Archive for the 'O21' Category

What is overlapp32.dll, How to remove overlapp32.dll

Friday, March 5th, 2010

overlapp32.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: overlapp32
Filename: overlapp32.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck

Command: %Windir%\System32\overlapp32.dll
CLSID: {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: WebCheck – {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C} – overlapp32.dll

DDS Line:

SSODL: WebCheck – {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C} – overlapp32.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck – {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C} – overlapp32.dll

Description: trojan also known as Trojan-PSW.Generic [PCTools], Infostealer [Symantec], Downloader-BZS [McAfee], Trojan.KeyLogger.4260 [DrWEB], Win32:Malware-gen [AVAST]

How to remove: use HijackThis +Kaspersky virus removal tool

What is inetprovider.dll, How to remove inetprovider.dll

Wednesday, December 2nd, 2009

inetprovider.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: inetprovider
Filename: inetprovider.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | InternetProvider

Command: C:\Documents and Settings\All Users\Microsoft PData\inetprovider.dll
CLSID: {76377D16-FC8D-4505-B8E1-237EA19C401A}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: InternetProvider – {76377D16-FC8D-4505-B8E1-237EA19C401A} – C:\Documents and Settings\All Users\Microsoft PData\inetprovider.dll

DDS Line:

SSODL: InternetProvider – {76377D16-FC8D-4505-B8E1-237EA19C401A} – C:\Documents and Settings\All Users\Microsoft PData\inetprovider.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
InternetProvider – {76377D16-FC8D-4505-B8E1-237EA19C401A} – C:\Documents and Settings\All Users\Microsoft PData\inetprovider.dll

Description: trojan that installed with Personal Protector. Personal Protector is a rogue antispyware program.

How to remove: use HijackThis + these Personal Protector removal instructions.

What is swupdate.dll, How to remove swupdate.dll

Wednesday, December 2nd, 2009

swupdate.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: swupdate
Filename: swupdate.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | SwUpdate

Command: C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
CLSID: {009541A0-3B00-1F1C-00F3-040224001C01}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: SwUpdate – {009541A0-3B00-1F1C-00F3-040224001C01} – C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll

DDS Line:

SSODL: SwUpdate – {009541A0-3B00-1F1C-00F3-040224001C01} – C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll

RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SwUpdate – {009541A0-3B00-1F1C-00F3-040224001C01} – C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll

Description: trojan AdClick

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is sysnet.dll, How to remove sysnet.dll

Wednesday, November 4th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sysnet
Filename: sysnet.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | SysNet

Command: C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll
CLSID: {13E9115E-2CB0-4CAB-91D0-507E9368ED1B}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: SysNet – {13E9115E-2CB0-4CAB-91D0-507E9368ED1B} – C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll

RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SysNet – {13E9115E-2CB0-4CAB-91D0-507E9368ED1B} – C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll

Description: trojan agent that installed with a rogue antispyware program

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is mstmdm.dll, How to remove mstmdm.dll

Monday, October 26th, 2009

mstmdm.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mstmdm
Filename: mstmdm.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | UpdateCheck

Command: C:\WINDOWS\system32\mstmdm.dll
CLSID: {3D232827-DCDB-455D-9B12-8F8C7DE41935}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: UpdateCheck – {3D232827-DCDB-455D-9B12-8F8C7DE41935} – C:\WINDOWS\system32\mstmdm.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UpdateCheck – {3D232827-DCDB-455D-9B12-8F8C7DE41935} – C:\WINDOWS\system32\mstmdm.dll

Description: a trojans also known as Trojan.Win32.Agent.bve

How to remove: use Kaspersky virus removal tool

gitabiga.dll is trojan Vundo

Sunday, September 20th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: gitabiga
Filename: gitabiga.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | derijidob
hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler | {e826441e-0920-4e05-9b2c-84189ccd7cba}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | gefiraled

Command: c:\windows\system32\gitabiga.dll
CLSID: {e826441e-0920-4e05-9b2c-84189ccd7cba}
Startup Type: HKLM->Run, SharedTaskScheduler, ShellServiceObjectDelayLoad
HijackThis Category: O4, O21, O22
Combofix/RSIT Line:

2009-09-19 01:46 . 2009-06-19 01:46 88576 –sha-w- c:\windows\system32\gitabiga.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“derijidob”=”c:\windows\system32\gitabiga.dll” [2009-09-19 88576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
“{e826441e-0920-4e05-9b2c-84189ccd7cba}”= “c:\windows\system32\gitabiga.dll” [2009-09-19 88576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“gefiraled”= {e826441e-0920-4e05-9b2c-84189ccd7cba} – c:\windows\system32\gitabiga.dll [2009-09-19 88576]

Description: trojan Vundo

How to remove: use Malwarebytes` Anti-malware

eewhptdpyl.dll is a component of System Guard 2009

Thursday, April 16th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: eewhptdpyl
Filename: eewhptdpyl.dll
Registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
| InternetConnection

Command: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\eewhptdpyl.dll
CLSID: {AB6DAA8C-F726-4FDD-8B06-9537C5878612}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: InternetConnection – {AB6DAA8C-F726-4FDD-8B06-9537C5878612} – C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\eewhptdpyl.dll

Description: component of System Guard 2009

How to remove: use these instructions How to remove System Guard 2009 (Delete instructions).

bwpbwvxxvw.dll is a trojan, component of rogue antispyware

Tuesday, March 31st, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: bwpbwvxxvw
Filename: bwpbwvxxvw.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | InternetConnection

Command: C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\bwpbwvxxvw.dll
CLSID: {D14F8945-CF96-4231-9FA7-4BC630D80D85}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: InternetConnection – {D14F8945-CF96-4231-9FA7-4BC630D80D85} – C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\bwpbwvxxvw.dll

Description: trojan, component of rogue antispyware

How to remove: Use HijackThis + Use Malwarebytes Antimalware

ieModule.dll is a trojan, component of rogue antispyware

Tuesday, March 31st, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ieModule
Filename: ieModule.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | ieModule

Command: C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
CLSID:

{92CA440D-C81C-4B72-89D0-D2B464E5678B}
{77C96E10-FDA7-4AA7-B318-0631C0D27DBB}

Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: ieModule – {92CA440D-C81C-4B72-89D0-D2B464E5678B} – C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll

Description: trojan, component of a few rogue antispyware programs

How to remove: Use HijackThis + Use Malwarebytes Antimalware

vitamine.dll is a trojan

Monday, March 30th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: vitamine
Filename: vitamine.dll
Command: c:\windows\system32\vitamine.dll
CLSID: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
Startup Type: HKLM->Run, AppInit DLL, SSODL, SharedTaskScheduler
HijackThis Category: O4, O20, O21, O22
HijackThis Line:

O4 – HKLM\..\Run: [CPMfbaed640] Rundll32.exe “c:\windows\system32\vitamine.dll”,a
O20 – AppInit_DLLs: c:\windows\system32\vitamine.dll
O21 – SSODL: SSODL – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\vitamine.dll
O22 – SharedTaskScheduler: STS – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\vitamine.dll

Description: trojan (Vundo)

How to remove: Use HijackThis + Use Malwarebytes Antimalware