Archive for the 'Threats' Category

« Previous Entries
Next Entries »

What is overlapp32.dll, How to remove overlapp32.dll

Friday, March 5th, 2010

overlapp32.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: overlapp32
Filename: overlapp32.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck

Command: %Windir%\System32\overlapp32.dll
CLSID: {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: WebCheck – {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C} – overlapp32.dll

DDS Line:

SSODL: WebCheck – {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C} – overlapp32.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck – {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C} – overlapp32.dll

Description: trojan also known as Trojan-PSW.Generic [PCTools], Infostealer [Symantec], Downloader-BZS [McAfee], Trojan.KeyLogger.4260 [DrWEB], Win32:Malware-gen [AVAST]

How to remove: use HijackThis +Kaspersky virus removal tool

Posted in O21, ShellServiceObjectDelayLoad, Trojan | No Comments »

What is microsft.exe, How to remove microsft.exe

Friday, March 5th, 2010

microsft.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: microsft
Filename: microsft.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C77088EB-52B1-173B-F6D5-36B5619926BD}

Command: %Program Files%\whyu\microsft.exe
CLSID: {C77088EB-52B1-173B-F6D5-36B5619926BD}
Startup Type: Microsoft active setup
DDS Line:

mASetup: {C77088EB-52B1-173B-F6D5-36B5619926BD} – C:\Program Files\whyu\microsft.exe s

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C77088EB-52B1-173B-F6D5-36B5619926BD}]
C:\Program Files\whyu\microsft.exe s

Description: malware also known as Mal/VB-Z [Sophos]

How to remove: Registry editor + Kaspersky virus removal tool

Posted in Malware, Microsoft active setup | No Comments »

What is amht.xfo, How to remove amht.xfo

Friday, March 5th, 2010

amht.xfo is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: amht
Filename: amht.xfo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe amht.xfo kixxkk
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe amht.xfo kixxkk

Description: trojan also known as Trojan.Sasfis [PCTools], Trojan.Sasfis [Symantec], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

What is RTHDBPL, How to remove RTHDBPL

Friday, March 5th, 2010

RTHDBPL is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: RTHDBPL
Filename: lsass.exe
Registry key:

Command: %userProfile%\Application Data\SystemProc\lsass.exe
CLSID: clsid
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\user\Application Data\SystemProc\lsass.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“RTHDBPL”=C:\Documents and Settings\user\Application Data\SystemProc\lsass.exe

Description: trojan also known as Trojan.Gen [Symantec], Mal/VBInject-D [Sophos], WORM_BUZUS.EHM [TrendMicro]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

What is TOY5KNQ8OC, How to remove TOY5KNQ8OC

Friday, March 5th, 2010

TOY5KNQ8OC is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: TOY5KNQ8OC
Filename: [random 3 characters].ex
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TOY5KNQ8OC

Command: %UserProfile%\LOCALS~1\Temp\[random 3 characters].exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\user\LOCALS~1\Temp\Xb1.exe

DDS Line:

uRun: [TOY5KNQ8OC] C:\DOCUME~1\user\LOCALS~1\Temp\Xb1.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“TOY5KNQ8OC”=C:\DOCUME~1\user\LOCALS~1\Temp\Xb1.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

What is syre32.exe, How to remove syre32.exe

Thursday, March 4th, 2010

syre32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: syre32
Filename: syre32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | syre32

Command: C:\WINDOWS\system32\syre32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [syre32] C:\WINDOWS\system32\syre32.exe

DDS Line:

mRun: [syre32] C:\WINDOWS\system32\syre32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“syre32″=C:\WINDOWS\system32\syre32.exe

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, Trojan | No Comments »

What is cleansweep.exe, How to remove cleansweep.exe

Thursday, March 4th, 2010

cleansweep.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: cleansweep
Filename: cleansweep.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cleansweep.exe

Command: C:\cleansweep.exe\cleansweep.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe

DDS Line:

uRun: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cleansweep.exe”=C:\cleansweep.exe\cleansweep.exe

Description: trojan also known as Trojan.Spyeye [PCTools], Trojan.Spyeye [Symantec], Trojan-Spy.Win32.SpyEyes.h [Kaspersky Lab], BackDoor-Spyeye [McAfee], Mal/Spyeye-A, Mal/Spyeye-A [Sophos], Trojan:Win32/Spyeye.B [Microsoft],

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, Trojan | No Comments »

What is nynw.wmo, How to remove nynw.wmo

Thursday, March 4th, 2010

nynw.wmo is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: nynw
Filename: nynw.wmo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command:Explorer.exe rundll32.exe nynw.wmo mynleeq
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=”Explorer.exe rundll32.exe nynw.wmo mynleeq”

Description: trojan also known as Trojan.Sasfis [PCTools], Trojan.Sasfis [Symantec], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in F2, Trojan, Winlogon\Shell | No Comments »

What is _VOIDd.sys, How to remove _VOIDd.sys

Thursday, March 4th, 2010

_VOIDd.sys is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: _VOID[random]
Filename: _VOID[random].sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\_VOIDd.sys

Command: %WinDir%\system32\drivers\_VOID[random].sys
Startup Type: Hidden driver
RootRepeal log line:

Service Name: _VOIDd.sys
Image Path: C:\WINDOWS\system32\drivers\_VOIDaabmetnqbf.sys

Description: variant of TDSS trojan

How to remove: use the TDSS trojan removal instructions.

Posted in Driver, Trojan | No Comments »

What is avcommand.net, How to remove avcommand.net

Monday, March 1st, 2010

avcommand.net is a malicious website

remove The site was created to spread Antivirus Soft. If your browser is redirected to avcommand.net, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.5
Site addess: avcommand.net
Description: avcommand.net is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Soft.

How to remove: use these Antivirus Soft removal instructions in order to remove this infection.

Posted in Rogue Antispyware/Antivirus | No Comments »

« Previous Entries
Next Entries »