Archive for the 'Run' Category

What is SecurePcAv.exe, How to remove SecurePcAv.exe

Tuesday, February 9th, 2010

SecurePcAv.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SecurePcAv
Filename: SecurePcAv.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SecurePcAv

Command: C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SecurePcAv] C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe -min

DDS Line:

uRun: [SecurePcAv] C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SecurePcAv”=C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe

Description: core component of SecurePcAv. SecurePcAv is a rogue antispyware program.

How to remove: use these SecurePcAv removal instructions.

What is advanceddefender.exe, How to remove advanceddefender.exe

Tuesday, February 9th, 2010

advanceddefender.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: advanceddefender
Filename: advanceddefender.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | advanceddefender

Command: C:\Program Files\Advanced Defender\advanceddefender.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [advanceddefender] C:\Program Files\Advanced Defender\advanceddefender.exe

DDS Line:

mRun: [advanceddefender] C:\Program Files\Advanced Defender\advanceddefender.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“advanceddefender”=C:\Program Files\Advanced Defender\advanceddefender.exe

Description: core component of Advanced Defender. Advanced Defender is a rogue antispyware program.

How to remove: use these Advanced Defender removal instructions.

What is pav.exe, How to remove pav.exe

Monday, February 8th, 2010

pav.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: pav
Filename: pav.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Paladin Antivirus

Command: C:\Program Files\Paladin Antivirus\pav.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Paladin Antivirus] “C:\Program Files\Paladin Antivirus\pav.exe” -noscan

DDS Line:

uRun: [Paladin Antivirus] “C:\Program Files\Paladin Antivirus\pav.exe” -noscan

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Paladin Antivirus”=C:\Program Files\Paladin Antivirus\pav.exe

Description: core component of Paladin Antivirus. Paladin Antivirus is a rogue antispyware program.

How to remove: use these Paladin Antivirus removal instructions.

What is freddy84.exe, How to remove freddy84.exe

Sunday, February 7th, 2010

freddy84.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy84
Filename: freddy84.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy84.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy84.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy84.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy84.exe

Description: part of koobface worm

How to remove: use these koobface removal instructions.

What is SafePcAv.exe, How to remove SafePcAv.exe

Friday, February 5th, 2010

SafePcAv.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: SafePcAv
Filename: SafePcAv.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SafePcAv

Command: C:\Program Files\SafePcAv Software\SafePcAv\SafePcAv.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SafePcAv] C:\Program Files\SafePcAv Software\SafePcAv\SafePcAv.exe -min

DDS Line:

uRun: [SafePcAv] C:\Program Files\SafePcAv Software\SafePcAv\SafePcAv.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SafePcAv”=C:\Program Files\SafePcAv Software\SafePcAv\SafePcAv.exe

Description: core part of SafePcAv. SafePcAv is a rogue antispyware program.

How to remove: use these SafePcAv removal instructions.

What is adgamma.exe, How to remove adgamma.exe

Wednesday, February 3rd, 2010

adgamma.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: adgamma
Filename: adgamma.exe
Registry key:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | Adobe Loader

Command: C:\Program Files\adgamma.exe
Startup Type: HKUS->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKUS\S-1-5-18\..\Run: [Adobe Loader] C:\Program Files\adgamma.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [Adobe Loader] C:\Program Files\adgamma.exe (User ‘Default user’)

Combofix/RSIT Line:

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“Adobe Loader”=”c:\program files\adgamma.exe” [2010-02-02 39936]

Description: trojan-downloader that installed with Your PC Protector. Your PC Protector is a rogue antispyware program.

How to remove: use these Your PC Protector removal instructions.

What is GuardWWW.exe, How to remove GuardWWW.exe

Wednesday, February 3rd, 2010

GuardWWW.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: GuardWWW
Filename: GuardWWW.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | GuardWWW

Command: C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [GuardWWW] C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe -min

DDS Line:

uRun: [GuardWWW] C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“GuardWWW”=C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe

Description: core component of GuardWWW. GuardWWW is a rogue antispyware program.

How to remove: use these GuardWWW removal instructions.

Antivirus Soft – [random]sysguard.exe

Saturday, January 30th, 2010

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: [random]sysguard
Filename: [random]sysguard.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | [random]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | [random]

Command: %UserProfile%\Local Settings\Application Data\[random]\[random]sysguard.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
O4 – HKCU\..\Run: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

DDS Line:

mRun: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
uRun: [random] C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“[random]“=C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“[random]“=C:\Documents and Settings\user\Local Settings\Application Data\[random]\[random]sysguard.exe

Description: core part of Antivirus Soft. Antivirus Soft is a rogue antispyware program.

How to remove: use these Antivirus Soft removal instructions.

What is extrac64_cab.exe, How to remove extrac64_cab.exe

Saturday, January 30th, 2010

extrac64_cab.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: extrac64_cab
Filename: extrac64_cab.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | extrac64_cab.exe

Command: %UserProfile%\temp\extrac64_cab.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [extrac64_cab.exe] C:\DOCUME~1\user\LOCALS~1\Temp\extrac64_cab.exe

DDS Line:

uRun: [extrac64_cab.exe] c:\dokume~1\user\lokale~1\temp\extrac64_cab.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“extrac64_cab.exe”=c:\dokume~1\user\lokale~1\temp\extrac64_cab.exe

Description: new variant of cls_pack.exe trojan. It also known as HeurEngine.MaliciousPacker [PCTools], Packed.Generic.277 [Symantec], Trojan-Downloader.Win32.FraudLoad.wxry [Kaspersky Lab], Mal/Generic-A [Sophos], Trojan-Downloader.Win32.FraudLoad [Ikarus]

How to remove: use these extrac64_cab.exe removal instructions.

What is MyPcSecure.exe, How to remove MyPcSecure.exe

Saturday, January 30th, 2010

MyPcSecure.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: MyPcSecure
Filename: MyPcSecure.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | MyPcSecure

Command: C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [MyPcSecure] C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe -min

DDS Line:

uRun: [MyPcSecure] C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“MyPcSecure”=C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe

Description: core part of MyPcSecure. MyPcSecure is a rogue antispyware program.

How to remove: use these MyPcSecure removal instructions.