Archive for the 'F2' Category

What is desktoplayer.exe, How to remove desktoplayer.exe

Thursday, October 21st, 2010

desktoplayer.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: desktoplayer
Filename: desktoplayer.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon | Userinit

Command: c:\program files\microsoft\desktoplayer.exe
Startup Type: HKLM->Winlogon->Userinit
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe

DDS Line:

mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe

Combofix:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“Userinit”=”c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe”

Description: component of Win32.ramnit trojan

How to remove: use HijackThis + Kaspersky virus removal tool

What is ntload.exe, How to remove ntload.exe

Friday, August 27th, 2010

ntload.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ntload
Filename: ntload.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | rundll32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: %Windir%\system32\ntload.exe
Startup Type: Winlogon->Shell, HKLM->Run
HijackThis Category: F2, O4
HijackThis Line:

F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\ntload.exe
O4 – HKLM\..\Run: [rundll32] C:\WINDOWS\system32\ntload.exe

Description: component of Advanced Security Tool 2010 (rogue antispyware)

How to remove: use the Advanced Security Tool 2010 removal guide or or the steps below.

1. Download HijackThis from here and save it to your desktop. Most important, in the Save dialog, rename HijackThis.exe to iexplore.exe !!!
2. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\ntload.exe
O4 – HKLM\..\Run: [rundll32] C:\WINDOWS\system32\ntload.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.
3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is srnh.lto, How to remove srnh.lto

Wednesday, May 19th, 2010

srnh.lto is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: srnh
Filename: srnh.lto
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe srnh.lto iqfnr
CLSID: clsid
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe srnh.lto iqfnr

Description: component of Win32/Oficla trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is hspe.uvo, How to remove hspe.uvo

Wednesday, April 21st, 2010

hspe.uvo is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: hspe
Filename: hspe.uvo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe, rundll32.exe hspe.uvo bnjpid
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe, rundll32.exe hspe.uvo bnjpid

Description: component of a trojan that also known as Backdoor.Bredolab [PCTools], Mal/EncPk-NS, Mal/FakeAV-BW, Mal/FakeAV-DF, Mal/FakeAV-BW [Sophos], packed with: PE_Patch.UPX [Kaspersky Lab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is awxm.vho, How to remove awxm.vho

Monday, April 19th, 2010

awxm.vho is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: awxm
Filename: awxm.vho
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe awxm.vho rlvgf
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe awxm.vho rlvgf

Description: component of a trojan that also known as Backdoor.Bredolab [PCTools], Mal/EncPk-NS, Mal/FakeAV-BW, Mal/FakeAV-DF, Mal/FakeAV-BW [Sophos], packed with: PE_Patch.UPX [Kaspersky Lab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is ngts.vao, How to remove ngts.vao

Friday, April 16th, 2010

ngts.vao is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ngts
Filename: ngts.vao
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe ngts.vao uvibls
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe ngts.vao uvibls

Description: component of a trojan that also known as Backdoor.Bredolab [PCTools], Mal/EncPk-NS, Mal/FakeAV-BW, Mal/FakeAV-DF, Mal/FakeAV-BW [Sophos], packed with: PE_Patch.UPX [Kaspersky Lab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is rihd.pno, How to remove rihd.pno

Tuesday, April 13th, 2010

rihd.pno is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: rihd
Filename: rihd.pno
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe, rundll32.exe rihd.pno eaoydsi
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe, rundll32.exe rihd.pno eaoydsi

Description: component of Bredolab trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is lgou.rlo, How to remove lgou.rlo

Friday, April 2nd, 2010

lgou.rlo is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: lgou
Filename: lgou.rlo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe lgou.rlo nhemkk
Startup Type: Winlogon\Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe lgou.rlo nhemkk

Description: component of Bredolab trojan, also known as Trojan-Downloader.Win32.Agent.dkld [Kaspersky Lab], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is nnfj.tqo, How to remove nnfj.tqo

Tuesday, March 23rd, 2010

nnfj.tqo is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: nnfj
Filename: nnfj.tqo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe nnfj.tqo nhemkk
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe nnfj.tqo nhemkk

Description: trojan also known as Trojan.Win32.Sasfis.ajil [Kaspersky Lab], SpyAgent-br.dll [McAfee], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft], Win-Trojan/Xema.variant [AhnLab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is nynw.wmo, How to remove nynw.wmo

Thursday, March 4th, 2010

nynw.wmo is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: nynw
Filename: nynw.wmo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command:Explorer.exe rundll32.exe nynw.wmo mynleeq
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=”Explorer.exe rundll32.exe nynw.wmo mynleeq”

Description: trojan also known as Trojan.Sasfis [PCTools], Trojan.Sasfis [Symantec], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware