Archive for the 'Run' Category

What is YVIBBBHA8C, How to remove YVIBBBHA8C

Tuesday, April 6th, 2010

YVIBBBHA8C is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: YVIBBBHA8C
Filename: [random 3 characters].exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | YVIBBBHA8C

Command: %Temp%\[random 3 characters].exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [YVIBBBHA8C] C:\DOCUME~1\user\LOCALS~1\Tem\Lpw.exe

DDS Line:

uRun: [YVIBBBHA8C] C:\DOCUME~1\user\LOCALS~1\Temp\Lpw.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“YVIBBBHA8C”=C:\DOCUME~1\user\LOCALS~1\Temp\Lpw.exe

Description: a trojan that also known as Downloader-CEW [McAfee], Mal/FakeAV-CX, Mal/FakeAV-CO [Sophos]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is urpprot.exe, How to remove urpprot.exe

Friday, April 2nd, 2010

urpprot.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: urpprot
Filename: urpprot.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Your Protection

Command: C:\Program Files\Your Protection\urpprot.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Your Protection] “C:\Program Files\Your Protection\urpprot.exe” -noscan

DDS Line:

uRun: [Your Protection] C:\Program Files\Your Protection\urpprot.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Your Protection”=C:\Program Files\Your Protection\urpprot.exe

Description: core component of Your Protection. Your Protection is a rogue antispyware program.

How to remove: use these Your Protection removal instructions.

What is mplay32xe.exe, How to remove mplay32xe.exe

Friday, April 2nd, 2010

mplay32xe.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mplay32xe
Filename: mplay32xe.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | mplay32xe.exe

Command: %Temp%\mplay32xe.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [mplay32xe.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\mplay32xe.exe

DDS Line:

uRun: [mplay32xe.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\mplay32xe.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“mplay32xe.exe”=C:\DOCUME~1\comp\LOCALS~1\Temp\mplay32xe.exe

Description: trojan FakeAlert that installed with Your Protection. Your Protection is a rogue antispyware program.

How to remove: use these Your Protection removal instructions.

What is fontviewxp.exe, How to remove fontviewxp.exe

Saturday, March 27th, 2010

fontviewxp.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: fontviewxp
Filename: fontviewxp.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | fontviewxp.exe

Command: %Tenp%\fontviewxp.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [fontviewxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\fontviewxp.exe

DDS Line:

uRun: [fontviewxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\fontviewxp.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“fontviewxp.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\fontviewxp.exe

Description: a trojan fakeAlert that shows a lot of fake security alerts and installed with User Protection onto your computer. User Protection is a rogue antispyware program.

How to remove: use these User Protection removal instructions.

What is ccagent.exe, How to remove ccagent.exe

Friday, March 26th, 2010

ccagent.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ccagent
Filename: ccagent.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ccagent.exe

Command: C:\Documents and Settings\user\Application Data\Control Components\ccagent.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [ccagent.exe] C:\Documents and Settings\user\Application Data\Control Components\ccagent.exe

DDS Line:

uRun: [ccagent.exe] C:\Documents and Settings\user\Application Data\Control Components\ccagent.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ccagent.exe”=C:\Documents and Settings\user\Application Data\Control Components\ccagent.exe

Description: core component of Control Components (also known as Control Center). Control Components is a fake Windows optimization program.

How to remove: use these Control Components removal instructions.

What is bill105.exe, How to remove bill105.exe

Friday, March 26th, 2010

bill105.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: bill105
Filename: bill105.exe
Registry key:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: %Windir%\bill105.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\bill105.exe

DDS Line:

mRun: [sysfbtray] C:\windows\bill105.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\bill105.exe

Description: a component of koobface worm

How to remove: use these koobface removal instructions.

Security Guard – SG[random].exe

Wednesday, March 24th, 2010

Security Guard – SG[random].exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SG[random]
Filename: SG[random].exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Security Guard

Command: C:\Documents and Settings\All Users\Application Data\17c1f\SGf9a.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Security Guard] “C:\Documents and Settings\All Users\Application Data\17c1f\SGf9a.exe” /s /d

DDS Line:

uRun: [Security Guard] C:\Documents and Settings\All Users\Application Data\17c1f\SGf9a.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Security Guard”=C:\Documents and Settings\All Users\Application Data\17c1f\SGf9a.exe

Description: core component of Security Guard. Security Guard is a rogue antispyware progrm.

How to remove: use these Security Guard removal instructions.

What is diskperfxp.exe, How to remove diskperfxp.exe

Sunday, March 21st, 2010

diskperfxp.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: diskperfxp
Filename: diskperfxp.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | diskperfxp.exe

Command: %UserProfile%\LOCALS~1\Temp\diskperfxp.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [diskperfxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\diskperfxp.exe

DDS Line:

uRun: [diskperfxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\diskperfxp.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“diskperfxp.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\diskperfxp.exe

Description: trojan fakeAlert that displays a lot fake security alerts and downloads and installs User Protection onto your computer. User Protection is a rogue antispyware program.

How to remove: use these User Protection removal instructions.

What is WEK9EMDHI9, How to remove WEK9EMDHI9

Saturday, March 20th, 2010

WEK9EMDHI9 is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: WEK9EMDHI9
Filename: [ranndom].exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WEK9EMDHI9

Command: C:\WINDOWS\Bhihuc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [WEK9EMDHI9] C:\WINDOWS\Bhihuc.exe

DDS Line:

uRun: [WEK9EMDHI9] C:\WINDOWS\Bhihuc.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“WEK9EMDHI9″=C:\WINDOWS\Bhihuc.exe [2010-03-15 40448]

Description: trojan FakeAlert

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is usrprot.exe, How to remove usrprot.exe

Friday, March 19th, 2010

usrprot.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: usrprot
Filename: usrprot.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | User Protection

Command: C:\Program Files\User Protection\usrprot.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [User Protection] “C:\Program Files\User Protection\usrprot.exe” -noscan

DDS Line:

uRun: [User Protection] C:\Program Files\User Protection\usrprot.exe

Combofix/RSIT Line:

<[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "User Protection"=C:\Program Files\User Protection\usrprot.exe

Description: core component of User Protection. User Protection is a rogue antispyware program.

How to remove: use these User Protection removal instructions.