O4 | HT Logs. Tips, FAQs, Analyze.

Archive for the 'O4' Category

What is ccdrive32.exe, How to remove ccdrive32.exe

Monday, December 7th, 2009

ccdrive32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ccdrive32
Filename: ccdrive32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Driver Setup

Command: C:\Windows\ccdrive32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Driver Setup] C:\Windows\ccdrive32.exe
O4 – HKLM\..\policies\Explorer\Run: [Microsoft Driver Setup] C:\Windows\ccdrive32.exe

DDS Line:

mRun: [Microsoft Driver Setup] C:\Windows\ccdrive32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\Windows\ccdrive32.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
“Microsoft Driver Setup”=C:\Windows\ccdrive32.exe

Description: trojan also known as Trojan.Win32.Buzus.crty [Kaspersky Lab], Worm:Win32/Pushbot.gen [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Policies\Explorer\Run, Run, Trojan | No Comments »

Antivirus Live – [random]sysguard.exe – How to remove

Monday, December 7th, 2009

[random]sysguard.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: [random]sysguard
Filename: [random]sysguard.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | [random]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | [random]

Command: %UserProfile%\Local Settings\Application Data\[random]\[random]sysguard.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category:
HijackThis Line:

O4 – HKLM\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
O4 – HKCU\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

DDS Line:

mRun: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
uRun: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“[random]”=C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“[random]”=C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

Description: core part of Antivirus Live. Antivirus Live is a rogue antispyware program.

How to remove: use these Antivirus Live removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is mydpla.exe, How to remove mydpla.exe

Monday, December 7th, 2009

mydpla.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mydpla
Filename: mydpla.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Technology NT

Command: C:\Windows\System32\mydpla.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Technology NT] C:\Windows\System32\mydpla.exe

DDS Line:

mRun: [Technology NT] C:\Windows\System32\mydpla.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Technology NT”=C:\Windows\System32\mydpla.exe

Description: trojan also known as Trojan-Banker.Win32.Banker.apxq [Kaspersky Lab]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, Trojan | No Comments »

What is ntfs_ext7.exe, How to remove ntfs_ext7.exe

Monday, December 7th, 2009

ntfs_ext7.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ntfs_ext7
Filename: ntfs_ext7.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | NTFS_ext_drv

Command: \?\globalroot\Windows\System32\ntfs_ext7.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [NTFS_ext_drv] \\?\globalroot\Windows\System32\ntfs_ext7.exe

DDS Line:

mRun: [NTFS_ext_drv] \?\globalroot\Windows\System32\ntfs_ext7.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“NTFS_ext_drv”=\?\globalroot\Windows\System32\ntfs_ext7.exe

Description: trojan agent

How to remove: use HijackThis

Posted in O4, Run, Trojan | No Comments »

What is raidhost.exe, How to remove raidhost.exe

Monday, December 7th, 2009

raidhost.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: raidhost
Filename: raidhost.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | raidhost

Command: C:\Windows\raidhost.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [raidhost] raidhost.exe

DDS Line:

mRun: [raidhost] raidhost.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“raidhost”=raidhost.exe

Description: trojan also known as Backdoor.Trojan [Symantec], Worm.Win32.AutoRun.gow [Kaspersky Lab], W32/Autorun.worm!fi [McAfee], Backdoor:Win32/IRCbot [Microsoft], Backdoor.Win32.IRCBot [Ikarus]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, Trojan | No Comments »

What is sysdiag64.exe, How to remove sysdiag64.exe

Saturday, December 5th, 2009

sysdiag64.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sysdiag64
Filename: sysdiag64.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | MSN

Command: C:\Windows\sysdiag64.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [MSN] C:\Windows\sysdiag64.exe

DDS Line:

uRun: [MSN] C:\Windows\sysdiag64.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“MSN”=C:\Windows\sysdiag64.exe

Description: trojan

How to remove: use HijackThis + SUPERAntiSpyware

Posted in O4, Run, Trojan | No Comments »

What is winhbt.exe, How to remove winhbt.exe

Saturday, December 5th, 2009

winhbt.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winhbt
Filename: winhbt.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | winhbt.exe

Command: %Temp%\winhbt.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [winhbt.exe] %Temp%\winhbt.exe

DDS Line:

uRun: [winhbt.exe] %Temp%\winhbt.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“winhbt.exe”=%Temp%\winhbt.exe

Description: trojan FakeAV

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

What is richtx64.exe, How to remove richtx64.exe

Saturday, December 5th, 2009

richtx64.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: richtx64
Filename: richtx64.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | richtx64.exe

Command: %Temp%\richtx64.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\richtx64.exe

DDS Line:

uRun: [richtx64.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\richtx64.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“richtx64.exe”=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\richtx64.exe

Description: trojan FakeAlert

How to remove: use these richtx64.exe (trojan FakeAlert) removal instructions.

Posted in O4, Run, Trojan | No Comments »

What is kxvo.exe, How to remove kxvo.exe

Saturday, December 5th, 2009

kxvo.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: kxvo
Filename: kxvo.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | kxva

Command: C:\WINDOWS\system32\kxvo.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe

DDS Line:

uRun: [kxva] C:\WINDOWS\system32\kxvo.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“kxva”=C:\WINDOWS\system32\kxvo.exe

Description: trojan also known as W32.Gammima [Symantec], Trojan.Win32.Vaklik.yl [Kaspersky Lab], PWS-Gamania.gen.a [McAfee], TROJ_VAKLIK.EQ [Trend Micro], Mal/EncPk-CE [Sophos], Worm:Win32/Taterf.B [Microsoft], Dropper/Malware.158261 [AhnLab]. It uses autorun.inf files to spread itself.

How to remove: use these autorun.inf trojans removal instructions

Posted in O4, Run, Trojan | No Comments »

What is essledv.exe, How to remove essledv.exe

Friday, December 4th, 2009

essledv.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: essledv
Filename: essledv.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ttool

Command: C:\Windows\essledv.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [ttool] C:\Windows\essledv.exe

DDS Line:

uRun: [ttool] C:\Windows\essledv.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ttool”=C:\Windows\essledv.exe

Description: trojan also known as Trojan.Generic [PCTools], Trojan Horse [Symantec], Trojan-PSW.Win32.Papras.og [Kaspersky Lab], Troj/PWS-BFX [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, Trojan | 1 Comment »

HT Logs. Tips, FAQs, Analyze.

Categories

Archives

Archive for the 'O4' Category

What is ccdrive32.exe, How to remove ccdrive32.exe

ccdrive32.exe is a harmful program.

Antivirus Live – [random]sysguard.exe – How to remove

[random]sysguard.exe is a harmful program.

What is mydpla.exe, How to remove mydpla.exe

mydpla.exe is a harmful program.

What is ntfs_ext7.exe, How to remove ntfs_ext7.exe

ntfs_ext7.exe is a harmful program.

What is raidhost.exe, How to remove raidhost.exe

raidhost.exe is a harmful program.

What is sysdiag64.exe, How to remove sysdiag64.exe

sysdiag64.exe is a harmful program.

What is winhbt.exe, How to remove winhbt.exe

winhbt.exe is a harmful program.

What is richtx64.exe, How to remove richtx64.exe

richtx64.exe is a harmful program.

What is kxvo.exe, How to remove kxvo.exe

kxvo.exe is a harmful program.

What is essledv.exe, How to remove essledv.exe

essledv.exe is a harmful program.