HT Logs. Tips, FAQs, Analyze.

My Security Engine is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: MS{random}
Filename: MS{random}.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | My Security Engine

Command: C:\Documents and Settings\All Users\Application Data\{random}\MS{random}.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [My Security Engine] “C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe” /s /d

DDS Line:

uRun: [My Security Engine] C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“My Security Engine”=C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe

Description: core component of My Security Engine. My Security Engine is a rogue antispyware program.

How to remove: use these My Security Engine removal instructions.

Antispyware-soft.com is a malicious website

The site was created to spread Antispyware Soft. If your browser is redirected to Antispyware-soft.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.5
Site addess: Antispyware-soft.com
Description: Antispyware-soft.com is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.

How to remove: use these Antispyware Soft removal instructions in order to remove this infection.

newupdate1142C.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: newupdate1142C
Filename: newupdate1142C.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | newupdate1142C.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | newupdate1142c .exe

Command:

C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe
c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe

Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [newupdate1142C.exe] C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe
O4 – HKCU\..\Run: [newupdate1142c .exe] c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe

DDS Line:

uRun: [newupdate1142C.exe] C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe
uRun: [newupdate1142c .exe] c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“newupdate1142C.exe”=C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe [2010-04-19 31232]
“newupdate1142c .exe”=c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe [2010-04-19 31232]

Description: a trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

geurge.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: geurge
Filename: geurge.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ewrgetuj

Command: %Temp%\geurge.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [ewrgetuj] C:\DOCUME~1\user\LOCALS~1\Temp\geurge.exe

DDS Line:

mRun: [ewrgetuj] C:\DOCUME~1\user\LOCALS~1\Temp\geurge.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“ewrgetuj”=C:\DOCUME~1\user\LOCALS~1\Temp\geurge.exe

Description: a trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

hspe.uvo is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: hspe
Filename: hspe.uvo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe, rundll32.exe hspe.uvo bnjpid
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe, rundll32.exe hspe.uvo bnjpid

Description: component of a trojan that also known as Backdoor.Bredolab [PCTools], Mal/EncPk-NS, Mal/FakeAV-BW, Mal/FakeAV-DF, Mal/FakeAV-BW [Sophos], packed with: PE_Patch.UPX [Kaspersky Lab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

defender-soft.com is a malicious website

The site was created to spread Antispyware Soft. If your browser is redirected to defender-soft.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.5
Site addess: defender-soft.com
Description: defender-soft.com is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.

How to remove: use these Antispyware Soft removal instructions in order to remove this infection.

software-defender.com is a malicious website

The site was created to spread Antispyware Soft. If your browser is redirected to software-defender.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 193.33.115.92
Site addess: software-defender.com
Description: software-defender.com is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.

How to remove: use these Antispyware Soft removal instructions in order to remove this infection.

app_dll.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: app_dll
Filename: C:\Windows\System32\app_dll.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS

Command: command
Startup Type: AppInit DLLs
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: app_dll.dll

DDS Line:

AppInit_DLLs: app_dll.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\app_dll.dll”

Description: a trojan that also known as Trojan.Win32.Vilsel.rqn [Kaspersky Lab], Mal/Generic-A [Sophos]

How to remove: use HijackThis + Malwarebytes` Anti-malware

awxm.vho is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: awxm
Filename: awxm.vho
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe awxm.vho rlvgf
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe awxm.vho rlvgf

Description: component of a trojan that also known as Backdoor.Bredolab [PCTools], Mal/EncPk-NS, Mal/FakeAV-BW, Mal/FakeAV-DF, Mal/FakeAV-BW [Sophos], packed with: PE_Patch.UPX [Kaspersky Lab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Av-firm.com is a malicious website

The site was created to spread Antispyware Soft. If your browser is redirected to Av-firm.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 193.33.115.88
Site addess: Av-firm.com
Description: Av-firm.com is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antispyware Soft.

How to remove: use these Antispyware Soft removal instructions in order to remove this infection.