Archive for the 'Microsoft active setup' Category

What is dfmcd21.dll, How to remove dfmcd21.dll

Monday, July 26th, 2010

dfmcd21.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: dfmcd21
Filename: dfmcd21.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0098EFCC-12D6-4B0C-B566-E133F6B4941B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{77D30FCF-771E-4EF4-9DCD-69056CA0B517}

Command: C:\WINDOWS\system32\dfmcd21.dll
CLSID: {0098EFCC-12D6-4B0C-B566-E133F6B4941B}, {77D30FCF-771E-4EF4-9DCD-69056CA0B517}
Startup Type: BHO, Microsoft active setup
HijackThis Category: O2
HijackThis Line:

O2 – BHO: – {0098EFCC-12D6-4B0C-B566-E133F6B4941B} – C:\WINDOWS\system32\dfmcd21.dll

DDS Line:

BHO: : {0098EFCC-12D6-4B0C-B566-E133F6B4941B} – C:\WINDOWS\system32\dfmcd21.dll
mASetup: {77D30FCF-771E-4EF4-9DCD-69056CA0B517} – C:\WINDOWS\system32\dfmcd21.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0098EFCC-12D6-4B0C-B566-E133F6B4941B}]
2010-07-14 07:39:17 51200 —-a-w- C:\WINDOWS\system32\dfmcd21.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{77D30FCF-771E-4EF4-9DCD-69056CA0B517}]
2010-07-14 07:39:17 51200 —-a-w- C:\WINDOWS\system32\dfmcd21.dll

Description: malware

How to remove: use the steps below.

1. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0098EFCC-12D6-4B0C-B566-E133F6B4941B}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{77D30FCF-771E-4EF4-9DCD-69056CA0B517}]

:files
%WinDir%\system32\dfmcd21.dll

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

2. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is microsft.exe, How to remove microsft.exe

Friday, March 5th, 2010

microsft.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: microsft
Filename: microsft.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C77088EB-52B1-173B-F6D5-36B5619926BD}

Command: %Program Files%\whyu\microsft.exe
CLSID: {C77088EB-52B1-173B-F6D5-36B5619926BD}
Startup Type: Microsoft active setup
DDS Line:

mASetup: {C77088EB-52B1-173B-F6D5-36B5619926BD} – C:\Program Files\whyu\microsft.exe s

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C77088EB-52B1-173B-F6D5-36B5619926BD}]
C:\Program Files\whyu\microsft.exe s

Description: malware also known as Mal/VB-Z [Sophos]

How to remove: Registry editor + Kaspersky virus removal tool

What is incognito.exe, How to remove incognito.exe

Thursday, January 28th, 2010

incognito.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: incognito
Filename: incognito.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB}

Command: c:\windows\system32\incognito.exe
CLSID: {ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB}
Startup Type: Microsoft active setup
DDS Line:

mASetup: {ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB} – c:\windows\system32\incognito.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB}]
c:\windows\system32\incognito.exe

Description: trojan also known as Trojan.Win32.Buzus.dahy [Kaspersky Lab], Mal/Generic-A [Sophos]

How to remove: use Kaspersky virus removal tool or Windows Registry editor

What is wivrs.exe, How to remove wivrs.exe

Sunday, December 27th, 2009

wivrs.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wivrs
Filename: wivrs.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5}

Command: c:\windows\system32\wivrs.exe
CLSID: {43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5}
Startup Type: Microsoft active setup
DDS Line:

mASetup: {43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5} – c:\windows\system32\wivrs.exe

Combofix:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43fF72BA-F2h9-13F1-bFbf-eaKfF836gFl5}]
c:\windows\system32\wivrs.exe

Description: trojan

How to remove: use Windows registry editor (regedit) + Malwarebytes` Anti-malware