Archive for the 'O4' Category

« Previous Entries
Next Entries »

What is GuardWWW.exe, How to remove GuardWWW.exe

Wednesday, February 3rd, 2010

GuardWWW.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: GuardWWW
Filename: GuardWWW.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | GuardWWW

Command: C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [GuardWWW] C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe -min

DDS Line:

uRun: [GuardWWW] C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“GuardWWW”=C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe

Description: core component of GuardWWW. GuardWWW is a rogue antispyware program.

How to remove: use these GuardWWW removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

Antivirus Soft – [random]sysguard.exe

Saturday, January 30th, 2010

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: [random]sysguard
Filename: [random]sysguard.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | [random]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | [random]

Command: %UserProfile%\Local Settings\Application Data\[random]\[random]sysguard.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
O4 – HKCU\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

DDS Line:

mRun: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
uRun: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“[random]“=C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“[random]“=C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

Description: core part of Antivirus Soft. Antivirus Soft is a rogue antispyware program.

How to remove: use these Antivirus Soft removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is extrac64_cab.exe, How to remove extrac64_cab.exe

Saturday, January 30th, 2010

extrac64_cab.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: extrac64_cab
Filename: extrac64_cab.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | extrac64_cab.exe

Command: %UserProfile%\temp\extrac64_cab.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [extrac64_cab.exe] C:\DOCUME~1\user\LOCALS~1\Temp\extrac64_cab.exe

DDS Line:

uRun: [extrac64_cab.exe] c:\dokume~1\user\lokale~1\temp\extrac64_cab.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“extrac64_cab.exe”=c:\dokume~1\user\lokale~1\temp\extrac64_cab.exe

Description: new variant of cls_pack.exe trojan. It also known as HeurEngine.MaliciousPacker [PCTools], Packed.Generic.277 [Symantec], Trojan-Downloader.Win32.FraudLoad.wxry [Kaspersky Lab], Mal/Generic-A [Sophos], Trojan-Downloader.Win32.FraudLoad [Ikarus]

How to remove: use these extrac64_cab.exe removal instructions.

Posted in O4, Run, Trojan | No Comments »

What is MyPcSecure.exe, How to remove MyPcSecure.exe

Saturday, January 30th, 2010

MyPcSecure.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: MyPcSecure
Filename: MyPcSecure.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | MyPcSecure

Command: C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [MyPcSecure] C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe -min

DDS Line:

uRun: [MyPcSecure] C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“MyPcSecure”=C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe

Description: core part of MyPcSecure. MyPcSecure is a rogue antispyware program.

How to remove: use these MyPcSecure removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

Antivir 2010 – Antivir.exe

Friday, January 29th, 2010

Antivir.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Antivir
Filename: Antivir.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AV

Command: C:\Program Files\AV\Antivir.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe

DDS Line:

uRun: [AV] C:\Program Files\AV\Antivir.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AV”=C:\Program Files\AV\Antivir.exe

Description: core component of Antivir 2010. Antivir 2010 is a rogue antispyware program.

How to remove: use these Antivir 2010 removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is freddy82.exe, How to remove freddy82.exe

Thursday, January 28th, 2010

freddy82.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy82
Filename: freddy82.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy82.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy82.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy82.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy82.exe

Description: component of koobface worm

How to remove: use these koobface removal instructions.

Posted in O4, Run, Worm | No Comments »

What is PcSecureNet.exe, How to remove PcSecureNet.exe

Thursday, January 28th, 2010

PcSecureNet.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: PcSecureNet
Filename: PcSecureNet.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | PcSecureNet

Command: C:\Program Files\PcSecureNet Software\PcSecureNet\PcSecureNet.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [PcSecureNet] C:\Program Files\PcSecureNet Software\PcSecureNet\PcSecureNet.exe -min

DDS Line:

uRun: [PcSecureNet] C:\Program Files\PcSecureNet Software\PcSecureNet\PcSecureNet.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“PcSecureNet”=C:\Program Files\PcSecureNet Software\PcSecureNet\PcSecureNet.exe

Description: core component of PcSecureNet. PcSecureNet is a rogue antispyware program.

How to remove: use these PcSecureNet removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is IAPro.exe, How to remove IAPro.exe

Wednesday, January 27th, 2010

IAPro.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: IAPro
Filename: IAPro.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Live Enterprise Suite

Command: C:\program files\Internet Antivirus Pro\IAPro.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Live Enterprise Suite] “C:\program files\Internet Antivirus Pro\IAPro.exe” /s

DDS Line:

uRun: [Live Enterprise Suite] “c:\program files\internet antivirus pro\IAPro.exe” /s

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Live Enterprise Suite”=C:\program files\Internet Antivirus Pro\IAPro.exe [2010-01-27 1623552]

Description: core component of Live Enterprise Suite. Live Enterprise Suite is a rogue antispyware program.

How to remove: use these Live Enterprise Suite removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is PcsSecure.exe, How to remove PcsSecure.exe

Monday, January 25th, 2010

PcsSecure.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: PcsSecure
Filename: PcsSecure.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PcsSecure

Command: C:\Program Files\PcsSecure Software\PcsSecure\PcsSecure.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [PcsSecure] C:\Program Files\PcsSecure Software\PcsSecure\PcsSecure.exe -min

DDS Line:

mRun: [PcsSecure] C:\Program Files\PcsSecure Software\PcsSecure\PcsSecure.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“PcsSecure”=C:\Program Files\PcsSecure Software\PcsSecure\PcsSecure.exe

Description: core component of PcsSecure. PcsSecure is a rogue antispyware program.

How to remove: use these PcsSecure removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is livemessenger.exe, How to remove livemessenger.exe

Saturday, January 23rd, 2010

livemessenger.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: livemessenger
Filename: livemessenger.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Microsoft Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | Microsoft Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx | Microsoft Update

Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Update] livemessenger.exe

DDS Line:

mRun: [Microsoft Update] livemessenger.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Update”=livemessenger.exe

Description: Backdoor.Win32.Rbot.bll [Kaspersky Lab], W32.IRCBot [Symantec], W32/Sdbot.worm.gen.t [McAfee]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, RunOnce, RunOnceEx, Worm | No Comments »

« Previous Entries
Next Entries »