HT Logs. Tips, FAQs, Analyze.

QZAIB7KITK is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: {random}
Filename: {random}.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | QZAIB7KITK

Command: %Temp%\{random}.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [QZAIB7KITK] C:\DOCUME~1\user\LOCALS~1\Temp\Qfn.exe

DDS Line:

uRun: [QZAIB7KITK] C:\DOCUME~1\user\LOCALS~1\Temp\Qfn.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“QZAIB7KITK”=C:\DOCUME~1\user\LOCALS~1\Temp\Qfn.exe

Description: a trojan that also known as Mal/FakeAV-CX [Sophos], TrojanDownloader:Win32/Renos.KF [Microsoft], Trojan-Downloader.Win32.Renos [Ikarus], Win-Trojan/Fakeav.164352.AL [AhnLab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

antivrsystem.com is a malicious website

The site was created to spread Antispyware Soft. If your browser is redirected to antivrsystem.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.155
Site addess: antivrsystem.com
Description: antivrsystem.com is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.

How to remove: use these Antispyware Soft removal instructions in order to remove this infection.

Antivirusexpertsoft.com is a malicious website

The site was created to spread Antispyware Soft. If your browser is redirected to Antivirusexpertsoft.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.8
Site addess: Antivirusexpertsoft.com
Description: Antivirusexpertsoft.com is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.

How to remove: use these Antispyware Soft removal instructions in order to remove this infection.

sysmon64x.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sysmon64x
Filename: sysmon64x.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | sysmon64x.exe

Command: %Temp%\sysmon64x.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [sysmon64x.exe] C:\DOCUME~1\user\LOCALS~1\Temp\sysmon64x.exe

DDS Line:

uRun: [sysmon64x.exe] C:\DOCUME~1\user\LOCALS~1\Temp\sysmon64x.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“sysmon64x.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\sysmon64x.exe

Description: trojan FakeAlert that installed with Digital Protection. Digital Protection is a rogue antispyware program.

How to remove: use these Digital Protection removal instructions.

antispyware-system.com is a malicious website

The site was created to spread Antispyware Soft. If your browser is redirected to antispyware-system.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.155
Site addess: antispyware-system.com
Description: antispyware-system.com is not related with legitimate company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.

How to remove: use these Antispyware Soft removal instructions in order to remove this infection.

Antiviralpha.net is a malicious website

The site was created to spread Antispyware Soft. If your browser is redirected to Antiviralpha.net, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 193.33.115.92
Site addess: Antiviralpha.net
Description: Antiviralpha.net is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.

How to remove: use these Antispyware Soft removal instructions in order to remove this infection.

monxga32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: monxga32
Filename: monxga32.exe
Command: %UserProfile%\start menu\programs\startup\monxga32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: monxga32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\monxga32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
monxga32.exe

Description: a trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

forcedos64.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: forcedos64
Filename: forcedos64.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | forcedos64.exe

Command: %Temp%\forcedos64.exe
Startup Type: HKCU_>Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [forcedos64.exe] C:\DOCUME~1\Gemma\LOCALS~1\Temp\forcedos64.exe

DDS Line:

uRun: [forcedos64.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\forcedos64.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“forcedos64.exe”=C:\DOCUME~1\comp\LOCALS~1\Temp\forcedos64.exe

Description: trojan FakeAlert that installed with Digital Protection. Digital Protection is a rogue antispyware program.

How to remove: use these Digital Protection removal instructions.

avexpertsoft.com is a malicious website

The site was created to spread Antispyware Soft. If your browser is redirected to avexpertsoft.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.8
Site addess: avexpertsoft.com
Description: avexpertsoft.com is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called THREATNAME.

How to remove: use these Antispyware Soft removal instructions in order to remove this infection.

DefenderSoftPremium.net is a malicious website

The site was created to spread Antispyware Soft. If your browser is redirected to DefenderSoftPremium.net, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 193.33.115.92
Site addess: DefenderSoftPremium.net
Description: DefenderSoftPremium.net is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.

How to remove: use these Antispyware Soft removal instructions in order to remove this infection.