Archive for the 'Malware' Category
Sunday, May 31st, 2009
This is a harmful program.
Name: PrestoTuneUp
Filename: PrestoTuneUp.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Presto TuneUp
Command: C:\Documents and Settings\All Users\Application Data\b1529a0\PrestoTuneUp.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [Presto TuneUp] “C:\Documents and Settings\All Users\Application Data\b1529a0\PrestoTuneUp.exe” /s /d
Description: Presto Tuneup is a scareware program that uses false system errors to trick you into buying the software.
How to remove: use Malwarebytes Antimalware
Posted in Malware, O4, Run | No Comments »
Friday, March 13th, 2009
This is an harmful program.
Name: diarprof
Filename: diarprof.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [bo0pRSZ3e] diarprof.exe
Description: Unknown malware component
How to remove: Use HijackThis
Posted in Malware, O4, Run | No Comments »
Friday, March 13th, 2009
This is an harmful program.
Name: distus40
Filename: distus40.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [qFrf32V] distus40.exe
Description: Unknown malware component
How to remove: Use HijackThis
Posted in Malware, O4, Run | No Comments »
Saturday, February 28th, 2009
This is an harmful program.
Name: xivop
Filename: xivop.exe
Command: C:\WINDOWS\xivop.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [xivop] C:\WINDOWS\xivop.exe
Description: component of unknown malware
How to remove: Use HijackThis
Posted in Malware, O4, Run | No Comments »
Saturday, February 28th, 2009
This is an harmful program.
Name: qwbqgkxr
Filename: qwbqgkxr.exe
Command: C:\WINDOWS\qwbqgkxr.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [MaG78PfJs] C:\WINDOWS\qwbqgkxr.exe
Description: component of unknown malware
How to remove: Use HijackThis
Posted in Malware, O4, Run | No Comments »
Saturday, February 28th, 2009
This is an harmful program.
CLSID: {69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: (no name) – {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} – (no file)
Combofix/RSIT Line:
Description: part of SPYW_IMISERV.C, looks here
How to remove: Use HijackThis
Posted in BHO, Malware, O2 | No Comments »
Sunday, February 8th, 2009
This is an harmful program.
Name: wjfvju
Startup Type:svchost
Combofix/RSIT Line:
R4 wjfvju;wjfvju;c:\windows\system32\SVCHOST.EXE -k wjfvju [2004-08-18 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
wjfvju REG_MULTI_SZ wjfvju
Description: unknown malware component
Posted in Malware, SvcHost | No Comments »
Sunday, February 8th, 2009
This is an harmful program.
Name: WinHelp3x
Filename: WinHelp3x.exe
Command: c:\windows\system32\WinHelp3x.exe
Startup Type: Service
Combofix/ RSIT Line:
R4 WinHelp3x;Windows Help System;c:\windows\system32\WinHelp3x.exe [2009-01-16 15910]
Description: unknown trojan component
Posted in Malware, Service | No Comments »
Monday, February 2nd, 2009
This is an harmful program.
Name: WinHelp31
Filename: WinHelp31.exe
Command: c:\windows\system32\WinHelp31.exe
Startup Type: Service
RSIT/Combofix Line:
R4 WinHelp31;Windows Help System1;c:\windows\system32\WinHelp31.exe [2009-01-16 41217]
Description: unknown malware
Posted in Malware, Service | No Comments »
Monday, February 2nd, 2009
This is an harmful program.
Name: SafeTest
Filename: SafeTest.exe
Registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SafeTest”=”c:\windows\system32\SafeTest.exe” [2009-01-16 69484]
Command: c:\windows\system32\SafeTest.exe
Startup Type: HKLM->Run
HijackThis Category: O4
Description: unknown malware
Posted in Malware, O4, Run | No Comments »
