Archive for the 'O4' Category

« Previous Entries
Next Entries »

What is clspackxq.exe, How to remove clspackxq.exe

Saturday, December 19th, 2009

clspackxq.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: clspackxq
Filename: clspackxq.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | clspackxq.exe

Command: %Temp%\clspackxq.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [clspackxq.exe] c:\docume~1\user\locals~1\temp\clspackxq.exe

DDS Line:

uRun: [clspackxq.exe] c:\docume~1\user\locals~1\temp\clspackxq.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“clspackxq.exe”=c:\docume~1\user\locals~1\temp\clspackxq.exe

Description: trojan FakeAlert

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

What is SysDefence.exe, How to remove SysDefence.exe

Thursday, December 17th, 2009

SysDefence.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SysDefence
Filename: SysDefence.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SysDefence.exe

Command: C:\Program Files\SysDefence Software\SysDefence\SysDefence.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SysDefence.exe] C:\Program Files\SysDefence Software\SysDefence\SysDefence.exe

DDS Line:

uRun: [SysDefence.exe] C:\Program Files\SysDefence Software\SysDefence\SysDefence.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SysDefence.exe”=C:\Program Files\SysDefence Software\SysDefence\SysDefence.exe [2009-12-17 1638912]

Description: core component of SysDefence. SysDefence is positioned as an anti-spyware software, but in reality it is a malicious program, which must be removed immediately after getting on the computer!

How to remove: use these SysDefence removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is TheDefend.exe, How to remove TheDefend.exe

Wednesday, December 16th, 2009

TheDefend.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: TheDefend
Filename: TheDefend.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TheDefend.exe

Command: C:\Program Files\TheDefend Software\TheDefend\TheDefend.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [TheDefend.exe] C:\Program Files\TheDefend Software\TheDefend\TheDefend.exe

DDS Line:

uRun: [TheDefend.exe] C:\Program Files\TheDefend Software\TheDefend\TheDefend.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“TheDefend.exe”=C:\Program Files\TheDefend Software\TheDefend\TheDefend.exe [2009-12-17 1638912]

Description: core component of TheDefend. TheDefend is positioned as a program to remove malware, but in reality it is a malicious program, which must be removed immediately after getting on the computer!

How to remove: use these TheDefend removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is GuardPcs.exe, How to remove GuardPcs.exe

Tuesday, December 15th, 2009

GuardPcs.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: GuardPcs
Filename: GuardPcs.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | GuardPcs.exe

Command: C:\Program Files\GuardPcs Software\GuardPcs\GuardPcs.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [GuardPcs.exe] C:\Program Files\GuardPcs Software\GuardPcs\GuardPcs.exe

DDS Line:

uRun: [GuardPcs.exe] C:\Program Files\GuardPcs Software\GuardPcs\GuardPcs.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“GuardPcs.exe”=C:\Program Files\GuardPcs Software\GuardPcs\GuardPcs.exe [2009-12-15 1638912]

Description: core component of GuardPcs. GuardPcs is a rogue antispyware program.

How to remove: use these GuardPcs removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is Freddy77.exe, How to remove Freddy77.exe

Monday, December 14th, 2009

Freddy77.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Freddy77
Filename: Freddy77.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy77.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy77.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy77.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy77.exe

Description: part of Koobface worm

How to remove: use these Koobface removal instructions.

Posted in O4, Run, Worm | No Comments »

What is services.exe, How to remove services.exe

Sunday, December 13th, 2009

services.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: services
Filename: services.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | exec

Command: %FontsDir%\services.exe
Startup Type:
HijackThis Category:
HijackThis Line:

HKLM\..\Run: [exec] %FontsDir%\services.exe

DDS Line:

mRun: [exec] %FontsDir%\services.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“exec”=%FontsDir%\services.exe

Description: trojan, also known as Trojan Horse [Symantec], Trojan-Spy.Win32.VB.bzc [Kaspersky Lab], Adclicker-GV [McAfee], Troj/VB-EHN [Sophos], Trojan:Win32/Puzlice.A [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in O4, Run, Trojan | No Comments »

What is notepad.dll, How to remove notepad.dll

Sunday, December 13th, 2009

notepad.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: notepad
Filename: notepad.dll
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | notepad

Command: c:\windows\system32\notepad.dll
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [notepad] rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0

DDS Line:

mRun: [notepad] rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“notepad”=rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0

Description: trojan also known as Packed.Generic.271 [Symantec], Mal/FakeAV-BX, Mal/TibsPk-A [Sophos]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in O4, Run, Trojan | No Comments »

What is ntload.dll, How to remove ntload.dll

Sunday, December 13th, 2009

ntload.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ntload
Filename: ntload.dll
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | notepad

Command: %UserProfile%\ntload.dll
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [notepad] rundll32.exe %UserProfile%\ntload.dll,_IWMPEvents@0

DDS Line:

uRun: [notepad] rundll32.exe %UserProfile%\ntload.dll,_IWMPEvents@0

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“notepad”=rundll32.exe %UserProfile%\ntload.dll,_IWMPEvents@0

Description: trojan also know as Packed.Generic.271 [Symantec], Mal/FakeAV-BX, Mal/TibsPk-A [Sophos]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in O4, Run, Trojan | 1 Comment »

What is mstre26.exe, How to remove mstre26.exe

Saturday, December 12th, 2009

mstre26.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mstre26
Filename: mstre26.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SySmstray

Command: c:\windows\mstre26.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [SySmstray] C:\windows\mstre26.exe

DDS Line:

mRun: [SySmstray] C:\windows\mstre26.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“SySmstray”=c:\windows\mstre26.exe

Description: component of Koobface worm.

How to remove: use these Koobface removal instructions.

Posted in O4, Run, Worm | No Comments »

What is IGuardPc.exe, How to remove IGuardPc.exe

Friday, December 11th, 2009

IGuardPc.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: IGuardPc
Filename: IGuardPc.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | IGuardPc.exe

Command: C:\Program Files\IGuardPc Software\IGuardPc\IGuardPc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [IGuardPc.exe] C:\Program Files\IGuardPc Software\IGuardPc\IGuardPc.exe

DDS Line:

uRun: [IGuardPc.exe] C:\Program Files\IGuardPc Software\IGuardPc\IGuardPc.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“IGuardPc.exe”=C:\Program Files\IGuardPc Software\IGuardPc\IGuardPc.exe [2009-12-12 1798144]

Description: core component of IGuardPc. IGuardPc is a rogue antispyware program.

How to remove: use these IGuardPc removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

« Previous Entries
Next Entries »