Archive for the 'Run' Category
Tuesday, November 17th, 2009
WinESuite.exe is a harmful program.
Name: WinESuite
Filename: WinESuite.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WES
Command: C:\Documents and Settings\All Users\Application Data\1817442\WinESuite.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [WES] “C:\Documents and Settings\All Users\Application Data\1817442\WinESuite.exe” /s
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“WES”=C:\Documents and Settings\All Users\Application Data\1817442\WinESuite.exe /s
Description: component of Enterprise Suite. Enterprise Suite is a rogue antispyware program.
How to remove: use these Enterprise Suite removal instructions.
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Tuesday, November 17th, 2009
freddy74.exe is a harmful program.
Name: freddy74
Filename: freddy74.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray
Command: C:\windows\freddy74.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy74.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy74.exe
Description: part of Koobface worm
How to remove: use HijackThis +Malwarebytes` Anti-malware
Posted in O4, Run, Worm | No Comments »
Tuesday, November 17th, 2009
wow64main.exe is a harmful program.
Name: wow64main
Filename: wow64main.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | wow64main.exe
Command: %Temp%\wow64main.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [wow64main.exe] %Temp%\wow64main.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“wow64main.exe”=%Temp%\wow64main.exe [2009-10-25 1146880]
Description: trojan that installed with rogue antispyware programs
How to remove: use HijackThis + Malwarebytes` Anti-malware
Posted in O4, Run, Trojan | No Comments »
Tuesday, November 17th, 2009
personalprotector.exe is a harmful program.
Name: personalprotector
Filename: personalprotector.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | personalprotector
Command: C:\Program Files\Personal Protector\personalprotector.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [personalprotector] C:\Program Files\Personal Protector\personalprotector.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“personalprotector”=C:\Program Files\Personal Protector\personalprotector.exe [2009-11-17 1012736]
Description: core part of Personal Protector. Personal Protector is a rogue antispyware program.
How to remove: use these Personal Protector removal instructions.
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Monday, November 16th, 2009
LinkSafeness.exe is a harmful program.
Name: LinkSafeness
Filename: LinkSafeness.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | LinkSafeness
Command: C:\Program Files\LinkSafeness Software\LinkSafeness\LinkSafeness.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [LinkSafeness] C:\Program Files\LinkSafeness Software\LinkSafeness\LinkSafeness.exe -min
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“LinkSafeness”=C:\Program Files\LinkSafeness Software\LinkSafeness\LinkSafeness.exe [2009-11-17 1634304]
Description: core file of LinkSafeness. LinkSafeness is a fake security program also known as rogue antispyware.
How to remove: use these LinkSafeness removal instructions.
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Wednesday, November 11th, 2009
AntiAID.exe is a harmful program.
Name: AntiAID
Filename: AntiAID.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiAID
Command: C:\Program Files\AntiAID Software\AntiAID\AntiAID.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [AntiAID] C:\Program Files\AntiAID Software\AntiAID\AntiAID.exe -min
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiAID”=C:\Program Files\AntiAID Software\AntiAID\AntiAID.exe [2009-11-12 1634304]
Description: core part of AntiAID. AntiAID is a rogue antispyware program from WiniGuard scareware family.
How to remove: use these AntiAID removal instructions.
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Wednesday, November 11th, 2009
mstre22.exe is a harmful program.
Name: mstre22
Filename: mstre22.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SySmstray
Command: C:\Windows\mstre22.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [SySmstray] C:\Windows\mstre22.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“SySmstray”=C:\Windows\mstre22.exe
Description: part of Koobface worm
How to remove: use HijackThis + Malwarebytes` Anti-malware
Posted in O4, Run, Worm | No Comments »
Tuesday, November 10th, 2009
SystemWarrior.exe is a harmful program.
Name: SystemWarrior
Filename: SystemWarrior.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SystemWarrior
Command: C:\Program Files\SystemWarrior Software\SystemWarrior\SystemWarrior.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [SystemWarrior] “C:\Program Files\SystemWarrior Software\SystemWarrior\SystemWarrior.exe” -min
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“SystemWarrior”=C:\Program Files\SystemWarrior Software\SystemWarrior\SystemWarrior.exe [2009-11-11 742400]
Description: core part of SystemWarrior. SystemWarrior is a rogue antispyware program.
How to remove: use these SystemWarrior removal instructions.
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Tuesday, November 10th, 2009
antimalware.exe is a harmful program.
Name: antimalware
Filename: antimalware.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiMalware
Command: C:\Program Files\AntiMalware\antimalware.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [AntiMalware] “C:\Program Files\AntiMalware\antimalware.exe” -noscan
Combofix/RSIT Line:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiMalware”=C:\Program Files\AntiMalware\antimalware.exe [2009-11-10 1572864]
Description: core component of AntiMalware. AntiMalware is a rogue antispyware program.
How to remove: use these AntiMalware removal instructions.
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Sunday, November 8th, 2009
SystemFighter.exe is a harmful program.
Name: SystemFighter
Filename: SystemFighter.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SystemFighter
Command: C:\Program Files\SystemFighter Software\SystemFighter\SystemFighter.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [SystemFighter] “C:\Program Files\SystemFighter Software\SystemFighter\SystemFighter.exe” -min
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“SystemFighter”=C:\Program Files\SystemFighter Software\SystemFighter\SystemFighter.exe [2009-11-09 784896]
Description: core component of SystemFighter. SystemFighter is a rogue antispyware program.
How to remove: use these SystemFighter removal instructions.
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
