HT Logs. Tips, FAQs, Analyze.

REAnti.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: REAnti
Filename: REAnti.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | REAnti.exe

Command: C:\Program Files\REAnti Software\REAnti\REAnti.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [REAnti.exe] C:\Program Files\REAnti Software\REAnti\REAnti.exe

DDS Line:

uRun: [REAnti.exe] C:\Program Files\REAnti Software\REAnti\REAnti.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“REAnti.exe”=C:\Program Files\REAnti Software\REAnti\REAnti.exe [2009-11-27 1638400]

Description: core component of REAnti. REAnti is a rogue antispyware program

How to remove: use these REAnti removal instructions.

KeepCop.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: KeepCop
Filename: KeepCop.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | KeepCop

Command: C:\Program Files\KeepCop Software\KeepCop\KeepCop.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [KeepCop] C:\Program Files\KeepCop Software\KeepCop\KeepCop.exe -min

DDS Line:

uRun: [KeepCop] C:\Program Files\KeepCop Software\KeepCop\KeepCop.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“KeepCop”=C:\Program Files\KeepCop Software\KeepCop\KeepCop.exe

Description: core component of KeepCop. KeepCop is a rogue antispyware program.

How to remove: use these KeepCop removal instructions.

alpha.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: alpha
Filename: alpha.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AAntivirus

Command: C:\Program Files\AAntivirus\alpha.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AAntivirus] C:\Program Files\AAntivirus\alpha.exe

DDS Line:

uRun: [AAntivirus] C:\Program Files\AAntivirus\alpha.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AAntivirus”=C:\Program Files\AAntivirus\alpha.exe

Description: core component of Alpha Antivirus. Alpha Antivirus is a rogue antispyware program.

How to remove: use these Alpha Antivirus removal instructions.

vec.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: vec
Filename: vec.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | mxcll

Command: C:\Documents and Settings\All Users\Application Data\eca\vec.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [mxcll] C:\Documents and Settings\All Users\Application Data\eca\vec.exe

DDS Line:

mRun: [mxcll] C:\Documents and Settings\All Users\Application Data\eca\vec.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“mxcll”=C:\Documents and Settings\All Users\Application Data\eca\vec.exe

Description: core component of Eco AntiVirus 2010. Eco AntiVirus 2010 is a rogue antispyware program.

How to remove: use these Eco AntiVirus 2010 removal instructions.

mstre24.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: mstre24
Filename: mstre24.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SySmstray

Command: C:\windows\mstre24.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [SySmstray] C:\windows\mstre24.exe

DDS Line:

mRun: [SySmstray] c:\windows\mstre24.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“SySmstray”=c:\windows\mstre24.exe

Description: component of Koobface worm

How to remove: use HijackThis + Malwarebytes` Anti-malware

winupdate86.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winupdate86
Filename: winupdate86.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | winupdate86.exe

Command: C:\WINDOWS\system32\winupdate86.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“winupdate86.exe”=C:\WINDOWS\system32\winupdate86.exe

Description: trojan agent that installed with winhelper86.dll, winlogon86.exe trojans and Advanced Virus Remover (rogue antispyware program) and shows fake spyware alerts

How to remove: use these winhelper86.dll, winupdate86.exe, winlogon86.exe removal instructions.

AVR.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AVR
Filename: AVR.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Advanced Virus Remover

Command: C:\Program Files\AdvancedVirusRemover\AVR.exe
CLSID: clsid
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\AVR.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Advanced Virus Remover”=C:\Program Files\AdvancedVirusRemover\AVR.exe

Description: core part of Advanced Virus Remover. Advanced Virus Remover is a rogue anti-spyware program.

How to remove: use these Advanced Virus Remover removal instructions.

freddy75.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy75
Filename: freddy75.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy75.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy75.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy75.exe

Description: component of Koobface worm.

How to remove: use these Koobface removal instructions.

AntiVirus Plus.1.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiVirus Plus.1
Filename: AntiVirus Plus.1.dll
Registry key:

Command: %UserProfile%\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll
CLSID: {C2B5AAB8-2183-4be7-81A6-F11493C45872}
Startup Type:
HijackThis Category:
HijackThis Line:

O2 – BHO: Antivirus Plus BHO – {C2B5AAB8-2183-4be7-81A6-F11493C45872} – C:\Documents and Settings\comp\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll
O4 – HKLM\..\Run: [AntiVirus Plus] “C:\WINDOWS\system32\rundll32.exe” “C:\Documents and Settings\comp\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll”, start 1
O4 – HKCU\..\Run: [AntiVirus Plus] “C:\WINDOWS\system32\rundll32.exe” “C:\Documents and Settings\comp\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll”, start 1

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}]
Antivirus Plus BHO – C:\Documents and Settings\user\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll [2009-11-19 2453504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiVirus Plus”=C:\Documents and Settings\user\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll [2009-11-19 2453504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiVirus Plus”=C:\Documents and Settings\user\Application Data\AntiVirus Plus\AntiVirus Plus.1.dll [2009-11-19 2453504]

Description: component of AntiVirus Plus. AntiVirus Plus is a rogue antispyware program.

How to remove: use these AntiVirus Plus removal instructions.

SecureKeeper.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SecureKeeper
Filename: SecureKeeper.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SecureKeeper

Command: C:\Program Files\SecureKeeper Software\SecureKeeper\SecureKeeper.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SecureKeeper] C:\Program Files\SecureKeeper Software\SecureKeeper\SecureKeeper.exe -min

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SecureKeeper”=C:\Program Files\SecureKeeper Software\SecureKeeper\SecureKeeper.exe -min

Description: core part of SecureKeeper. SecureKeeper is a rogue antispyware program.

How to remove: use these SecureKeeper removal instructions.