Archive for the 'O4' Category

« Previous Entries
Next Entries »

How to remove AlphaAV.exe, What is AlphaAV.exe

Monday, September 28th, 2009

AlphaAV.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AlphaAV
Filename: AlphaAV.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | AlphaAV

Command: C:\Program Files\AlphaAV\AlphaAV.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [AlphaAV] C:\Program Files\AlphaAV\AlphaAV.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“AlphaAV”=C:\Program Files\AlphaAV\AlphaAV.exe [2009-09-26 1581056]

Description: main file of Alpha Antivirus rogue antispyware program

How to remove: use these Alpha Antivirus removal instructions

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

How to remove SecuritySoldier.exe, What is SecuritySoldier.exe

Saturday, September 26th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SecuritySoldier
Filename: SecuritySoldier.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SecuritySoldier

Command: C:\Program Files\SecuritySoldier Software\SecuritySoldier\SecuritySoldier.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SecuritySoldier] C:\Program Files\SecuritySoldier Software\SecuritySoldier\SecuritySoldier.exe -min

Description: main component of SecuritySoldier rogue antispyware program

How to remove: use these SecuritySoldier removal instructions

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

How to remove SecurityFighter.exe, What is SecurityFighter.exe

Thursday, September 24th, 2009

SecurityFighter.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SecurityFighter
Filename: SecurityFighter.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SecurityFighter

Command: C:\Program Files\SecurityFighter Software\SecurityFighter\SecurityFighter.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SecurityFighter] C:\Program Files\SecurityFighter Software\SecurityFighter\SecurityFighter.exe -min

Description: main file of SecurityFighter fake antispyware program

How to remove: use these SecurityFighter removal instructions

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

wsn.bat is component of Green AV

Tuesday, September 22nd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wsn
Filename: wsn.bat
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | RANDOM NUMBERS

Command: C:\ProgramData\gra\wsn.bat
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [RANDOM NUMBERS] C:\ProgramData\gwr\wsn.bat
O4 – HKCU\..\Run: [RANDOM NUMBERS] C:\ProgramData\gra\wsn.bat

Description: component of Green AV rogue antivirus/antispyware program

How to remove: use these Green AV removal instructions

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is SaveArmor.exe, How to remove SaveArmor.exe

Monday, September 21st, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SaveArmor
Filename: SaveArmor.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SaveArmor

Command: C:\Program Files\SaveArmor Software\SaveArmor\SaveArmor.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SaveArmor] C:\Program Files\SaveArmor Software\SaveArmor\SaveArmor.exe -min

Description: main component of SaveArmor rogue antispyware program

How to remove: use these SaveArmor removal instructions

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is SaveDefender.exe, How to remove SaveDefender.exe

Monday, September 21st, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SaveDefender
Filename: SaveDefender.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SaveDefender

Command: C:\Program Files\SaveDefender Software\SaveDefender\SaveDefender.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SaveDefender] C:\Program Files\SaveDefender Software\SaveDefender\SaveDefender.exe -min

Description: main file of SaveDefender rogue antispyware program

How to remove: use these SaveDefender removal instructions

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

gitabiga.dll is trojan Vundo

Sunday, September 20th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: gitabiga
Filename: gitabiga.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | derijidob
hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler | {e826441e-0920-4e05-9b2c-84189ccd7cba}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | gefiraled

Command: c:\windows\system32\gitabiga.dll
CLSID: {e826441e-0920-4e05-9b2c-84189ccd7cba}
Startup Type: HKLM->Run, SharedTaskScheduler, ShellServiceObjectDelayLoad
HijackThis Category: O4, O21, O22
Combofix/RSIT Line:

2009-09-19 01:46 . 2009-06-19 01:46 88576 –sha-w- c:\windows\system32\gitabiga.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“derijidob”=”c:\windows\system32\gitabiga.dll” [2009-09-19 88576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
“{e826441e-0920-4e05-9b2c-84189ccd7cba}”= “c:\windows\system32\gitabiga.dll” [2009-09-19 88576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“gefiraled”= {e826441e-0920-4e05-9b2c-84189ccd7cba} – c:\windows\system32\gitabiga.dll [2009-09-19 88576]

Description: trojan Vundo

How to remove: use Malwarebytes` Anti-malware

Posted in O21, O22, O4, Run, SharedTaskScheduler, ShellServiceObjectDelayLoad, Trojan | No Comments »

mradll.exe is component of Green AV

Sunday, September 20th, 2009

mradll.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mradll
Filename: mradll.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | RANDOM CHARACTERS

Command: C:\Documents and Settings\All Users\Application Data\gra\mradll.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [RANDOM CHARACTERS] C:\Documents and Settings\All Users\Application Data\gra\mradll.exe

Description: component of Green AV also known as Green Antivirus (rogue antispyware program)

How to remove: use these Green AV removal instructions

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

rwg.exe is component of Green AV

Sunday, September 20th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: rwg
Filename: rwg.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | RANDOM CHARACTERS

Command: C:\Documents and Settings\All Users\Application Data\gwr\rwg.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [RANDOM CHARACTERS] C:\Documents and Settings\All Users\Application Data\gwr\rwg.exe

Description: component of Green AV rogue antivirus program

How to remove: use these Green AV removal instructions

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is TrustWarrior.exe, how to remove TrustWarrior.exe

Thursday, September 17th, 2009

TrustWarrior.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: TrustWarrior
Filename: TrustWarrior.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TrustWarrior

Command: C:\Program Files\TrustWarrior Software\TrustWarrior\TrustWarrior.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [TrustWarrior] C:\Program Files\TrustWarrior Software\TrustWarrior\TrustWarrior.exe -min

Description: main component of TrustWarrior rogue antispyware software that detects false scan results and displays fake security alerts as a method of scaring you into buying the software.

How to remove: use these TrustWarrior removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

« Previous Entries
Next Entries »