Archive for the 'Threats' Category

What is SecurityShield, How to remove Security Shield

Thursday, December 23rd, 2010

Security Shield is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Security Shield associated files and folders:

C:\Documents and Settings\All Users\Application Data\{RANDOM}
C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe.

Security Shield associated registry keys and values:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{RANDOM}

Core filename: {RANDOM}.exe
Command: C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
HijackThis shows Security Shield:

O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe

Description: Security Shield is a fake antivirus program that installed through the use of trojans without user knowledge and permission. When is started, it will perform a fake scan and state that your computer is infected with viruses, spyware and malware. Moreover, SecurityShield will display numerous fake security alerts and block all the legitimate and trustful applications used on your computer. In order to cure your PC, the program will suggest you to purchase its full version. Most important, do not pay for the fake software! Instead, follow the removal guide below to remove Security Shield from your computer for free using legitimate free antimalware software.

How to remove: use the Security Shield removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.
2. Download HijackThis from here and save it to your desktop.
3. Run HijackThis. Click to Scan button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.
4. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is WinScanner, How to remove Win Scanner

Thursday, December 23rd, 2010

Win Scanner is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Win Scanner associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Win Scanner.lnk
%UserProfile%\Start Menu\Programs\Win Scanner
%UserProfile%\Start Menu\Programs\Win Scanner\Win Scanner.lnk
%UserProfile%\Start Menu\Programs\Win Scanner\Win Scanner.lnk

Win Scanner associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Win Scanner:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Win Scanner is a fake hard disk drive defragmenter software.Once installed, it will display false information and fake critical alerts on the computer. Moreover, it will perform a fake scan and state that the system has some serious problems, such critical errors in Windows registry, hard drive is missing or unreadable. Win Scanner will also blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Do not be scared into purchasing the bogus software! You should remove Win Scanner virus from your computer as soon as possible.

How to remove: use the Win Scanner virus removal guide.

What is Defragmenter, How to remove Defragmenter

Sunday, December 19th, 2010

Defragmenter is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Defragmenter associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Defragmenter.lnk
%UserProfile%\Start Menu\Programs\Defragmenter
%UserProfile%\Start Menu\Programs\Defragmenter\Defragmenter.lnk
%UserProfile%\Start Menu\Programs\Defragmenter\Defragmenter.lnk

Defragmenter associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows HDD Tools:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Defragmenter is a fake hard disk drive defragmenter software.Once installed, it will display false information and fake critical alerts on the computer. Moreover, it will perform a fake scan and state that the system has some serious problems, such critical errors in Windows registry, hard drive is missing or unreadable. Defragmenter will also blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Do not be scared into purchasing the bogus software! You should remove Defragmenter virus from your computer as soon as possible.

How to remove: use the Defragmenter virus removal guide.

What is HDDTools, How to remove HDD Tools

Wednesday, December 15th, 2010

HDD Tools is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

HDD Tools associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\HDD Tools.lnk
%UserProfile%\Start Menu\Programs\HDD Tools
%UserProfile%\Start Menu\Programs\HDD Tools\HDD Tools.lnk
%UserProfile%\Start Menu\Programs\HDD Tools\HDD Tools.lnk

HDD Tools associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows HDD Tools:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: HDD Tools is a fake computer optimization software that display false information and fake critical alerts on the computer. Moreover, it will perform a fake scan and state that the system has some serious problems, such critical errors in Windows registry, hard drive is missing or unreadable. HDDTools will also blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Do not be scared into purchasing the bogus software! You should remove HDD Tools from your computer as soon as possible.

How to remove: use the HDD Tools removal.

What is SmartHDD, How to remove Smart HDD

Tuesday, December 14th, 2010

Smart HDD is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Smart HDD associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Smart HDD.lnk
%UserProfile%\Start Menu\Programs\Smart HDD
%UserProfile%\Start Menu\Programs\Smart HDD\Smart HDD.lnk
%UserProfile%\Start Menu\Programs\Smart HDD\Smart HDD.lnk

Smart HDD associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Smart HDD:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Smart HDD is a malware that pretends to be a computer optimization software. The rogue is installed via trojans without user knowledge and permission. Once started, it will report false information and display fake alerts on the computer. The rogue will perform a fake scan and state that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, SmartHDD will blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Most important, do not pay for the fake software! Instead, follow the removal guide below to remove Smart HDD from your computer for free using legitimate free antimalware software.

How to remove: use the Smart HDD removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is HDDRescue, How to remove HDD Rescue

Sunday, December 12th, 2010

HDD Rescue is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

HDD Rescue associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\HDD Rescue.lnk
%UserProfile%\Start Menu\Programs\HDD Rescue
%UserProfile%\Start Menu\Programs\HDD Rescue\HDD Rescue.lnk
%UserProfile%\Start Menu\Programs\HDD Rescue\HDD Rescue.lnk

HDD Rescue associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows HDD Rescue:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: HDD Rescue is a fake computer optimization software that installed through the use of trojans without user knowledge and permission. When is started, it will report false information and display fake alerts on the computer. The rogue will perform a fake scan and state that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, HDDRescue will blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Most important, do not pay for the fake software! Instead, follow the removal guide below to remove HDD Rescue from your computer for free using legitimate free antimalware software.

How to remove: use the HDD Rescue removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is andy145.exe, How to remove andy145.exe

Thursday, December 9th, 2010

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: andy145
Filename: andy145.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | xuri49tkd

Command: C:\windows\andy145.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [xuri49tkd] C:\windows\andy145.exe

DDS Line:

mRun: [xuri49tkd] C:\windows\andy145.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“xuri49tkd”=C:\windows\andy145.exe

Description: malware

How to remove: use HijackThis + Kaspersky virus removal tool

What is cryptnet32.dll, How to remove cryptnet32.dll

Thursday, December 9th, 2010

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: cryptnet32
Filename: cryptnet32.dll
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet32

Command: C:\WINDOWS\SYSTEM32\cryptnet32.dll
Startup Type: Winlogon->Notify
HijackThis Category: O20
HijackThis Line:

O20 – Winlogon Notify: cryptnet32 – C:\WINDOWS\SYSTEM32\cryptnet32.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet32]
2010-12-08 17:31 48128 —-a-w- C:\WINDOWS\SYSTEM32\cryptnet32.dll

Description: Trojan:Win32/Lukicsel.H [Microsoft]

How to remove: use HijackThis + SUPERAntiSpyware

What is Internet Antivirus 2011, How to remove Internet Antivirus 2011

Thursday, December 9th, 2010

Internet Antivirus 2011 is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Internet Antivirus 2011 associated files and folders:

C:\Documents and Settings\All Users\Application Data\da1933\IA220_121.exe
%UserProfile%\Application Data\Internet Antivirus 2011
%UserProfile%\Application Data\Internet Antivirus 2011\cookies.sqlite
%UserProfile%\Desktop\Internet Antivirus 2011.lnk
%UserProfile%\Start Menu\Internet Antivirus 2011.lnk
%UserProfile%\Application Data\Internet Antivirus 2011\Instructions.ini
%UserProfile%\Start Menu\Programs\Internet Antivirus 2011.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus 2011.lnk

Internet Antivirus 2011 associated registry keys and values:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Internet Antivirus 2011

Core filename: IA220_121.exe
Command: C:\Documents and Settings\All Users\Application Data\da1933\IA220_121.exe
HijackThis shows Internet Antivirus 2011:

O4 – HKCU\..\Run: [Smart Engine] “C:\Documents and Settings\All Users\Application Data\da2933\IA220_121.exe” /s /d

Description: rogue antispyware program

How to remove: use the Internet Antivirus 2011 removal guide or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

4. Download OTM by OldTimer from here and save to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[resethosts]

Click the red Moveit! button. Close OTM.

What is HDDPlus, How to remove HDD Plus

Thursday, December 9th, 2010

HDD Plus is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

HDD Plus associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\HDD Plus.lnk
%UserProfile%\Start Menu\Programs\HDD Plus
%UserProfile%\Start Menu\Programs\HDD Plus\HDD Plus.lnk
%UserProfile%\Start Menu\Programs\HDD Plus\HDD Plus.lnk

HDD Plus associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows HDD Plus:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: HDD Plus is a fake computer optimization software that installed through the use of trojans without user knowledge and permission. When is started, it will report false information and display fake alerts on the computer. The rogue will perform a fake scan and state that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, HDDPlus will blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Most important, do not purchase this fake program! If your computer is infected with this malware then follow the removal guide below to remove HDD Plus from your computer for free using legitimate free antimalware software.

How to remove: use the HDD Plus removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).