Archive for the 'File associations' Category

What is vz.exe, How to remove vz.exe

Monday, November 22nd, 2010

vz.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: vz
Filename: vz.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\vz.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\vz.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”

Command: %Appdata%\vz.exe
Startup Type: File associations
Description: main executable file of XP Antispyware 2011, Vista Antispyware 2011, Win 7 Antispyware 2011, XP Security 2011, Vista Security 2011, Win 7 Security 2011, XP Internet Security 2011, Vista Internet Security 2011, Win 7 Internet Security 2011, XP Antimalware 2011, Vista Antimalware 2011, Win 7 Antimalware 2011, XP Guard Vista Guard, Win 7 Guard. All programs are rogue antispyware.

How to remove: use these vz.exe removal instructions.

What is pw.exe, How to remove pw.exe

Thursday, November 18th, 2010

pw.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: pw
Filename: pw.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”

Command: %Appdata%\pw.exe
Startup Type: File associations
Description: main file of XP Antispyware 2011, Vista Antispyware 2011, Win 7 Antispyware 2011, XP Security 2011, Vista Security 2011, Win 7 Security 2011, XP Internet Security 2011, Vista Internet Security 2011, Win 7 Internet Security 2011, XP Antimalware 2011, Vista Antimalware 2011, Win 7 Antimalware 2011, XP Guard Vista Guard, Win 7 Guard. All programs are rogue antispyware.

How to remove: use these pw.exe removal instructions.

What is wmsdk64_32.exe, How to remove wmsdk64_32.exe

Tuesday, August 3rd, 2010

wmsdk64_32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wmsdk64_32
Filename: wmsdk64_32.exe
Registry key:

HKEY_CLASSES_ROOT\exefile\shell\open\command | @=”\”C:\DOCUME~1\user\LOCALS~1\Temp\wmsdk64_32.EXE\” /START \”%1\” %*”

Command: %Temp%\wmsdk64_32.exe
Startup Type: File associations
Combofix/RSIT Line:

.exe – open – “C:\DOCUME~1\comp\LOCALS~1\Temp\wmsdk64_32.exe” /START “%1″ %*

Description: trojan FakeAlert that uses to install Antivirus (rogue antispyware)

How to remove: use the Antivirus removal guide or the steps below.

1. Download fix.zip from here, unzip it. Double Click fix.reg and click YES for confirm.

2. Download TDSSKiller from here and unzip to your desktop. Open tdsskiller folder and right click to TDSSKiller, select Rename. Type something like 123myname and press Enter. Double click it and follow the prompts.

3. Download Malwarebytes Anti-malware. Install and perform a scan and let it remove what it found. Reboot afterwards (important).

What is MSDERUN.EXE, How to remove MSDERUN.EXE

Saturday, July 17th, 2010

MSDERUN.EXE is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: MSDERUN
Filename: MSDERUN.EXE
Registry key:

HKEY_CLASSES_ROOT\exefile\shell\open\command | @=”\”C:\DOCUME~1\user\LOCALS~1\Temp\MSDERUN.EXE\” /START \”%1\” %*”

Command: %Temp%\MSDERUN.EXE
Startup Type: File associations
Combofix/RSIT Line:

.exe – open – “C:\DOCUME~1\comp\LOCALS~1\Temp\MSDERUN.EXE” /START “%1″ %*

Description: trojan FakeAlert that uses to install Defense Center (rogue antispyware)

How to remove: use the Defense center removal guide or the steps below.

1. Download fix.zip from here, unzip it. Double Click fix.reg and click YES for confirm.

2. Download TDSSKiller from here and unzip to your desktop. Open tdsskiller folder and right click to TDSSKiller, select Rename. Type something like 123myname and press Enter. Double click it and follow the prompts.

3. Download Malwarebytes Anti-malware. Install and perform a scan and let it remove what it found. Reboot afterwards (important).

What is autmgr32.exe, How to remove autmgr32.exe

Monday, June 28th, 2010

autmgr32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: autmgr32
Filename: autmgr32.exe
Registry key:

HKEY_CLASSES_ROOT\exefile\shell\open\command | @=”\”C:\DOCUME~1\user\LOCALS~1\Temp\autmgr32.exe\” /START \”%1\” %*”

Command: %Temp%\autmgr32.exe
Startup Type: File associations
Combofix/RSIT Line:

.exe – open – “C:\DOCUME~1\comp\LOCALS~1\Temp\autmgr32.exe” /START “%1″ %*

Description: autmgr32.exe (located in Temp folder) is a trojan FakeAlert that uses to install Defense Center (rogue antispyware). Legitimate autmgr32.exe located in C:\WINDOWS\system32\ folder.

How to remove: use the defcnt.exe, autmgr32.exe, wscsvc32.exe malware removal instructions or the steps below.

1. Download fix.zip from here, unzip it. Double Click fix.reg and click YES for confirm.

2. Download TDSSKiller from here and unzip to your desktop. Open tdsskiller folder and right click to TDSSKiller, select Rename. Type something like 123myname and press Enter. Double click it and follow the prompts.

3. Download Malwarebytes Anti-malware. Install and perform a scan and let it remove what it found. Reboot afterwards (important).

What is esentutl64.exe, How to remove esentutl64.exe

Saturday, June 12th, 2010

esentutl64.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: esentutl64
Filename: esentutl64.exe
Registry key:

HKEY_CLASSES_ROOT\exefile\shell\open\command | @=”\”C:\DOCUME~1\user\LOCALS~1\Temp\esentutl64.exe\” /START \”%1\” %*”

Command: %Temp%\esentutl64.exe
Startup Type: File associations
Combofix/RSIT Line:

.exe – open – “C:\DOCUME~1\comp\LOCALS~1\Temp\esentutl64.exe” /START “%1” %*

Description: trojan FakeAlert that installed with Defense Center. Defense Center is a rogue (fake) antispyware program.

How to remove: use these Defense Center removal instructions or the steps below.

1. Download fix.zip from here, unzip it. Double Click fix.reg and click YES for confirm.

2. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Defense Center”=-

:files
C:\Program Files\Defense Center

Click the red Moveit! button. Close OTM.

3. Download TDSSKiller from here and unzip to your desktop. Open tdsskiller folder and right click to TDSSKiller, select Rename. Type something like 123myname and press Enter. Double click it and follow the prompts.

4. Download Malwarebytes Anti-malware. Install and perform a scan and let it remove what it found. Reboot afterwards (important).

What is mscdexnt.exe, How to remove mscdexnt.exe

Tuesday, June 1st, 2010

mscdexnt.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mscdexnt
Filename: mscdexnt.exe
Registry key:

HKEY_CLASSES_ROOT\exefile\shell\open\command | @=”\”C:\DOCUME~1\user\LOCALS~1\Temp\mscdexnt.exe\” /START \”%1\” %*”

Command: %Temp%\mscdexnt.exe
Startup Type: File associations
Combofix/RSIT Line:

.exe – open – “C:\DOCUME~1\user\LOCALS~1\Temp\mscdexnt.exe” /START “%1” %*

Description: trojan FakeAlert that installed with Protection Center. Protection Center is a rogue (fake) antispyware program.

How to remove: use these Protection Center removal instructions or the steps below.

1. Download fix.zip from here, unzip it. Double Click fix.reg and click YES for confirm. Reboot your computer.

2. Download TDSSKiller from here and unzip to your desktop. Open tdsskiller folder and right click to TDSSKiller, select Rename. Type something like 123myname and press Enter. Double click it and follow the prompts.

3. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Protection Center”=-

:files
C:\Program Files\Protection Center

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install and perform a scan.

Win Antispyware Center – av.exe

Sunday, May 23rd, 2010

av.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: av
Filename: av.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Win Antispyware Center
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Win Antispyware Center
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Win Antispyware Center

Command: command
Startup Type: HKLM->Run, HKCU->Run, File associations
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Win Antispyware Center] C:\Program Files\WinAntispywareCenter\av.exe
O4 – HKCU\..\Run: [Win Antispyware Center] C:\Program Files\WinAntispywareCenter\av.exe

DDS Line:

mRun: [Win Antispyware Center] C:\Program Files\WinAntispywareCenter\av.exe
uRun: [Win Antispyware Center] C:\Program Files\WinAntispywareCenter\av.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Win Antispyware Center”=C:\Program Files\WinAntispywareCenter\av.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Win Antispyware Center”=C:\Program Files\WinAntispywareCenter\av.exe

Description: core component of Win Antispyware Center. Win Antispyware Center is a rogue antispyware program.

How to remove: use these Win Antispyware Center removal instructions or the steps below.
1. Download fix1.zip from here, unzip it. Right click fix.inf and select Install.

2. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Win Antispyware Center”=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Win Antispyware Center”=-

:files
C:\Program Files\WinAntispywareCenter

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install and perform a scan.

ave.exe – Total Vista Security, Vista Security Tool 2010

Tuesday, March 16th, 2010

ave.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ave
Filename: ave.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\secfile

Command: %Appdata%\ave.exe
Startup Type: File associations
Description: core component of Total Vista Security (Vista Security Tool 2010). Total Vista Security (Vista Security Tool 2010) is a rogue antispyware program.

How to remove: use these ave.exe removal instructions.

XP AntiSpyware 2010, XP Antivirus Pro 2010 – av.exe

Tuesday, February 23rd, 2010

av.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: av
Filename: av.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CLASSES_ROOT\secfile
HKEY_CLASSES_ROOT\.exe\shell\open\command

Command: %Appdata%\av.exe
Description: core component of XP AntiSpyware 2010, XP Antivirus Pro 2010. XP AntiSpyware 2010, XP Antivirus Pro 2010 – names of one program, that is a rogue antispyware application.

How to remove: use these XP AntiSpyware 2010, XP Antivirus Pro 2010 removal instructions.