Archive for the 'O4' Category

« Previous Entries
Next Entries »

What is msdrv32.exe, How to remove msdrv32.exe

Saturday, January 23rd, 2010

msdrv32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: msdrv32
Filename: msdrv32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Driver Setup

Command: %WinDir%\msdrv32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Driver Setup] C:\Windows\msdrv32.exe
O4 – HKLM\..\policies\Explorer\Run: [Microsoft Driver Setup] C:\Windows\msdrv32.exe

DDS Line:

mRun: [Microsoft Driver Setup] C:\Windows\msdrv32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\Windows\msdrv32.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
“Microsoft Driver Setup”=C:\Windows\msdrv32.exe

Description: worm also known as Worm:Win32/Pushbot.gen [Microsoft], Backdoor.Win32.IRCBot.gen [Kaspersky Lab], Exploit-DcomRpc.gen [McAfee], Mal/Behav-134, Mal/IRCBot-B [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Policies\Explorer\Run, Run, Worm | No Comments »

What is APcSafe.exe, How to remove APcSafe.exe

Saturday, January 23rd, 2010

APcSafe.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: APcSafe
Filename: APcSafe.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | APcSafe

Command: C:\Program Files\APcSafe Software\APcSafe\APcSafe.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [APcSafe] C:\Program Files\APcSafe Software\APcSafe\APcSafe.exe -min

DDS Line:

mRun: [APcSafe] C:\Program Files\APcSafe Software\APcSafe\APcSafe.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“APcSafe”=C:\Program Files\APcSafe Software\APcSafe\APcSafe.exe

Description: core component of APcSafe. APcSafe is a rogue antispyware program.

How to remove: use these APcSafe removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is securitycenter.exe, How to remove securitycenter.exe

Saturday, January 23rd, 2010

securitycenter.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: securitycenter
Filename: securitycenter.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SecurityCenter

Command: C:\Program Files\Desktop Security 2010\securitycenter.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [SecurityCenter] C:\Program Files\Desktop Security 2010\securitycenter.exe

DDS Line:

mRun: [SecurityCenter] C:\Program Files\Desktop Security 2010\securitycenter.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“SecurityCenter”=C:\Program Files\Desktop Security 2010\securitycenter.exe

Description: component of Desktop Security 2010. Desktop Security 2010 is a rogue antispyware program.

How to remove: use these Desktop Security 2010 removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is Desktop Security 2010.exe, How to remove Desktop Security 2010.exe

Saturday, January 23rd, 2010

Desktop Security 2010.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Desktop Security 2010
Filename: Desktop Security 2010.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Desktop Security 2010

Command: C:\Program Files\Desktop Security 2010\Desktop Security 2010.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Desktop Security 2010] C:\Program Files\Desktop Security 2010\Desktop Security 2010.exe

DDS Line:

mRun: [Desktop Security 2010] C:\Program Files\Desktop Security 2010\Desktop Security 2010.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Desktop Security 2010″=C:\Program Files\Desktop Security 2010\Desktop Security 2010.exe

Description: core component of Desktop Security 2010. Desktop Security 2010 is a rogue antispyware program.

How to remove: use these Desktop Security 2010 removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is ProtectSoldier.exe, How to remove ProtectSoldier.exe

Friday, January 22nd, 2010

ProtectSoldier.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ProtectSoldier
Filename: ProtectSoldier.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ProtectSoldier

Command: C:\Program Files\ProtectSoldier Software\ProtectSoldier\ProtectSoldier.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [ProtectSoldier] C:\Program Files\ProtectSoldier Software\ProtectSoldier\ProtectSoldier.exe

DDS Line:

mRun: [ProtectSoldier] C:\Program Files\ProtectSoldier Software\ProtectSoldier\ProtectSoldier.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“ProtectSoldier”=C:\Program Files\ProtectSoldier Software\ProtectSoldier\ProtectSoldier.exe

Description: core part of ProtectSoldier. ProtectSoldier is a rogue antispyware program.

How to remove: use these ProtectSoldier removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is APcSecure.exe, How to remove APcSecure.exe

Friday, January 22nd, 2010

APcSecure.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: APcSecure
Filename: APcSecure.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | APcSecure

Command: C:\Program Files\APcSecure Software\APcSecure\APcSecure.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [APcSecure] C:\Program Files\APcSecure Software\APcSecure\APcSecure.exe

DDS Line:

mRun: [APcSecure] C:\Program Files\APcSecure Software\APcSecure\APcSecure.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“APcSecure”=C:\Program Files\APcSecure Software\APcSecure\APcSecure.exe

Description: core component of APcSecure. APcSecure is a rogue antispyware program that spreads through the use of trojans that come from fake online scanners and once installed, it detects false infections.

How to remove: use these APcSecure removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is wwwpos32.exe, How to remove wwwpos32.exe

Thursday, January 21st, 2010

wwwpos32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wwwpos32
Filename: wwwpos32.exe
Command: c:\documents and settings\user\start menu\programs\startup\wwwpos32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: wwwpos32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\wwwpos32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
wwwpos32.exe [2008-4-14 40448]

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Startup folder, Trojan | 1 Comment »

What is ProtectDefender.exe, How to remove ProtectDefender.exe

Thursday, January 21st, 2010

ProtectDefender.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ProtectDefender
Filename: ProtectDefender.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ProtectDefender

Command: C:\Program Files\ProtectDefender Software\ProtectDefender\ProtectDefender.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [ProtectDefender] C:\Program Files\ProtectDefender Software\ProtectDefender\ProtectDefender.exe

DDS Line:

mRun: [ProtectDefender] C:\Program Files\ProtectDefender Software\ProtectDefender\ProtectDefender.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“ProtectDefender”=C:\Program Files\ProtectDefender Software\ProtectDefender\ProtectDefender.exe

Description: core part of ProtectDefender. ProtectDefender is a rogue antispyware program.

How to remove: use these ProtectDefender removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is cliconfg64.exe, How to remove cliconfg64.exe

Wednesday, January 20th, 2010

cliconfg64.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: cliconfg64
Filename: cliconfg64.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cliconfg64.exe

Command: %UserProfile%\temp\cliconfg64.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cliconfg64.exe] C:\DOCUME~1\user\LOCALS~1\Temp\cliconfg64.exe

DDS Line:

uRun: [cliconfg64.exe] c:\dokume~1\user\lokale~1\temp\cliconfg64.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cliconfg64.exe”=c:\dokume~1\user\lokale~1\temp\cliconfg64.exe

Description: component of trojan FakeAlert.

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is ArmorDefender.exe, How to remove ArmorDefender .exe

Tuesday, January 19th, 2010

ArmorDefender.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ArmorDefender
Filename: ArmorDefender.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ArmorDefender

Command: C:\Program Files\ArmorDefender Software\ArmorDefender\ArmorDefender.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [ArmorDefender] C:\Program Files\ArmorDefender Software\ArmorDefender\ArmorDefender.exe

DDS Line:

mRun: [ArmorDefender] C:\Program Files\ArmorDefender Software\ArmorDefender\ArmorDefender.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“ArmorDefender”=C:\Program Files\ArmorDefender Software\ArmorDefender\ArmorDefender.exe

Description: core part of ArmorDefender. ArmorDefender is a rogue antispyware program.

How to remove: use these ArmorDefender removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

« Previous Entries
Next Entries »