 2009” && start avpc2009.exe
O4 – HKCU\..\Run: [Antivirus PC 2009] cmd /C cd “C:\Program Files\Antivirus PC 2009” && start avpc2009.exe

DDS Line:

mRun: [Antivirus PC 2009] cmd /C cd C:\Program Files\Antivirus PC 2009 && start avpc2009.exe
uRun: [Antivirus PC 2009] cmd /C cd C:\Program Files\Antivirus PC 2009 && start avpc2009.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Antivirus PC 2009″=cmd /C cd C:\Program Files\Antivirus PC 2009 && start avpc2009.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Antivirus PC 2009″=cmd /C cd C:\Program Files\Antivirus PC 2009 && start avpc2009.exe

Description: core part of Antivirus PC 2009. Antivirus PC 2009 is a rogue antispyware program.

How to remove: use these Antivirus PC 2009 removal instructions.

What is GreatDefender.exe, How to remove GreatDefender.exe

Tuesday, December 29th, 2009

GreatDefender.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: GreatDefender
Filename: GreatDefender.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | GreatDefender.exe

Command: C:\Program Files\GreatDefender Software\GreatDefender\GreatDefender.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [GreatDefender.exe] C:\Program Files\GreatDefender Software\GreatDefender\GreatDefender.exe

DDS Line:

uRun: [GreatDefender.exe] C:\Program Files\GreatDefender Software\GreatDefender\GreatDefender.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“GreatDefender.exe”=C:\Program Files\GreatDefender Software\GreatDefender\GreatDefender.exe

Description: core component of GreatDefender. GreatDefender is a rogue antispyware program.

How to remove: use these GreatDefender removal instructions.

What is sysclpro.exe, How to remove sysclpro.exe

Tuesday, December 29th, 2009

sysclpro.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sysclpro
Filename: sysclpro.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SystemCleanerPRO

Command: C:\Program Files\SystemCleanerPRO\sysclpro.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SystemCleanerPRO] “C:\Program Files\SystemCleanerPRO\sysclpro.exe” /autorun

DDS Line:

uRun: [SystemCleanerPRO] C:\Program Files\SystemCleanerPRO\sysclpro.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SystemCleanerPRO”=C:\Program Files\SystemCleanerPRO\sysclpro.exe [2009-04-01 931840]

Description: core component of SystemCleanerPRO. SystemCleanerPRO is a rogue antispyware program.

How to remove: use these SystemCleanerPRO removal instructions.

What is restore.exe, How to remove restore.exe

Tuesday, December 29th, 2009

restore.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: restore
Filename: restore.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Restore

Command: C:\Documents and Settings\All Users\Application Data\F\restore.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Restore] C:\Documents and Settings\All Users\Application Data\F\restore.exe

DDS Line:

uRun: [Restore] C:\Documents and Settings\All Users\Application Data\F\restore.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Restore”=C:\Documents and Settings\All Users\Application Data\F\restore.exe [2009-12-29 22528]

Description: core components of Antispyware Shield Pro. Antispyware Shield Pro is a rogue antispyware program.

How to remove: use these Antispyware Shield Pro removal instructions.

What is wivrs.exe, How to remove wivrs.exe

Sunday, December 27th, 2009

wivrs.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wivrs
Filename: wivrs.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5}

Command: c:\windows\system32\wivrs.exe
CLSID: {43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5}
Startup Type: Microsoft active setup
DDS Line:

mASetup: {43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5} – c:\windows\system32\wivrs.exe

Combofix:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5}]
c:\windows\system32\wivrs.exe

Description: trojan

How to remove: use Windows registry editor (regedit) + Malwarebytes` Anti-malware

What is Total PC Defender.exe, How to remove Total PC Defender.exe

Sunday, December 27th, 2009

Total PC Defender.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Total PC Defender
Filename: Total PC Defender.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Total PC Defender

Command: C:\Program Files\Total PC Defender\Total PC Defender.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Total PC Defender] C:\Program Files\Total PC Defender\Total PC Defender.exe

DDS Line:

mRun: [Total PC Defender] C:\Program Files\Total PC Defender\Total PC Defender.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Total PC Defender”=C:\Program Files\Total PC Defender\Total PC Defender.exe [2009-12-27 1247744]

Description: core component of Total PC Defender. Total PC Defender is a rogue antispyware program.

How to remove: use these Total PC Defender removal instructions.

What is pp14.exe, How to remove pp14.exe

Saturday, December 26th, 2009

pp14.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: pp14
Filename: pp14.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | pp

Command: C:\Windows\pp14.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [pp] C:\Windows\pp14.exe

DDS Line:

mRun: [pp] C:\Windows\pp14.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“pp”=C:\Windows\pp14.exe

Description: component of Koobface worm

How to remove: use these Koobface removal instructions.

What is 193.104.110.38, How to remove 193.104.110.38

Saturday, December 26th, 2009

193.104.110.38 is a malicious DNS server

remove If your browser is hijacked or Google, Yahoo, MSN search results are redirected to non related sites, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 193.104.110.38
HijackThis Category: O17
HijackThis Line:

O17 – HKLM\System\CCS\Services\Tcpip\..\{1C45AC7D-FB10-4D86-9C82-ABC6221372F6}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254
O17 – HKLM\System\CS1\Services\Tcpip\..\{1C45AC7D-FB10-4D86-9C82-ABC6221372F6}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254

MalwareBytes` Anti-malware shows infection:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1C45AC7D-FB10-4D86-9C82-ABC6221372F6}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38

Description: 193.104.110.38 used as DNS server to redirect browser to non related sites

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is APCProtect.exe, How to remove APCProtect.exe

Thursday, December 24th, 2009

APCProtect.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: APCProtect
Filename: APCProtect.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | APCProtect.exe

Command: C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [APCProtect.exe] C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe

DDS Line:

uRun: [APCProtect.exe] C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“APCProtect.exe”=C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe [2009-12-25 1798144]

Description: core component of APCProtect. APCProtect is a rogue antispyware program.

How to remove: use these APCProtect removal instructions.