Archive for the 'O4' Category

What is sysmon64x.exe, How to remove sysmon64x.exe

Wednesday, April 28th, 2010

sysmon64x.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sysmon64x
Filename: sysmon64x.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | sysmon64x.exe

Command: %Temp%\sysmon64x.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [sysmon64x.exe] C:\DOCUME~1\user\LOCALS~1\Temp\sysmon64x.exe

DDS Line:

uRun: [sysmon64x.exe] C:\DOCUME~1\user\LOCALS~1\Temp\sysmon64x.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“sysmon64x.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\sysmon64x.exe

Description: trojan FakeAlert that installed with Digital Protection. Digital Protection is a rogue antispyware program.

How to remove: use these Digital Protection removal instructions.

What is monxga32.exe, How to remove monxga32.exe

Saturday, April 24th, 2010

monxga32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: monxga32
Filename: monxga32.exe
Command: %UserProfile%\start menu\programs\startup\monxga32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: monxga32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\monxga32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
monxga32.exe

Description: a trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is forcedos64.exe, How to remove forcedos64.exe

Friday, April 23rd, 2010

forcedos64.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: forcedos64
Filename: forcedos64.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | forcedos64.exe

Command: %Temp%\forcedos64.exe
Startup Type: HKCU_>Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [forcedos64.exe] C:\DOCUME~1\Gemma\LOCALS~1\Temp\forcedos64.exe

DDS Line:

uRun: [forcedos64.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\forcedos64.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“forcedos64.exe”=C:\DOCUME~1\comp\LOCALS~1\Temp\forcedos64.exe

Description: trojan FakeAlert that installed with Digital Protection. Digital Protection is a rogue antispyware program.

How to remove: use these Digital Protection removal instructions.

My Security Engine – MS515.exe – Removal info

Friday, April 23rd, 2010

My Security Engine is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: MS{random}
Filename: MS{random}.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | My Security Engine

Command: C:\Documents and Settings\All Users\Application Data\{random}\MS{random}.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [My Security Engine] “C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe” /s /d

DDS Line:

uRun: [My Security Engine] C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“My Security Engine”=C:\Documents and Settings\All Users\Application Data\9be96\MS515.exe

Description: core component of My Security Engine. My Security Engine is a rogue antispyware program.

How to remove: use these My Security Engine removal instructions.

What is newupdate1142C.exe, How to remove newupdate1142C.exe

Wednesday, April 21st, 2010

newupdate1142C.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: newupdate1142C
Filename: newupdate1142C.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | newupdate1142C.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | newupdate1142c .exe

Command:

C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe
c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe

Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [newupdate1142C.exe] C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe
O4 – HKCU\..\Run: [newupdate1142c .exe] c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe

DDS Line:

uRun: [newupdate1142C.exe] C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe
uRun: [newupdate1142c .exe] c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“newupdate1142C.exe”=C:\Documents and Settings\user\Application Data\961E5EF4A7D6693D789C1E7488D08864\newupdate1142C.exe [2010-04-19 31232]
“newupdate1142c .exe”=c:\documents and settings\user\application data\961e5ef4a7d6693d789c1e7488d08864\newupdate1142c .exe [2010-04-19 31232]

Description: a trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is geurge.exe, How to remove geurge.exe

Wednesday, April 21st, 2010

geurge.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: geurge
Filename: geurge.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ewrgetuj

Command: %Temp%\geurge.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [ewrgetuj] C:\DOCUME~1\user\LOCALS~1\Temp\geurge.exe

DDS Line:

mRun: [ewrgetuj] C:\DOCUME~1\user\LOCALS~1\Temp\geurge.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“ewrgetuj”=C:\DOCUME~1\user\LOCALS~1\Temp\geurge.exe

Description: a trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is bill107.exe, How to remove bill107.exe

Friday, April 16th, 2010

bill107.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: bill107
Filename: bill107.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\bill107.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\bill107.exe

DDS Line:

mRun: [sysfbtray] C:\windows\bill107.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\bill107.exe

Description: new variant of koobface worm

How to remove: use these koobface removal instructions.

What is digprot.exe, How to remove digprot.exe

Sunday, April 11th, 2010

digprot.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: digprot
Filename: digprot.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Digital Protection

Command: C:\Program Files\Digital Protection\digprot.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Digital Protection] “C:\Program Files\Digital Protection\digprot.exe” -noscan

DDS Line:

uRun: [Digital Protection] C:\Program Files\Digital Protection\digprot.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Digital Protection”=C:\Program Files\Digital Protection\digprot.exe

Description: core component of Digital Protection. Digital Protection is a rogue antispyware program.

How to remove: use these Digital Protection removal instructions.

What is davclnt.exe, How to remove davclnt.exe

Sunday, April 11th, 2010

davclnt.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: davclnt
Filename: davclnt.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | davclnt.exe

Command: %Temp%\davclnt.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [davclnt.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\davclnt.exe

DDS Line:

uRun: [davclnt.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\davclnt.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“davclnt.exe”=C:\DOCUME~1\comp\LOCALS~1\Temp\davclnt.exe

Description: trojanFakeAlert that installed with Digital Protection. Digital Protection is a rogue antispyware program.

How to remove: use these Digital Protection removal instructions.

Antivirus Suite – {random}tssd.exe

Saturday, April 10th, 2010

Antivirus Suite is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Antivirus Suite
Filename: {random}tssd.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | {random}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {random}

Command: %AppData%\{random}\{random}tssd.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [{random}] C:\Documents and Settings\user\Local Settings\Application Data\{random}\{random}tssd.exe
O4 – HKCU\..\Run: [{random}] C:\Documents and Settings\user\Local Settings\Application Data\{random}\{random}tssd.exe

DDS Line:

mRun: [valuename] file
uRun: [valuename] file

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“{random}”=C:\Documents and Settings\user\Local Settings\Application Data\{random}\{random}tssd.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“{random}”=C:\Documents and Settings\user\Local Settings\Application Data\{random}\{random}tssd.exe

Description: {random}tssd.exe is a core component of Antivirus Suite. Antivirus Suite is a rogue antispyware program.

How to remove: use these Antivirus Suite removal instructions.