Archive for the 'Threats' Category

« Previous Entries
Next Entries »

What is MyPcSecure.exe, How to remove MyPcSecure.exe

Saturday, January 30th, 2010

MyPcSecure.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: MyPcSecure
Filename: MyPcSecure.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | MyPcSecure

Command: C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [MyPcSecure] C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe -min

DDS Line:

uRun: [MyPcSecure] C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“MyPcSecure”=C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe

Description: core part of MyPcSecure. MyPcSecure is a rogue antispyware program.

How to remove: use these MyPcSecure removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is 0021.DLL, How to remove 0021.DLL

Friday, January 29th, 2010

0021.DLL is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: 0021
Filename: 0021.DLL
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | CrntDLL

Command: C:\WINDOWS\system32\0021.DLL
Startup Type: AppInit_DLLs + CrntDLL
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\0021.DLL

DDS Line:

AppInit_DLLs: C:\WINDOWS\system32\0021.DLL

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\0021.DLL”

Description: trojan also known as Trojan-Spy.Win32.Delf.hvj [Kaspersky Lab], BackDoor-BAC [McAfee], Troj/Bckdr-RAP [Sophos], Trojan:Win32/Witkinat.A [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in AppInit DLLs, CrntDLL, O20, Trojan | No Comments »

What is 0020.DLL, How to remove 0020.DLL

Friday, January 29th, 2010

0020.DLL is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: 0020
Filename: 0020.DLL
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | CrntDLL

Command: C:\WINDOWS\system32\0020.DLL
Startup Type: AppInit_DLLs + CrntDLL
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\0020.DLL

DDS Line:

AppInit_DLLs: C:\WINDOWS\system32\0020.DLL

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\0020.DLL”

Description: trojan also known as Trojan-Spy.Win32.Delf.hvj [Kaspersky Lab], BackDoor-BAC [McAfee], Troj/Bckdr-RAP [Sophos], Trojan:Win32/Witkinat.A [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in AppInit DLLs, CrntDLL, O20, Trojan | No Comments »

What is 0019.DLL, How to remove 0019.DLL

Friday, January 29th, 2010

0019.DLL is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: 0019
Filename: 0019.DLL
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS

Command: C:\WINDOWS\system32\0019.DLL
Startup Type: AppInit_DLLs
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\0019.DLL

DDS Line:

AppInit_DLLs: C:\WINDOWS\system32\0019.DLL

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\0019.DLL”

Description: trojan agent

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in AppInit DLLs, O20, Trojan | No Comments »

Antivir 2010 – Antivir.exe

Friday, January 29th, 2010

Antivir.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Antivir
Filename: Antivir.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AV

Command: C:\Program Files\AV\Antivir.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe

DDS Line:

uRun: [AV] C:\Program Files\AV\Antivir.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AV”=C:\Program Files\AV\Antivir.exe

Description: core component of Antivir 2010. Antivir 2010 is a rogue antispyware program.

How to remove: use these Antivir 2010 removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

av.exe – core part of Vista Guardian, Antivirus Vista 2010, Vista Antispyware 2010, Vista Antivirus Pro, Vista Internet Security 2010

Friday, January 29th, 2010

av.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: av
Filename: av.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_CLASSES_ROOT\.exe\shell\open\command | @= “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_CLASSES_ROOT\secfile\shell\open\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1” %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command | @ = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”

Command: %UserProfile%\Local Settings\Application Data\av.exe
Startup Type: File associations
Description: core component of Vista Guardian, Antivirus Vista 2010, Vista Antispyware 2010, Vista Antivirus Pro, Vista Internet Security 2010

How to remove: use these Vista Guardian, Antivirus Vista 2010, Vista Antispyware 2010, Vista Antivirus Pro, Vista Internet Security 2010 removal instructions.

Posted in File associations, Rogue Antispyware/Antivirus | No Comments »

What is freddy82.exe, How to remove freddy82.exe

Thursday, January 28th, 2010

freddy82.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy82
Filename: freddy82.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy82.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy82.exe

DDS Line:

mRun: [sysfbtray] C:\windows\freddy82.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy82.exe

Description: component of koobface worm

How to remove: use these koobface removal instructions.

Posted in O4, Run, Worm | No Comments »

What is incognito.exe, How to remove incognito.exe

Thursday, January 28th, 2010

incognito.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: incognito
Filename: incognito.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB}

Command: c:\windows\system32\incognito.exe
CLSID: {ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB}
Startup Type: Microsoft active setup
DDS Line:

mASetup: {ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB} – c:\windows\system32\incognito.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB}]
c:\windows\system32\incognito.exe

Description: trojan also known as Trojan.Win32.Buzus.dahy [Kaspersky Lab], Mal/Generic-A [Sophos]

How to remove: use Kaspersky virus removal tool or Windows Registry editor

Posted in Microsoft active setup, Trojan | 12 Comments »

What is av.exe, How to remove av.exe

Thursday, January 28th, 2010

av.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: av
Filename: av.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\secfile

Command: %Appdata%\av.exe
Startup Type: File associations
Description: core component of XP Internet Security 2010. XP Internet Security 2010 also known as XP Guardian, Antivirus XP 2010 is a rogue antispyware program.

How to remove: use these XP Internet Security 2010, XP Guardian, Antivirus XP 2010 removal instructions.

Posted in File associations, Rogue Antispyware/Antivirus | No Comments »

What is PcSecureNet.exe, How to remove PcSecureNet.exe

Thursday, January 28th, 2010

PcSecureNet.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: PcSecureNet
Filename: PcSecureNet.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | PcSecureNet

Command: C:\Program Files\PcSecureNet Software\PcSecureNet\PcSecureNet.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [PcSecureNet] C:\Program Files\PcSecureNet Software\PcSecureNet\PcSecureNet.exe -min

DDS Line:

uRun: [PcSecureNet] C:\Program Files\PcSecureNet Software\PcSecureNet\PcSecureNet.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“PcSecureNet”=C:\Program Files\PcSecureNet Software\PcSecureNet\PcSecureNet.exe

Description: core component of PcSecureNet. PcSecureNet is a rogue antispyware program.

How to remove: use these PcSecureNet removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

« Previous Entries
Next Entries »