Archive for the 'O4' Category
Saturday, April 25th, 2009
This is a harmful program.
Name: guard
Filename: guard.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | guard
Command: C:\WINDOWS\guard.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [guard] C:\WINDOWS\guard.exe
Description: component of Antivirus Agent Pro (rogue qntispyware program)
How to remove: use the instructions How to remove Antivirus Agent Pro (Delete Instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Tuesday, April 21st, 2009
This is a harmful program.
Name: se
Filename: se.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | se
Command: C:\WINDOWS\system\se.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [se] C:\WINDOWS\system\se.exe
Description: se.exe is a trojan that installed with Antivirus Plus
How to remove: use the instruction How to remove Antivirus Plus (Uninstall instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run, Trojan | No Comments »
Tuesday, April 21st, 2009
This is a harmful program.
Name: rundll32
Filename: rundll32.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | shell
Command: C:\WINDOWS\system\rundll32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [shell] C:\WINDOWS\system\rundll32.exe 1
Description: trojan that installed with Antivirus Plus (rogue antispyware)
How to remove: use the instruction How to remove Antivirus Plus (Uninstall instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run, Trojan | No Comments »
Tuesday, April 21st, 2009
This is a harmful program.
Name: ava
Filename: ava.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AV AntiSpyware
Command: C:\Documents and Settings\All Users\Application Data\LastSun Ltd\AV AntiSpyware\ava.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [AV AntiSpyware] “C:\Documents and Settings\All Users\Application Data\LastSun Ltd\AV AntiSpyware\ava.exe” /autorun
Description: main file of AV Antispyware (rogue antispyware)
How to remove: use the instruction How to remove AV Antispyware (Uninstall instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Tuesday, April 21st, 2009
This is a harmful program.
Name: WiniBlueSoft
Filename: WiniBlueSoft.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | WiniBlueSoft
Command: C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
Description: main file of WiniBlueSoft (rogue antispyware program)
How to remove: use the instruction How to remove WiniBlueSoft (Uninstall instructions)
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Tuesday, April 14th, 2009
This is a harmful program.
Name: VSweep
Filename: VSweep.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Virus Sweeper
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Virus Sweeper] “C:\Documents and Settings\All Users\Application Data\8a37\VSweep.exe” /s /d
Combofix/RSIT Line:
Description: main file of Virus Sweeper (rogue antispyware program)
How to remove: use these instructions How to remove Virus Sweeper (Uninstall instructions).
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Tuesday, March 31st, 2009
This is a harmful program.
Name: av2009
Filename: av2009.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | 50564483217104051363526518677900
Command: C:\Program Files\Antivirus 2009\av2009.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [50564483217104051363526518677900] C:\Program Files\Antivirus 2009\av2009.exe
Description: malware, main file of Antivirus 2009 (rogue antispyware)
How to remove: Use HijackThis + Use Malwarebytes Antimalware
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Monday, March 30th, 2009
This is a harmful program.
Name: N1i
Filename: N1i.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Drive
Command: C:\Documents and Settings\All Users\Application Data\N1\N1i.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [Drive] C:\Documents and Settings\All Users\Application Data\N1\N1i.exe
Description: main file of Anti-virus number 1 (rogue antispyware program)
How to remove: Use HijackThis + Use Malwarebytes Antimalware
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Monday, March 30th, 2009
This is a harmful program.
Name: svchost
Filename: svchost.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SVCHOST.EXE
Command: C:\WINDOWS\System32\drivers\svchost.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe
Description: trojan fake.alert
How to remove: Use HijackThis + Use Malwarebytes Antimalware
Posted in O4, Run, Trojan | No Comments »
Monday, March 30th, 2009
This is a harmful program.
Name: vitamine
Filename: vitamine.dll
Command: c:\windows\system32\vitamine.dll
CLSID: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
Startup Type: HKLM->Run, AppInit DLL, SSODL, SharedTaskScheduler
HijackThis Category: O4, O20, O21, O22
HijackThis Line:
O4 – HKLM\..\Run: [CPMfbaed640] Rundll32.exe “c:\windows\system32\vitamine.dll”,a
O20 – AppInit_DLLs: c:\windows\system32\vitamine.dll
O21 – SSODL: SSODL – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\vitamine.dll
O22 – SharedTaskScheduler: STS – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\vitamine.dll
Description: trojan (Vundo)
How to remove: Use HijackThis + Use Malwarebytes Antimalware
Posted in AppInit DLLs, O20, O21, O22, O4, Run, SharedTaskScheduler, ShellServiceObjectDelayLoad, Trojan | No Comments »
