Archive for the 'Malware' Category

« Previous Entries
Next Entries »

What is Quick Defragmenter, How to remove Quick Defragmenter

Thursday, November 11th, 2010

Quick Defragmenter is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Quick Defragmenter associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Quick Defragmenter.lnk
%UserProfile%\Start Menu\Programs\Quick Defragmenter\Quick Defragmenter.lnk
%UserProfile%\Start Menu\Programs\Quick Defragmenter\Uninstall Quick Defragmenter.lnk

Quick Defragmenter associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Quick Defragmenter:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Quick Defragmenter is a fake computer defragmenter and optimization application that uses false scan results and fake alerts in order to trick you into purchasing its paid version.

How to remove: use the Quick Defragmenter removal instructions.

Posted in Malware | No Comments »

What is HDD Defragmenter. How to remove HDD Defragmenter

Tuesday, November 2nd, 2010

HDD Defragmenter is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

HDD Defragmenter associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\HDD Defragmenter.lnk
%UserProfile%\Start Menu\Programs\HDD Defragmenter\HDD Defragmenter.lnk
%UserProfile%\Start Menu\Programs\HDD Defragmenter\Uninstall HDD Defragmenter.lnk

HDD Defragmenter associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows HDD Defragmenter:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: HDD Defragmenter is a fake computer defragmenter and optimization tool that uses misleading tactic in order to trick you into purchasing its paid version.

How to remove: use the HDD Defragmenter removal instructions.

Posted in Malware | No Comments »

What is Smart Defragmenter, How to remove Smart Defragmenter

Sunday, October 31st, 2010

Smart Defragmenter is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Smart Defragmenter associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Smart Defragmenter.lnk
%UserProfile%\Start Menu\Programs\Smart Defragmenter\Smart Defragmenter.lnk
%UserProfile%\Start Menu\Programs\Smart Defragmenter\Uninstall Smart Defragmenter.lnk

Smart Defragmenter associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Smart Defragmenter:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Smart Defragmenter is a fake computer defragmenter and optimization tool that uses misleading tactic in order to trick you into purchasing its paid version.

How to remove: use the Smart Defragmenter removal instructions.

Posted in Malware | No Comments »

What is dskclnwiz.dll, How to remove dskclnwiz.dll

Sunday, October 3rd, 2010

dskclnwiz.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: dskclnwiz
Filename: dskclnwiz.dll
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Acronis Toolbar Helper
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Desktop Cleanup Wizard

Command: %AppData%\Desktop Cleanup Wizard\dskclnwiz.dll
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Acronis Toolbar Helper] rundll32.exe “C:\Documents and Settings\Username\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll”, StartProt
O4 – HKCU\..\Run: [Desktop Cleanup Wizard] rundll32.exe “C:\Documents and Settings\Username\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll”, StartProt

DDS Line:

mRun: [Acronis Toolbar Helper] rundll32.exe “C:\Documents and Settings\Username\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll”, StartProt
uRun: [Desktop Cleanup Wizard] rundll32.exe “C:\Documents and Settings\Username\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll”, StartProt

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Acronis Toolbar Helper”=rundll32.exe “C:\Documents and Settings\Username\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll”, StartProt
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Desktop Cleanup Wizard”=rundll32.exe “C:\Documents and Settings\Username\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll”, StartProt

Description: FraudTool.Win32.DiskCleanup.c [Kaspersky Lab], Troj/DskClean-A [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool or the steps below.

1. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Acronis Toolbar Helper”=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Desktop Cleanup Wizard”=-

:files
%AppData%\Desktop Cleanup Wizard\dskclnwiz.dll

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

2. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

Posted in Malware, O4, Run | No Comments »

What is RegistryClever, How to remove RegistryClever

Wednesday, September 15th, 2010

RegistryClever is a harmful program.

remove It is a fake security tool, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

RegistryClever associated files:

C:\Program Files\RegistryClever Software
C:\Program Files\RegistryClever Software\RegistryClever
C:\Program Files\RegistryClever Software\RegistryClever\Styles
C:\Documents and Settings\All Users\Start Menu\Programs\RegistryClever
C:\Documents and Settings\All Users\Application Data\RegistryClever
C:\Documents and Settings\All Users\Application Data\RegistryClever\BackupedItems
C:\Program Files\RegistryClever Software\RegistryClever\RegistryCleverTray.exe
C:\Program Files\RegistryClever Software\RegistryClever\license.txt
C:\Program Files\RegistryClever Software\RegistryClever\RegistryClever.exe
C:\Program Files\RegistryClever Software\RegistryClever\uninstall.exe
C:\Program Files\RegistryClever Software\RegistryClever\Styles\Vista.cjstyles
C:\Documents and Settings\All Users\Start Menu\Programs\RegistryClever\Homepage.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\RegistryClever\RegistryClever.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\RegistryClever\Uninstall.lnk
C:\Documents and Settings\All Users\Application Data\RegistryClever\BackupedItems\items.xml
C:\Documents and Settings\All Users\Desktop\RegistryClever.LNK

RegistryClever associated registry keys and values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistryClever
HKEY_LOCAL_MACHINE\SOFTWARE\RegistryClever
HKEY_CURRENT_USER\Software\RegistryClever
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\trayscan

Core file: RegistryCleverTray.exe
Home folder: %ProgramFiles%\RegistryClever Software
Command: %ProgramFiles%\RegistryClever Software\RegistryClever\RegistryCleverTray.exe
HijackThis shows RegistryClever Line:

O4 – HKCU\..\Run: [TrayScan] “C:\Program Files\RegistryClever Software\RegistryClever\RegistryCleverTray.exe”

Description: fake Windows registry cleaner

How to remove: use the RegistryClever removal guide

Posted in Malware, O4 | No Comments »

What is mmduch.dll, How to remove mmduch.dll

Sunday, September 12th, 2010

mmduch.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mmduch
Filename: mmduch.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9429BB93-2DC8-4C12-83A6-91BF6B374D85}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | bipro

Command: %WinDir%\$NtUninstallMTF1011$\mmduch.dll
CLSID: {9429BB93-2DC8-4C12-83A6-91BF6B374D85}
Startup Type: BHO, HKLM->Run
HijackThis Category: O2, O4
HijackThis Line:

O2 – BHO: Sky-Banners Browser Enhancer mmduch – {9429BB93-2DC8-4C12-83A6-91BF6B374D85} – C:\Windows\$NtUninstallMTF1011$\mmduch.dll
O4 – HKLM\..\Run: [bipro] rundll32 “C:\Windows\$NtUninstallMTF1011$\mmduch.dll”,,Run

DDS Line:

BHO: Sky-Banners Browser Enhancer mmduch: {9429BB93-2DC8-4C12-83A6-91BF6B374D85} – C:\Windows\$NtUninstallMTF1011$\mmduch.dll
mRun: [bipro] “C:\Windows\$NtUninstallMTF1011$\mmduch.dll”,,Run

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9429BB93-2DC8-4C12-83A6-91BF6B374D85}]
Sky-Banners Browser Enhancer mmduch – C:\Windows\$NtUninstallMTF1011$\mmduch.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“bipro”=”C:\Windows\$NtUninstallMTF1011$\mmduch.dll”,,Run

Description: component of Sky-Banners Browser Enhancer malware

How to remove: use HijackThis + Malwarebytes` Anti-malware or the steps below.

1. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9429BB93-2DC8-4C12-83A6-91BF6B374D85}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“bipro”=-

:files
%WinDir%\$NtUninstallMTF1011$\mmduch.dll

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

2. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

Posted in BHO, Malware, O2 | No Comments »

What is dfmcd21.dll, How to remove dfmcd21.dll

Monday, July 26th, 2010

dfmcd21.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: dfmcd21
Filename: dfmcd21.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0098EFCC-12D6-4B0C-B566-E133F6B4941B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{77D30FCF-771E-4EF4-9DCD-69056CA0B517}

Command: C:\WINDOWS\system32\dfmcd21.dll
CLSID: {0098EFCC-12D6-4B0C-B566-E133F6B4941B}, {77D30FCF-771E-4EF4-9DCD-69056CA0B517}
Startup Type: BHO, Microsoft active setup
HijackThis Category: O2
HijackThis Line:

O2 – BHO: – {0098EFCC-12D6-4B0C-B566-E133F6B4941B} – C:\WINDOWS\system32\dfmcd21.dll

DDS Line:

BHO: : {0098EFCC-12D6-4B0C-B566-E133F6B4941B} – C:\WINDOWS\system32\dfmcd21.dll
mASetup: {77D30FCF-771E-4EF4-9DCD-69056CA0B517} – C:\WINDOWS\system32\dfmcd21.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0098EFCC-12D6-4B0C-B566-E133F6B4941B}]
2010-07-14 07:39:17 51200 —-a-w- C:\WINDOWS\system32\dfmcd21.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{77D30FCF-771E-4EF4-9DCD-69056CA0B517}]
2010-07-14 07:39:17 51200 —-a-w- C:\WINDOWS\system32\dfmcd21.dll

Description: malware

How to remove: use the steps below.

1. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0098EFCC-12D6-4B0C-B566-E133F6B4941B}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{77D30FCF-771E-4EF4-9DCD-69056CA0B517}]

:files
%WinDir%\system32\dfmcd21.dll

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

2. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

Posted in BHO, Malware, Microsoft active setup, O2 | No Comments »

What is drwat32.exe, How to remove drwat32.exe

Wednesday, May 19th, 2010

drwat32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: drwat32
Filename: drwat32.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | Dr.Watson

Command: %WinDir%\system32\drwat32.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Policies\Explorer\Run: [Dr.Watson] C:\WINDOWS\system32\drwat32.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“Dr.Watson”=C:\WINDOWS\system32\drwat32.exe

Description: malware

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in Malware, O4, Run | No Comments »

What is microsft.exe, How to remove microsft.exe

Friday, March 5th, 2010

microsft.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: microsft
Filename: microsft.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C77088EB-52B1-173B-F6D5-36B5619926BD}

Command: %Program Files%\whyu\microsft.exe
CLSID: {C77088EB-52B1-173B-F6D5-36B5619926BD}
Startup Type: Microsoft active setup
DDS Line:

mASetup: {C77088EB-52B1-173B-F6D5-36B5619926BD} – C:\Program Files\whyu\microsft.exe s

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C77088EB-52B1-173B-F6D5-36B5619926BD}]
C:\Program Files\whyu\microsft.exe s

Description: malware also known as Mal/VB-Z [Sophos]

How to remove: Registry editor + Kaspersky virus removal tool

Posted in Malware, Microsoft active setup | No Comments »

What is apocalyps32.exe, How to remove apocalyps32.exe

Saturday, January 9th, 2010

apocalyps32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: apocalyps32
Filename: apocalyps32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | apocalyps32

Command: C:\Windows\apocalyps32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [apocalyps32] C:\Windows\apocalyps32.exe

DDS Line:

mRun: [apocalyps32] C:\Windows\apocalyps32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“apocalyps32″=C:\Windows\apocalyps32.exe

Description: malware also known as Mal/Behav-328, Mal/Dropper-G, Mal/Behav-053 [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in Malware, O4, Run | No Comments »

« Previous Entries
Next Entries »