Archive for the 'O4' Category

« Previous Entries
Next Entries »

What is AntivirusPro_2010.exe, How to remove AntivirusPro_2010.exe

Sunday, September 6th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AntivirusPro_2010
Filename: AntivirusPro_2010.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Antivirus Pro 2010

Command: C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Antivirus Pro 2010] “C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe” /hide

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Antivirus Pro 2010″=C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe [2009-09-06 589312]

Description: AntivirusPro_2010.exe is a component of Antivirus Pro 2010. The program is fake antispyware software that designed to scam people.

How to remove: use these Antivirus Pro 2010 removal instructions in order to remove the AntivirusPro_2010.exe file and any associated malware from your computer for free.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

Whats is QuickHealCleaner.exe, how to remove QuickHealCleaner.exe

Saturday, September 5th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: QuickHealCleaner
Filename: QuickHealCleaner.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | QuickHealCleaner

Command: C:\Program Files\QuickHealCleaner Software\QuickHealCleaner\QuickHealCleaner.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [QuickHealCleaner] C:\Program Files\QuickHealCleaner Software\QuickHealCleaner\QuickHealCleaner.exe -min

Description: main file of QuickHealCleaner. QuickHealCleaner is a rogue antispyware program that designed to scam people.

How to remove: use these QuickHealCleaner.exe removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

SystemCop.exe is a main file of SystemCop

Wednesday, September 2nd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SystemCop
Filename: SystemCop.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SystemCop

Command: C:\Program Files\SystemCop Software\SystemCop\SystemCop.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SystemCop] C:\Program Files\SystemCop Software\SystemCop\SystemCop.exe -min

Description: main file of SystemCop (rogue antispyware program)

How to remove: use these SystemCop removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

SM205.exe is main file of Smart Virus Eliminator

Saturday, August 29th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SM205
Filename: SM205.exe (Smart Virus Eliminator uses random file name to hide itself)
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Smart Virus Eliminator

Command: C:\Documents and Settings\All Users\Application Data\7d189\SM205.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Smart Virus Eliminator] “C:\Documents and Settings\All Users\Application Data\7d189\SM205.exe” /s /d

Description: main file of Smart Virus Eliminator

How to remove: use these Smart Virus Eliminator removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

WIa9ca.exe is a main file of Windows Protection Suite

Friday, August 28th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: WIa9ca
Filename: WIa9ca.exe (uses random filenames to hide itself)
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Windows Protection Suite

Command: C:\Documents and Settings\All Users\Application Data\a91c29\WIa9ca.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Windows Protection Suite] “C:\Documents and Settings\All Users\Application Data\a91c29\WIa9ca.exe” /s /d

Description: main file of Windows Protection Suite (rogue antispyware software)

How to remove: use these Windows Protection Suite removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

BlockDefense.exe is a main file of BlockDefense

Friday, August 28th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: BlockDefense
Filename: BlockDefense.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | BlockDefense

Command: C:\Program Files\BlockDefense Software\BlockDefense\BlockDefense.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [BlockDefense] C:\Program Files\BlockDefense Software\BlockDefense\BlockDefense.exe -min

Description: main file of BlockDefense (rogue antispyware program)

How to remove: use these BlockDefense removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

regedit.exe is a trojan

Thursday, August 27th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: regedit
Filename: regedit.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Regedit32

Command: C:\WINDOWS\system32\regedit.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

Description: trojan, that installed with PC Antispyware2010 (rogue antispyware program)
Note: regedit.exe trojan located in the C:\WINDOWS\system32 folder, Windows system file regedit.exe located in the C:\WINDOWS folder !!!

How to remove: use these PC Antispyware2010 removal instructions.

Posted in O4, Run, Trojan | No Comments »

hp32_nword.exe is a trojan

Thursday, August 27th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: hp32_nword
Filename: hp32_nword.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | hp32_nword
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | hp32_nword

Command: C:\WINDOWS\system32\hp32_nword.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [hp32_nword] C:\WINDOWS\system32\hp32_nword.exe
O4 – HKCU\..\Run: [hp32_nword] C:\Documents and Settings\Michael\hp32_nword.exe

Description: trojan also known as Win-Trojan/SpamMailer, installed with PC Antispyware2010 (rogue anispyware program)

How to remove: use HijackThis + use SUPERAntiSpyware

Posted in O4, Run, Trojan | No Comments »

olhrwef.exe is a trojan autorun.inf

Thursday, August 27th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: olhrwef
Filename: olhrwef.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cdoosoft

Command: C:\WINDOWS\system32\olhrwef.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 – HKUS\S-1-5-21-527237240-113007714-854245398-1007\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe (User ‘?’)

Description: trojan that uses autorun.inf file for infecting computers.

How to remove: use these autorun.inf trojan removal instructions.

Posted in O4, Run, Trojan | No Comments »

waw32.exe is trojan-dropper [Worm.Palevo]

Thursday, August 27th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: waw32
Filename: waw32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | Microsoft Driver Setup

Command: C:\WINDOWS\waw32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\waw32.exe
O4 – HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\waw32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\WINDOWS\waw32.exe [2009-08-20 84992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“Microsoft Driver Setup”=C:\WINDOWS\waw32.exe [2009-08-20 84992]

Description: trojan-dropper, also known as Worm.Palevo

How to remove: use HijackThis + use Malwarebytes` Anti-malware

Posted in O4, Policies\Explorer\Run, Run, Trojan, Worm | No Comments »

« Previous Entries
Next Entries »