Archive for the 'Winlogon\Shell' Category

What is lgou.rlo, How to remove lgou.rlo

Friday, April 2nd, 2010

lgou.rlo is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: lgou
Filename: lgou.rlo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe lgou.rlo nhemkk
Startup Type: Winlogon\Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe lgou.rlo nhemkk

Description: component of Bredolab trojan, also known as Trojan-Downloader.Win32.Agent.dkld [Kaspersky Lab], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is nnfj.tqo, How to remove nnfj.tqo

Tuesday, March 23rd, 2010

nnfj.tqo is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: nnfj
Filename: nnfj.tqo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe nnfj.tqo nhemkk
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe nnfj.tqo nhemkk

Description: trojan also known as Trojan.Win32.Sasfis.ajil [Kaspersky Lab], SpyAgent-br.dll [McAfee], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft], Win-Trojan/Xema.variant [AhnLab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is nynw.wmo, How to remove nynw.wmo

Thursday, March 4th, 2010

nynw.wmo is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: nynw
Filename: nynw.wmo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command:Explorer.exe rundll32.exe nynw.wmo mynleeq
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=”Explorer.exe rundll32.exe nynw.wmo mynleeq”

Description: trojan also known as Trojan.Sasfis [PCTools], Trojan.Sasfis [Symantec], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is ccmain.exe, How to remove ccmain.exe

Saturday, February 13th, 2010

ccmain.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ccmain
Filename: ccmain.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: %UserProfile%\Application Data\Control-Center\ccagent.exe
Startup Type: Winlogon\Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: %UserProfile%\Application Data\Control-Center\ccagent.exe

Description: core component of Control Center. Control Center isa fake Windows optimization program.

How to remove: use these Control Center removal instructions.

What is cc.exe, How to remove cc.exe

Monday, November 16th, 2009

cc.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: cc
Filename: cc.exe
Registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: %UserProfile%\Application Data\CC\cc.exe
Startup Type: Winlogon\Shell
MalwareBytes Anti-malware shows this infection:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Documents and Settings\user\Application Data\CC\cc.exe) Good: (Explorer.exe)

Description: part of Control Center. Control Center is a fake Windows optimization application.

How to remove: use these Control Center removal instructions.