HT Logs. Tips, FAQs, Analyze.

WinSecurity360.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: WinSecurity360
Filename: WinSecurity360.exe
Command: C:\Program Files\WinSecurity360\WinSecurity360.exe
Startup Type: StartupFolder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: Win Security 360.lnk = C:\Program Files\WinSecurity360\WinSecurity360.exe

DDS Line:

StartupFolder: Win Security 360.lnk

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
Win Security 360.lnk

Description: core part of Win Security 360. Win Security 360 is a rogue antispyware program.

How to remove: use these Win Security 360 removal instructions.

winIogon.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winIogon
Filename: winIogon.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft System Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices | Microsoft System Service
HKEY_CURRENT_USER\Software\Microsoft\OLE | Microsoft System Service

Command: C:\Windows\System32\winIogon.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft System Service] winIogon.exe

DDS Line:

mRun: [Microsoft System Service] winIogon.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft System Service”=winIogon.exe

Description: trojan also known as W32/Virut.gen.a [McAfee], Backdoor:Win32/Poebot.gen [Microsoft], W32.IRCBot [Symantec], PE_VIRUT.AV [Trend Micro], W32.Virut.W [Symantec]

How to remove: use HijackThis + Kaspersky virus removal tool

freddy81.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy81
Filename: freddy81.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy81.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy81.exe

DDS Line:

Run: [sysfbtray] C:\windows\freddy81.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy81.exe

Description: component of koobface worm

How to remove: use these koobface removal instructions.

cls_pack.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: cls_pack
Filename: cls_pack.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cls_pack.exe

Command: %UserProfile%\temp\cls_pack.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cls_pack.exe] C:\DOCUME~1\user\LOCALS~1\Temp\cls_pack.exe

DDS Line:

uRun: [cls_pack.exe] c:\dokume~1\user\lokale~1\temp\cls_pack.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cls_pack.exe”=c:\dokume~1\user\lokale~1\temp\cls_pack.exe

Description: component of trojan FakeAlert

How to remove: use these cls_pack.exe removal instructions.

freddy80.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy80
Filename: freddy80.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy80.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy80.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy80.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy80.exe

Description: part of Koobface worm

How to remove: use these Koobface removal instructions.

rarype32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: rarype32
Filename: rarype32.exe
Command: %userProfile%\start menu\programs\startup\rarype32.exe
Startup Type: O4
HijackThis Category:
HijackThis Line:

O4 – Startup: rarype32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\rarype32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
rarype32.exe

Description: trojan also known as Mal/Bredo-A [Sophos]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

DefendAPc.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: DefendAPc
Filename: DefendAPc.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | DefendAPc

Command: C:\Program Files\DefendAPc Software\DefendAPc\DefendAPc.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [DefendAPc] C:\Program Files\DefendAPc Software\DefendAPc\DefendAPc.exe

DDS Line:

mRun: [DefendAPc] C:\Program Files\DefendAPc Software\DefendAPc\DefendAPc.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“DefendAPc”=C:\Program Files\DefendAPc Software\DefendAPc\DefendAPc.exe

Description: core component of DefendAPc. DefendAPc is a rogue antispyware program.

How to remove: use these DefendAPc removal instructions.

sshnas21.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sshnas21
Filename: sshnas21.dll
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | LosAlamos
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Canaveral
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSHNAS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSHNAS

Command: C:\Windows\System32\sshnas21.dll
Startup Type: Service
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,DllWork
O4 – HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\username\AppData\Local\Temp\sshnas21.dll,BackupReadW

Combofix/RSIT Line:

S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe

Description: this is a new version of sshnas.dll trojan (trojan FakeAlert)

How to remove: use these sshnas.dll removal instructions.

GhostAV.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: GhostAV
Filename: GhostAV.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Ghost Antivirus

Command: c:\program files\Ghost Antivirus\GhostAV.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Ghost Antivirus] “c:\program files\Ghost Antivirus\GhostAV.exe” /s

DDS Line:

uRun: [Ghost Antivirus] “c:\program files\ghost antivirus\GhostAV.exe” /s

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Ghost Antivirus”=c:\program files\Ghost Antivirus\GhostAV.exe [2010-01-10 1608192]

Description: core component of Ghost Antivirus. Ghost Antivirus is a rogue antispyware program.

How to remove: use these Ghost Antivirus removal instructions.

SysDefenders.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SysDefenders
Filename: SysDefenders.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SysDefenders

Command: C:\Program Files\SysDefenders Software\SysDefenders\SysDefenders.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [SysDefenders] C:\Program Files\SysDefenders Software\SysDefenders\SysDefenders.exe

DDS Line:

mRun: [SysDefenders] C:\Program Files\SysDefenders Software\SysDefenders\SysDefenders.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“SysDefenders”=C:\Program Files\SysDefenders Software\SysDefenders\SysDefenders.exe

Description: core part of SysDefenders. SysDefenders is a rogue antispyware program.

How to remove: use these SysDefenders removal instructions.