Archive for March, 2010

What is Syspck32.exe, How to remove Syspck32.exe

Tuesday, March 23rd, 2010

Syspck32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Syspck32
Filename: Syspck32.exe
Command: %UserProfile%\start menu\programs\startup\Syspck32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: syspck32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\syspck32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
syspck32.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is info-defender.com, How to remove info-defender.com

Tuesday, March 23rd, 2010

info-defender.com is a malicious website

remove The site was created to spread Antivirus Soft. If your browser is redirected to info-defender.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.5
Site addess: info-defender.com
Description: info-defender.com is not related with Microsoft company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

What is virus-cleaner.net, How to remove virus-cleaner.net

Tuesday, March 23rd, 2010

virus-cleaner.net is a malicious website

remove The site was created to spread Antivirus Soft. If your browser is redirected to virus-cleaner.net, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.5
Site addess: virus-cleaner.net
Description: virus-cleaner.net is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

What is diskperfxp.exe, How to remove diskperfxp.exe

Sunday, March 21st, 2010

diskperfxp.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: diskperfxp
Filename: diskperfxp.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | diskperfxp.exe

Command: %UserProfile%\LOCALS~1\Temp\diskperfxp.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [diskperfxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\diskperfxp.exe

DDS Line:

uRun: [diskperfxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\diskperfxp.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“diskperfxp.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\diskperfxp.exe

Description: trojan fakeAlert that displays a lot fake security alerts and downloads and installs User Protection onto your computer. User Protection is a rogue antispyware program.

How to remove: use these User Protection removal instructions.

What is zipdkg32.exe, How to remove zipdkg32.exe

Sunday, March 21st, 2010

zipdkg32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: zipdkg32
Filename: zipdkg32.exe
Command: c:\documents and settings\user\start menu\programs\startup\zipdkg32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: zipdkg32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\zipdkg32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
zipdkg32.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is WEK9EMDHI9, How to remove WEK9EMDHI9

Saturday, March 20th, 2010

WEK9EMDHI9 is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: WEK9EMDHI9
Filename: [ranndom].exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WEK9EMDHI9

Command: C:\WINDOWS\Bhihuc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [WEK9EMDHI9] C:\WINDOWS\Bhihuc.exe

DDS Line:

uRun: [WEK9EMDHI9] C:\WINDOWS\Bhihuc.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“WEK9EMDHI9″=C:\WINDOWS\Bhihuc.exe [2010-03-15 40448]

Description: trojan FakeAlert

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is usrprot.exe, How to remove usrprot.exe

Friday, March 19th, 2010

usrprot.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: usrprot
Filename: usrprot.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | User Protection

Command: C:\Program Files\User Protection\usrprot.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [User Protection] “C:\Program Files\User Protection\usrprot.exe” -noscan

DDS Line:

uRun: [User Protection] C:\Program Files\User Protection\usrprot.exe

Combofix/RSIT Line:

<[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "User Protection"=C:\Program Files\User Protection\usrprot.exe

Description: core component of User Protection. User Protection is a rogue antispyware program.

How to remove: use these User Protection removal instructions.

What is msnfo32.exe, How to remove msnfo32.exe

Wednesday, March 17th, 2010

msnfo32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: msnfo32
Filename: msnfo32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | msnfo32

Command: %WinDir%\system32\msnfo32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [msnfo32] C:\WINDOWS\system32\msnfo32.exe

DDS Line:

mRun: [msnfo32] C:\WINDOWS\system32\msnfo32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“msnfo32″=C:\WINDOWS\system32\msnfo32.exe

Description: trojan also known as trojan agent

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is bill104.exe, How to remove bill104.exe

Wednesday, March 17th, 2010

bill104.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: bill104
Filename: bill104.exe
Registry key:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: %Windir%\bill104.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\bill104.exe

DDS Line:

mRun: [sysfbtray] C:\windows\bill104.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\bill104.exe

Description: new variant of koobface worm

How to remove: use these koobface removal instructions.

What is eventtriggersxp.exe, How to remove eventtriggersxp.exe

Wednesday, March 17th, 2010

eventtriggersxp.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: eventtriggersxp
Filename: eventtriggersxp.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | eventtriggersxp.exe

Command: %Temp%\eventtriggersxp.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [eventtriggersxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\eventtriggersxp.exe

DDS Line:

uRun: [eventtriggersxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\eventtriggersxp.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“eventtriggersxp.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\eventtriggersxp.exe

Description: trojan fakeAlert that once started will display a lot of fake security alerts and will suggest to download and install Dr. Guard. Dr. Guard is a rogue antispyware program.

How to remove: use these Dr. Guard removal instructions in order to remove Dr. Guard and the eventtriggersxp.exe trojan fakealert.