Archive for the 'O4' Category

What is freddy100.exe, How to remove freddy100.exe

Wednesday, February 10th, 2010

freddy100.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy100
Filename: freddy100.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy100.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy100.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy100.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy100.exe

Description: component of koobface worm

How to remove: use these koobface removal instructions.

Security Antivirus – SA[random].exe

Wednesday, February 10th, 2010

SA[random].exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SA[random]
Filename: SA[random].exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Security Antivirus

Command: C:\Documents and Settings\All Users\Application Data\[random]\SA[random].exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Security Antivirus] “C:\Documents and Settings\All Users\Application Data\27a1f\SAc9a.exe” /s /d

DDS Line:

uRun: [Security Antivirus] C:\Documents and Settings\All Users\Application Data\27a1f\SAc9a.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Security Antivirus”=C:\Documents and Settings\All Users\Application Data\27a1f\SAc9a.exe

Description: core component of Security Antivirus. Security Antivirus is a rogue antispyware program.

How to remove: use the Security Antivirus removal instructions.

What is ddexpshare.exe, How to remove ddexpshare.exe

Tuesday, February 9th, 2010

ddexpshare.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ddexpshare
Filename: ddexpshare.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ddexpshare.exe

Command: %UserProfile%\LOCALS~1\Temp\ddexpshare.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [ddexpshare.exe] C:\DOCUME~1\user\LOCALS~1\Temp\ddexpshare.exe

DDS Line:

uRun: [ddexpshare.exe] C:\DOCUME~1\user\LOCALS~1\Temp\ddexpshare.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ddexpshare.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\ddexpshare.exe [2010-02-09 786432]

Description: trojan FakeAler that uses to promote Paladin Antivirus. Paladin Antivirus is a rogue antispyware program.

How to remove: use these Paladin Antivirus removal instructions.

What is SecurePcAv.exe, How to remove SecurePcAv.exe

Tuesday, February 9th, 2010

SecurePcAv.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SecurePcAv
Filename: SecurePcAv.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SecurePcAv

Command: C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SecurePcAv] C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe -min

DDS Line:

uRun: [SecurePcAv] C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SecurePcAv”=C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe

Description: core component of SecurePcAv. SecurePcAv is a rogue antispyware program.

How to remove: use these SecurePcAv removal instructions.

What is advanceddefender.exe, How to remove advanceddefender.exe

Tuesday, February 9th, 2010

advanceddefender.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: advanceddefender
Filename: advanceddefender.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | advanceddefender

Command: C:\Program Files\Advanced Defender\advanceddefender.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [advanceddefender] C:\Program Files\Advanced Defender\advanceddefender.exe

DDS Line:

mRun: [advanceddefender] C:\Program Files\Advanced Defender\advanceddefender.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“advanceddefender”=C:\Program Files\Advanced Defender\advanceddefender.exe

Description: core component of Advanced Defender. Advanced Defender is a rogue antispyware program.

How to remove: use these Advanced Defender removal instructions.

What is pav.exe, How to remove pav.exe

Monday, February 8th, 2010

pav.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: pav
Filename: pav.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Paladin Antivirus

Command: C:\Program Files\Paladin Antivirus\pav.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Paladin Antivirus] “C:\Program Files\Paladin Antivirus\pav.exe” -noscan

DDS Line:

uRun: [Paladin Antivirus] “C:\Program Files\Paladin Antivirus\pav.exe” -noscan

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Paladin Antivirus”=C:\Program Files\Paladin Antivirus\pav.exe

Description: core component of Paladin Antivirus. Paladin Antivirus is a rogue antispyware program.

How to remove: use these Paladin Antivirus removal instructions.

What is freddy84.exe, How to remove freddy84.exe

Sunday, February 7th, 2010

freddy84.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy84
Filename: freddy84.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy84.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy84.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy84.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy84.exe

Description: part of koobface worm

How to remove: use these koobface removal instructions.

What is netuza32.exe, How to remove netuza32.exe

Sunday, February 7th, 2010

netuza32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: netuza32
Filename: netuza32.exe
Command: %UserProfile%\start menu\programs\startup\netuza32.exe
Startup Type: Startup Folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: netuza32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\netuza32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
netuza32.exe

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

What is SafePcAv.exe, How to remove SafePcAv.exe

Friday, February 5th, 2010

SafePcAv.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SafePcAv
Filename: SafePcAv.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SafePcAv

Command: C:\Program Files\SafePcAv Software\SafePcAv\SafePcAv.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SafePcAv] C:\Program Files\SafePcAv Software\SafePcAv\SafePcAv.exe -min

DDS Line:

uRun: [SafePcAv] C:\Program Files\SafePcAv Software\SafePcAv\SafePcAv.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SafePcAv”=C:\Program Files\SafePcAv Software\SafePcAv\SafePcAv.exe

Description: core part of SafePcAv. SafePcAv is a rogue antispyware program.

How to remove: use these SafePcAv removal instructions.

What is adgamma.exe, How to remove adgamma.exe

Wednesday, February 3rd, 2010

adgamma.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: adgamma
Filename: adgamma.exe
Registry key:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | Adobe Loader

Command: C:\Program Files\adgamma.exe
Startup Type: HKUS->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKUS\S-1-5-18\..\Run: [Adobe Loader] C:\Program Files\adgamma.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [Adobe Loader] C:\Program Files\adgamma.exe (User ‘Default user’)

Combofix/RSIT Line:

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“Adobe Loader”=”c:\program files\adgamma.exe” [2010-02-02 39936]

Description: trojan-downloader that installed with Your PC Protector. Your PC Protector is a rogue antispyware program.

How to remove: use these Your PC Protector removal instructions.