Archive for the 'O23' Category

What is Wireshark Antivirus, How to remove Wireshark Antivirus

Friday, August 6th, 2010

Wireshark Antivirus is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Startup Type: BHO, Service
HijackThis Category: O2, O23
HijackThis Line:

O2 – BHO: ADC PlugIn – {149256D5-E103-4523-BB43-2CFB066839D6} – C:\Program Files\adc_w32.dll
O23 – Service: Adobe Update Service (AdbUpd) – Unknown owner – C:\Program Files\svchost.exe

Description: rogue antispyware program

How to remove: use these Wireshark Antivirus removal instructions.

What is winsts.sys, How to remove winsts.sys

Sunday, December 13th, 2009

winsts.sys is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winsts
Filename: winsts.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsts

Command: c:\windows\system32\winsts.sys
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: winsts (winsts) – – C:\WINDOWS\system32\winsts.sys

DDS/Combofix/RSIT Line:

S3 winsts;winsts;c:\windows\system32\winsts.sys

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool or ask for help in the Spyware removal forum.
How to remove: link

What is ansid.exe, How to remove ansid.exe

Sunday, December 13th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ansid
Filename: ansid.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvcRDSessMgr

Command: c:\windows\SYSTEM32\ansid.exe
Startup Type: Service
HijackThis Category:
HijackThis Line:

O23 – Service: NetMeeting Remote Desktop Sharing mnmsrvcRDSessMgr (mnmsrvcRDSessMgr) – – C:\WINDOWS\system32\ansid.exe srv

DDS/Combofix/RSIT Line:

R2 mnmsrvcRDSessMgr;NetMeeting Remote Desktop Sharing mnmsrvcRDSessMgr;c:\windows\SYSTEM32\ansid.exe srv

Description: virus also known as W32.Virut.CF [Symantec], Virus.Win32.Virut.ce [Kaspersky Lab], W32/Virut.n.gen [McAfee], W32/Scribble-B [Sophos], Virus:Win32/Virut.BM [Microsoft]

How to remove: use Kaspersky virus removal tool

What is svchust.exe, How to remove svchust.exe

Sunday, December 13th, 2009

svchust.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: svchust
Filename: svchust.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Net_Login

Command: c:\windows\svchust.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: Net_Login (Net_Login) – Sigma Designs In – C:\WINDOWS\svchust.exe

DDS/Combofix/RSIT Line:

R2 Net_Login;Net_Login;c:\windows\svchust.exe

Description: trojan also known as W32.Pinfi [Symantec], Virus.Win32.Parite.b [Kaspersky Lab], W32/Pate.b [McAfee], PE_PARITE.A [Trend Micro], W32/Parite-B [Sophos], Virus:Win32/Parite.B [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is FastNetSrv.exe, How to remove FastNetSrv.exe

Monday, October 26th, 2009

FastNetSrv.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: FastNetSrv
Filename: FastNetSrv.exe
Command: c:\windows\SYSTEM32\FastNetSrv.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: fastnetsrv Service (fastnetsrv) – Sigma Designs In – C:\WINDOWS\system32\FastNetSrv.exe

Combofix/RSIT Line:

R2 fastnetsrv;fastnetsrv Service;c:\windows\SYSTEM32\FastNetSrv.exe [8/4/2004 6:00 AM 93696]

Description: trojan agent

How to remove: use Malwarebytes` Anti-malware or use SUPERAntiSpyware

QuickHealCleanerSvc.exe is component of QuickHealCleaner

Saturday, September 5th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: QuickHealCleanerSvc
Filename: QuickHealCleanerSvc.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\quickhealcleanersvc

Command: C:\Program Files\QuickHealCleaner Software\QuickHealCleaner\QuickHealCleanerSvc.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: QuickHealCleaner Security Service (QuickHealCleanerSvc) – Unknown owner – C:\Program Files\QuickHealCleaner Software\QuickHealCleaner\QuickHealCleanerSvc.exe

Description: component of QuickHealCleaner (rogue antispyware software)

How to remove: use these QuickHealCleanerSvc.exe removal instructions.

SystemCopSvc.exe is a component of SystemCop

Wednesday, September 2nd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SystemCopSvc
Filename: SystemCopSvc.exe
Registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SystemCopSvc

Command: C:\Program Files\SystemCop Software\SystemCop\SystemCopSvc.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: SystemCop Security Service (SystemCopSvc) – Unknown owner – C:\Program Files\SystemCop Software\SystemCop\SystemCopSvc.exe

Description: component of SystemCop (rogue antispyware program)

How to remove: use these SystemCop removal instructions.

svchasts.exe is a component of Windows Police Pro

Monday, August 31st, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: svchasts
Filename: svchasts.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antippro2009_100

Command: C:\WINDOWS\svchasts.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: AntipPro2009_100 (AntipyProex) – Unknown owner – C:\WINDOWS\svchasts.exe

Combofix/RSIT Line:

R2 AntipPro2009_100;AntipyProex; C:\WINDOWS\svchasts.exe [2009-08-31 163840]

Description: component of Windows Police Pro (rogue antispyware program)

How to remove: use these Windows Police Pro removal instructions.

BlockDefenseSvc.exe is component of BlockDefense

Friday, August 28th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: BlockDefenseSvc
Filename: BlockDefenseSvc.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blockdefensesvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\blockdefensesvc

Command: C:\Program Files\BlockDefense Software\BlockDefense\BlockDefenseSvc.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: BlockDefense Security Service (BlockDefenseSvc) – Unknown owner – C:\Program Files\BlockDefense Software\BlockDefense\BlockDefenseSvc.exe

Description: component of BlockDefense (rogue antispyware program)

How to remove: use these BlockDefense removal instructions.

SaveDefenseSvc.exe is component of SaveDefense

Thursday, August 27th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SaveDefenseSvc
Filename: SaveDefenseSvc.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SaveDefenseSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SaveDefenseSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SaveDefenseSvc

Command: C:\Program Files\SaveDefense Software\SaveDefense\SaveDefenseSvc.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: SaveDefense Security Service (SaveDefenseSvc) – Unknown owner – C:\Program Files\SaveDefense Software\SaveDefense\SaveDefenseSvc.exe

Description: component of SaveDefense (rogue antispyware program)

How to remove: use these SaveDefense removal instructions.