HT Logs. Tips, FAQs, Analyze.

{RANDOM}shdw.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Filename: {RANDOM}shdw.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Command: %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
Startup Type: HKCU->Run, HKLM-> Run
HijackThis Category:
HijackThis Line:

O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe

DDS Line:

mRun: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
uRun: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“{RANDOM}”=%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“{RANDOM}”=%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe

Description: core component of Security Suite. Security Suite is a rogue antispyware program.

How to remove: use the Security Suite removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

Antivirstrong.com is a malicious website

The site was created to spread Security Suite. If your browser is redirected to antivirstrong.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.204
Site addess: antivirstrong.com
Description: antivirstrong.com is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Security Suite.

How to remove: use these antivirstrong removal instructions or the steps below in order to remove this infection.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

Antivirsword.com is a malicious website

The site was created to spread Antivir Solution Pro. If your browser is redirected to antivirsword.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.202
Site addess: antivirsword.com
Description: antivirsword.com is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivir Solution Pro.

How to remove: use these antivirsword removal instructions or the steps below in order to remove this infection.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

Wireshark Antivirus is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Startup Type: BHO, Service
HijackThis Category: O2, O23
HijackThis Line:

O2 – BHO: ADC PlugIn – {149256D5-E103-4523-BB43-2CFB066839D6} – C:\Program Files\adc_w32.dll
O23 – Service: Adobe Update Service (AdbUpd) – Unknown owner – C:\Program Files\svchost.exe

Description: rogue antispyware program

How to remove: use these Wireshark Antivirus removal instructions.

antispygeek.com is a malicious website

The site was created to spread Antivir Solution Pro. If your browser is redirected to antispygeek.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.202
Site addess: antispygeek.com
Description: antispygeek.com is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivir Solution Pro.

How to remove: use these antispygeek removal instructions or the steps below in order to remove this infection.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

My Security Shield is a malicious program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Filename: My Security Shield
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | My Security Shield

Command: C:\Documents and Settings\All Users\Application Data\{RANDOM}\MS{RANDOM}.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [My Security Shield] “C:\Documents and Settings\All Users\Application Data\a12c45\MS678.exe” /s /d

Description: rogue antispyware program

How to remove: use the My Security Shield removal guide

avt.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: avt
Filename: avt.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Antivirus

Command: C:\Program Files\AnVi\avt.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Antivirus] “C:\Program Files\AnVi\avt.exe”

DDS Line:

uRun: [Antivirus] C:\Program Files\AnVi\avt.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Antivirus”=C:\Program Files\AnVi\avt.exe

Description: core component of Antivirus (rogue antispyware)

How to remove: use the Antivirus removal instructions or the steps below.

1. Download fix.zip from here, unzip it. Double Click fix.reg and click YES for confirm.

2. Download TDSSKiller from here and unzip to your desktop. Open tdsskiller folder and right click to TDSSKiller, select Rename. Type something like 123myname and press Enter. Double click it and follow the prompts.

3. Download Malwarebytes Anti-malware. Install and perform a scan and let it remove what it found. Reboot afterwards (important).

antispyversion.com is a malicious website

The site was created to spread Antivir Solution Pro. If your browser is redirected to antispyversion.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.202
Site addess: antispyversion.com
Description: antispyversion.com is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivir Solution Pro.

How to remove: use these antispyversion.com hijacker removal instructions or the steps below in order to remove this infection.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

wmsdk64_32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: wmsdk64_32
Filename: wmsdk64_32.exe
Registry key:

HKEY_CLASSES_ROOT\exefile\shell\open\command | @=”\”C:\DOCUME~1\user\LOCALS~1\Temp\wmsdk64_32.EXE\” /START \”%1\” %*”

Command: %Temp%\wmsdk64_32.exe
Startup Type: File associations
Combofix/RSIT Line:

.exe – open – “C:\DOCUME~1\comp\LOCALS~1\Temp\wmsdk64_32.exe” /START “%1″ %*

Description: trojan FakeAlert that uses to install Antivirus (rogue antispyware)

How to remove: use the Antivirus removal guide or the steps below.

1. Download fix.zip from here, unzip it. Double Click fix.reg and click YES for confirm.

2. Download TDSSKiller from here and unzip to your desktop. Open tdsskiller folder and right click to TDSSKiller, select Rename. Type something like 123myname and press Enter. Double click it and follow the prompts.

3. Download Malwarebytes Anti-malware. Install and perform a scan and let it remove what it found. Reboot afterwards (important).

av-fox.com is a malicious website

The site was created to spread Antivir Solution Pro. If your browser is redirected to av-fox.com, then you should immediately check your PC using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.202
Site addess: av-fox.com
Description: av-fox.com is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivir Solution Pro.

How to remove: use these av-fox removal instructions or the steps below in order to remove this infection.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).