HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: usa
Filename: usa.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | USA

Command: C:\Program Files\USA\usa.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [USA] C:\Program Files\USA\usa.exe

Description: main file of USAntiSpy (rogue antispyware program)

How to remove: use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: drv
Filename: drv.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DRV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost | drv

Command: c:\program files\drv\drv.sys
Startup Type: driver, svchost
Combofix/RSIT Line:

R1 drvdrv;drvdrv;c:\program files\drv\drv.sys [7/1/2009 2:55 PM 9344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
drv REG_MULTI_SZ drv

Description: worm Koobface also known as Win32.Agent.auoy, Trojan-Dropper.Agent

How to remove: use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: oembios
Filename: oembios.exe
Command: C:\WINDOWS\system32\oembios.exe
Startup Type: HKUS->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\oembios.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\oembios.exe (User ‘Default user’)

Description: trojan Zbot, also known as Infostealer.Banker, PWS-Zbot.gen.c, Mal/EncPk-CZ

How to remove: use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiMalware_Pro
Filename: AntiMalware_Pro.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiMalware_ProNET

Command: C:\Program Files\AntiMalware_Pro\AntiMalware_Pro.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiMalware_ProNET] C:\Program Files\AntiMalware_Pro\AntiMalware_Pro.exe

Description: main file of AntiMalwarePro (rogue antispyware application)

How to remove: use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: Installer
Filename: Installer.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | AntivirusBEST

Command: C:\Documents and Settings\All Users\Application Data\AB\Installer.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [AntivirusBEST] C:\Documents and Settings\All Users\Application Data\AB\Installer.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“AntivirusBEST”=C:\Documents and Settings\All Users\Application Data\AB\Installer.exe [2009-06-26 78848]

Description: main file of AntivirusBEST (rogue antispyware program)

How to remove: use these AntivirusBEST removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: net
Filename: net.net
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | net

Command: C:\WINDOWS\system32\net.net
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [net] “C:\WINDOWS\system32\net.net”

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“net”=C:\WINDOWS\system32\net.net

Description: unknown trojan, usually installed with rogue antispyware software

How to remove: use HijackThis

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: liser
Filename: liser.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | kell

Command: c:\program Files\Manson\liser.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKUS\S-1-5-18\..\Run: [kell] C:\Program Files\Manson\liser.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [kell] C:\Program Files\Manson\liser.exe (User ‘Default user’)
O4 – HKCU\..\Run: [kell] c:\program Files\Manson\liser.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“kell”=c:\program Files\Manson\liser.exe

Description: trojan that installed with rogue antivirus/antispyware apps.

How to remove: use Malwarebytes Antimalware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SysShield
Filename: SysShield.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Windows applications server

Command: C:\WINDOWS\system32\SysShield.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Windows applications server] C:\WINDOWS\system32\SysShield.exe

Description: component of Antivirus Protection (rogue antivirus/antispyware program)

How to remove: use these Antivirus Protection removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AVP
Filename: AVP.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | AntiVirus Protection

Command: C:\Program Files\AntiVirus Protection\AVP.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [AntiVirus Protection] C:\Program Files\AntiVirus Protection\AVP.exe

Description: main file of Antivirus Protection (rogue antivirus/antispyware program)

How to remove: use these Antivirus Protection removal instructions

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: MD[random]
Filename: MD[random].exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Malware Destructor 2009

Command: C:\Documents and Settings\All Users\Application Data\f5bc4e8\MDf5bc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Malware Destructor 2009] “C:\Documents and Settings\All Users\Application Data\f5bc4e8\MDf5bc.exe” /s /d

Description: main file of Malware Destructor 2009 (rogue antispyware program). Uses random file names for hide itself.

How to remove: use these Malware Destructor 2009 removal instructions