Archive for the 'Run' Category

What is TOY5KNQ8OC, How to remove TOY5KNQ8OC

Friday, March 5th, 2010

TOY5KNQ8OC is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: TOY5KNQ8OC
Filename: [random 3 characters].ex
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TOY5KNQ8OC

Command: %UserProfile%\LOCALS~1\Temp\[random 3 characters].exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\user\LOCALS~1\Temp\Xb1.exe

DDS Line:

uRun: [TOY5KNQ8OC] C:\DOCUME~1\user\LOCALS~1\Temp\Xb1.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“TOY5KNQ8OC”=C:\DOCUME~1\user\LOCALS~1\Temp\Xb1.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is syre32.exe, How to remove syre32.exe

Thursday, March 4th, 2010

syre32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: syre32
Filename: syre32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | syre32

Command: C:\WINDOWS\system32\syre32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [syre32] C:\WINDOWS\system32\syre32.exe

DDS Line:

mRun: [syre32] C:\WINDOWS\system32\syre32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“syre32″=C:\WINDOWS\system32\syre32.exe

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

What is cleansweep.exe, How to remove cleansweep.exe

Thursday, March 4th, 2010

cleansweep.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: cleansweep
Filename: cleansweep.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cleansweep.exe

Command: C:\cleansweep.exe\cleansweep.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe

DDS Line:

uRun: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cleansweep.exe”=C:\cleansweep.exe\cleansweep.exe

Description: trojan also known as Trojan.Spyeye [PCTools], Trojan.Spyeye [Symantec], Trojan-Spy.Win32.SpyEyes.h [Kaspersky Lab], BackDoor-Spyeye [McAfee], Mal/Spyeye-A, Mal/Spyeye-A [Sophos], Trojan:Win32/Spyeye.B [Microsoft],

How to remove: use HijackThis + Kaspersky virus removal tool

What is drguard.exe, How to remove drguard.exe

Sunday, February 28th, 2010

drguard.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: drguard
Filename: drguard.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Dr. Guard

Command: C:\Program Files\Dr. Guard\drguard.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Dr. Guard] “C:\Program Files\Dr. Guard\drguard.exe” -noscan

DDS Line:

uRun: [Dr. Guard] C:\Program Files\Dr. Guard\drguard.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Dr. Guard”=C:\Program Files\Dr. Guard\drguard.exe

Description: core component of Dr. Guard. Dr. Guard is a rogue antispyware program.

How to remove: use these Dr. Guard removal instructions.

What is asr64_ldm.exe, How to remove asr64_ldm.exe

Sunday, February 28th, 2010

asr64_ldm.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: asr64_ldm
Filename: asr64_ldm.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | asr64_ldm.exe

Command: %UserProfile%\LOCALS~1\Temp\asr64_ldm.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [asr64_ldm.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\asr64_ldm.exe

DDS Line:

uRun: [asr64_ldm.exe] C:\DOCUME~1\user\LOCALS~1\Temp\asr64_ldm.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“asr64_ldm.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\asr64_ldm.exe

Description: trojan fakeAlert that installed with Dr. Guard. Dr. Guard is a rogue antispyware program.

How to remove: use these Dr. Guard removal instructions.

What is msdtctr.exe, How to remove msdtctr.exe

Thursday, February 25th, 2010

msdtctr.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: msdtctr
Filename: msdtctr.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | msdtctr.exe

Command: %UserProfile%\LOCALS~1\Temp\msdtctr.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [msdtctr.exe] C:\DOCUME~1\user\LOCALS~1\Temp\msdtctr.exe

DDS Line:

uRun: [msdtctr.exe] C:\DOCUME~1\user\LOCALS~1\Temp\msdtctr.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“msdtctr.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\msdtctr.exe

Description: trojan FakeAlert that once started, will download and install Paladin Antivirus. Paladin Antivirus is a rogue antispyware program.

How to remove: use these Paladin Antivirus removal instructions.

What is jjdrive32.exe, How to remove jjdrive32.exe

Tuesday, February 23rd, 2010

jjdrive32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: jjdrive32
Filename: jjdrive32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Update Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Update Setup

Command: %Windir%\jjdrive32.exe
Startup Type: HKLM->Run, HKLM->Policies\Explorer\Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Update Setup] C:\Windows\jjdrive32.exe
O4 – HKLM\..\policies\Explorer\Run: [Microsoft Update Setup] C:\Windows\jjdrive32.exe

DDS Line:

mRun: [Microsoft Update Setup] C:\Windows\jjdrive32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Update Setup”=C:\Windows\jjdrive32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
“Microsoft Update Setup”=C:\Windows\jjdrive32.exe

Description: worm also known as Net-Worm.Spybot [PCTools], W32.Spybot.Worm [Symantec], Net-Worm.Win32.Kolab.fem [Kaspersky Lab], W32/Kolab [McAfee], Mal/Generic-A [Sophos], Worm:Win32/Pushbot.OF [Microsoft]

How to remove: use HijackThis + Kaspersky virus removal tool

Virus Protector – [RANDOM].exe

Saturday, February 20th, 2010

Virus Protector is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: [RANDOM]
Filename: [RANDOM].exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Virus Protector

Command: [Path]\[RANDOM].exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Virus Protector] [Path]\[RANDOM].exe

DDS Line:

uRun: [Virus Protector] [Path]\[RANDOM].exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Virus Protector”=[Path]\[RANDOM].exe

Description: component of Virus Protector. Virus Protector is a rogue antispyware program.

How to remove: use these Virus Protector removal instructions.

What is Antimalware Doctor.exe, How to remove Antimalware Doctor.exe

Saturday, February 20th, 2010

Antimalware Doctor.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Antimalware Doctor
Filename: Antimalware Doctor.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Antimalware Doctor.exe

Command: C:\Windows\System32\Antimalware Doctor.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Antimalware Doctor.exe] C:\Windows\System32\Antimalware Doctor.exe

DDS Line:

uRun: [Antimalware Doctor.exe] C:\Windows\System32\Antimalware Doctor.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Antimalware Doctor.exe”=C:\Windows\System32\Antimalware Doctor.exe

Description: core component of Antimalware Doctor. Antimalware Doctor is a rogue antispyware program.

How to remove: use these Antimalware Doctor removal instructions.

What is eventcreatexp.exe, How to remove eventcreatexp.exe

Friday, February 19th, 2010

eventcreatexp.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: eventcreatexp
Filename: eventcreatexp.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | eventcreatexp.exe

Command: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eventcreatexp.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [eventcreatexp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eventcreatexp.exe

DDS Line:

uRun: [eventcreatexp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eventcreatexp.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“eventcreatexp.exe”=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eventcreatexp.exe

Description: trojan FakeAlert that installed with Paladin Antivirus. Paladin Antivirus is a rogue antispyware program.

How to remove: use these Paladin Antivirus removal instructions.