Archive for the 'Threats' Category

« Previous Entries
Next Entries »

What is wwwpos32.exe, How to remove wwwpos32.exe

Thursday, January 21st, 2010

wwwpos32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wwwpos32
Filename: wwwpos32.exe
Command: c:\documents and settings\user\start menu\programs\startup\wwwpos32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: wwwpos32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\wwwpos32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
wwwpos32.exe [2008-4-14 40448]

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Startup folder, Trojan | 1 Comment »

What is ProtectDefender.exe, How to remove ProtectDefender.exe

Thursday, January 21st, 2010

ProtectDefender.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ProtectDefender
Filename: ProtectDefender.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ProtectDefender

Command: C:\Program Files\ProtectDefender Software\ProtectDefender\ProtectDefender.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [ProtectDefender] C:\Program Files\ProtectDefender Software\ProtectDefender\ProtectDefender.exe

DDS Line:

mRun: [ProtectDefender] C:\Program Files\ProtectDefender Software\ProtectDefender\ProtectDefender.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“ProtectDefender”=C:\Program Files\ProtectDefender Software\ProtectDefender\ProtectDefender.exe

Description: core part of ProtectDefender. ProtectDefender is a rogue antispyware program.

How to remove: use these ProtectDefender removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is cliconfg64.exe, How to remove cliconfg64.exe

Wednesday, January 20th, 2010

cliconfg64.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: cliconfg64
Filename: cliconfg64.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cliconfg64.exe

Command: %UserProfile%\temp\cliconfg64.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cliconfg64.exe] C:\DOCUME~1\user\LOCALS~1\Temp\cliconfg64.exe

DDS Line:

uRun: [cliconfg64.exe] c:\dokume~1\user\lokale~1\temp\cliconfg64.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cliconfg64.exe”=c:\dokume~1\user\lokale~1\temp\cliconfg64.exe

Description: component of trojan FakeAlert.

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is ArmorDefender.exe, How to remove ArmorDefender .exe

Tuesday, January 19th, 2010

ArmorDefender.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ArmorDefender
Filename: ArmorDefender.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ArmorDefender

Command: C:\Program Files\ArmorDefender Software\ArmorDefender\ArmorDefender.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [ArmorDefender] C:\Program Files\ArmorDefender Software\ArmorDefender\ArmorDefender.exe

DDS Line:

mRun: [ArmorDefender] C:\Program Files\ArmorDefender Software\ArmorDefender\ArmorDefender.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“ArmorDefender”=C:\Program Files\ArmorDefender Software\ArmorDefender\ArmorDefender.exe

Description: core part of ArmorDefender. ArmorDefender is a rogue antispyware program.

How to remove: use these ArmorDefender removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is WinSecurity360.exe, How to remove WinSecurity360.exe

Sunday, January 17th, 2010

WinSecurity360.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: WinSecurity360
Filename: WinSecurity360.exe
Command: C:\Program Files\WinSecurity360\WinSecurity360.exe
Startup Type: StartupFolder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: Win Security 360.lnk = C:\Program Files\WinSecurity360\WinSecurity360.exe

DDS Line:

StartupFolder: Win Security 360.lnk

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
Win Security 360.lnk

Description: core part of Win Security 360. Win Security 360 is a rogue antispyware program.

How to remove: use these Win Security 360 removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Startup folder | No Comments »

What is sdra64.exe, How to remove sdra64.exe

Sunday, January 17th, 2010

sdra64.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sdra64
Filename: sdra64.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit

Command: C:\WINDOWS\system32\sdra64.exe
Startup Type: Winlogon\UserInit
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,

Description: core component of trojan ZBot also known as Trojan-Spy.Win32.Zbot.gen [Kaspersky Lab], PWS:Win32/Zbot.gen!R [Microsoft], Mal/Zbot-O [Sophos], Infostealer.Banker.C [Symantec]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in F2, Trojan, Winlogon\UserInit | No Comments »

What is winIogon.exe, How to remove winIogon.exe

Sunday, January 17th, 2010

winIogon.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winIogon
Filename: winIogon.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft System Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices | Microsoft System Service
HKEY_CURRENT_USER\Software\Microsoft\OLE | Microsoft System Service

Command: C:\Windows\System32\winIogon.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft System Service] winIogon.exe

DDS Line:

mRun: [Microsoft System Service] winIogon.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft System Service”=winIogon.exe

Description: trojan also known as W32/Virut.gen.a [McAfee], Backdoor:Win32/Poebot.gen [Microsoft], W32.IRCBot [Symantec], PE_VIRUT.AV [Trend Micro], W32.Virut.W [Symantec]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, RunServices, Trojan | No Comments »

What is freddy81.exe, How to remove freddy81.exe

Sunday, January 17th, 2010

freddy81.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: freddy81
Filename: freddy81.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysfbtray

Command: C:\windows\freddy81.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sysfbtray] C:\windows\freddy81.exe

DDS Line:

Run: [sysfbtray] C:\windows\freddy81.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=C:\windows\freddy81.exe

Description: component of koobface worm

How to remove: use these koobface removal instructions.

Posted in O4, Run, Worm | No Comments »

What is winhlp64.exe, How to remove winhlp64.exe

Saturday, January 16th, 2010

winhlp64.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winhlp64
Filename: winhlp64.exe
Command: %UserProfile%\Temp\winhlp64.exe
Description: component of trojan FakeAlert. This is installed with cls_pack.exe.

How to remove: use these winhlp64.exe removal instructions.

Posted in Trojan | No Comments »

What is cls_pack.exe, How to remove cls_pack.exe

Saturday, January 16th, 2010

cls_pack.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: cls_pack
Filename: cls_pack.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cls_pack.exe

Command: %UserProfile%\temp\cls_pack.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cls_pack.exe] C:\DOCUME~1\user\LOCALS~1\Temp\cls_pack.exe

DDS Line:

uRun: [cls_pack.exe] c:\dokume~1\user\lokale~1\temp\cls_pack.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cls_pack.exe”=c:\dokume~1\user\lokale~1\temp\cls_pack.exe

Description: component of trojan FakeAlert

How to remove: use these cls_pack.exe removal instructions.

Posted in O4, Run, Trojan | No Comments »

« Previous Entries
Next Entries »