Archive for the 'Policies\Explorer\Run' Category

What is tskmgr.exe, How to remove tskmgr.exe

Tuesday, September 28th, 2010

tskmgr.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: tskmgr
Filename: tskmgr.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | waults

Command: %AppData%\tskmgr.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Policies\Explorer\Run: [waults] C:\Documents and Settings\Username\Application Data\tskmgr.exe

Description: a trojan

How to remove: use HijackThis + Kaspersky virus removal tool

What is l84alx.exe, How to remove l84alx.exe

Sunday, July 25th, 2010

l84alx.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: l84alx
Filename: l84alx.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | tcyz46

Command: %Temp%\l84alx.exe
Startup Type: HKLM->Policies\Explorer\Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Policies\Explorer\Run: [tcyz46] C:\DOCUME~1\User\LOCALS~1\Temp\l84alx.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“tcyz46″=C:\DOCUME~1\User\LOCALS~1\Temp\l84alx.exe

Description: trojan also known as Trojan.Gen [PCTools], Trojan.Gen [Symantec], Backdoor.Win32.VB.lvn [Kaspersky Lab], Mal/VB-CF [Sophos], Trojan:Win32/Neop [Microsoft], Backdoor.Win32.VB [Ikarus]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is jjdrive32.exe, How to remove jjdrive32.exe

Tuesday, February 23rd, 2010

jjdrive32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: jjdrive32
Filename: jjdrive32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Update Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Update Setup

Command: %Windir%\jjdrive32.exe
Startup Type: HKLM->Run, HKLM->Policies\Explorer\Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Update Setup] C:\Windows\jjdrive32.exe
O4 – HKLM\..\policies\Explorer\Run: [Microsoft Update Setup] C:\Windows\jjdrive32.exe

DDS Line:

mRun: [Microsoft Update Setup] C:\Windows\jjdrive32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Update Setup”=C:\Windows\jjdrive32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
“Microsoft Update Setup”=C:\Windows\jjdrive32.exe

Description: worm also known as Net-Worm.Spybot [PCTools], W32.Spybot.Worm [Symantec], Net-Worm.Win32.Kolab.fem [Kaspersky Lab], W32/Kolab [McAfee], Mal/Generic-A [Sophos], Worm:Win32/Pushbot.OF [Microsoft]

How to remove: use HijackThis + Kaspersky virus removal tool

What is spoo1sv.exe, How to remove spoo1sv.exe

Sunday, February 21st, 2010

spoo1sv.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: spoo1sv
Filename: spoo1sv.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | spoo1sv

Startup Type:HKCU->Policies\Explorer\Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Policies\Explorer\Run: [spoo1sv] spoo1sv.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“spoo1sv”=spoo1sv.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is msdrv32.exe, How to remove msdrv32.exe

Saturday, January 23rd, 2010

msdrv32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: msdrv32
Filename: msdrv32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Driver Setup

Command: %WinDir%\msdrv32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Driver Setup] C:\Windows\msdrv32.exe
O4 – HKLM\..\policies\Explorer\Run: [Microsoft Driver Setup] C:\Windows\msdrv32.exe

DDS Line:

mRun: [Microsoft Driver Setup] C:\Windows\msdrv32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\Windows\msdrv32.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
“Microsoft Driver Setup”=C:\Windows\msdrv32.exe

Description: worm also known as Worm:Win32/Pushbot.gen [Microsoft], Backdoor.Win32.IRCBot.gen [Kaspersky Lab], Exploit-DcomRpc.gen [McAfee], Mal/Behav-134, Mal/IRCBot-B [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool

What is ccdrive32.exe, How to remove ccdrive32.exe

Monday, December 7th, 2009

ccdrive32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ccdrive32
Filename: ccdrive32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Driver Setup

Command: C:\Windows\ccdrive32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Driver Setup] C:\Windows\ccdrive32.exe
O4 – HKLM\..\policies\Explorer\Run: [Microsoft Driver Setup] C:\Windows\ccdrive32.exe

DDS Line:

mRun: [Microsoft Driver Setup] C:\Windows\ccdrive32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\Windows\ccdrive32.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
“Microsoft Driver Setup”=C:\Windows\ccdrive32.exe

Description: trojan also known as Trojan.Win32.Buzus.crty [Kaspersky Lab], Worm:Win32/Pushbot.gen [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is wind7upd.exe, How to remove wind7upd.exe

Tuesday, December 1st, 2009

wind7upd.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wind7upd
Filename: wind7upd.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup

Command: C:\Windows\wind7upd.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4:HKLM\..\Run: [Microsoft Driver Setup] C:\Windows\wind7upd.exe
O4:HKLM\..\policies\Explorer\Run: [Microsoft Driver Setup] C:\Windows\wind7upd.exe

DDS Line:

mRun: [Microsoft Driver Setup] C:\Windows\wind7upd.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
“Microsoft Driver Setup”=C:\Windows\wind7upd.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\Windows\wind7upd.exe

Description: trojan downloader

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is servises.Exe, How to remove servises.Exe

Saturday, October 24th, 2009

servises.Exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: servises
Filename: servises.Exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | servises
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | servises
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | servises
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | servises

Command: C:\Windows\system32\servises.Exe
Startup Type: HKCU->Run, HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKCU\..\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKLM\..\Policies\Explorer\Run: [servises] C:\Windows\system32\servises.Exe
O4 – HKCU\..\Policies\Explorer\Run: [servises] C:\Windows\system32\servises.Exe

Description: trojan that installed with Antivirus System Pro (rogue antispyware program)

How to remove: use these Antivirus System Pro removal instructions.

avdrive32.exe is Win32.IRCBot worm

Monday, September 7th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: avdrive32
Filename: avdrive32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Driver Setup

Command: C:\WINDOWS\avdrive32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\avdrive32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“Microsoft Driver Setup”=C:\WINDOWS\avdrive32.exe [2009-09-04 81408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Driver Setup]
C:\WINDOWS\avdrive32.exe [2009-09-04 81408]
2009-09-03 21:19:12 —-RSH—- C:\WINDOWS\avdrive32.exe

Description: Win32.IRCBot worm also known as Backdoor.Win32.IRCBot.gen, Worm:Win32/Pushbot

How to remove: use Kaspersky virus removal tool.

waw32.exe is trojan-dropper [Worm.Palevo]

Thursday, August 27th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: waw32
Filename: waw32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | Microsoft Driver Setup

Command: C:\WINDOWS\waw32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\waw32.exe
O4 – HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\waw32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\WINDOWS\waw32.exe [2009-08-20 84992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“Microsoft Driver Setup”=C:\WINDOWS\waw32.exe [2009-08-20 84992]

Description: trojan-dropper, also known as Worm.Palevo

How to remove: use HijackThis + use Malwarebytes` Anti-malware