HT Logs. Tips, FAQs, Analyze.

richtx64.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: richtx64
Filename: richtx64.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | richtx64.exe

Command: %Temp%\richtx64.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\richtx64.exe

DDS Line:

uRun: [richtx64.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\richtx64.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“richtx64.exe”=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\richtx64.exe

Description: trojan FakeAlert

How to remove: use these richtx64.exe (trojan FakeAlert) removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: name
Filename: filename
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}

Command: C:\Windows\System32\ieso0.dll
CLSID: {CE7C3CF0-4B15-11D1-ABED-709549C10000}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: IEHlprObj – {CE7C3CF0-4B15-11D1-ABED-709549C10000} – C:\Windows\System32\ieso0.dll

DDS Line:

BHO: IEHlprObj: {CE7C3CF0-4B15-11D1-ABED-709549C10000} – C:\Windows\System32\ieso0.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
IEHlprObj – C:\Windows\System32\ieso0.dll

Description: component of autorun.inf trojan. It installed with kxvo.exe

How to remove: use HijackThis + these autorun.inf trojans removal instructions

kxvo.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: kxvo
Filename: kxvo.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | kxva

Command: C:\WINDOWS\system32\kxvo.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe

DDS Line:

uRun: [kxva] C:\WINDOWS\system32\kxvo.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“kxva”=C:\WINDOWS\system32\kxvo.exe

Description: trojan also known as W32.Gammima [Symantec], Trojan.Win32.Vaklik.yl [Kaspersky Lab], PWS-Gamania.gen.a [McAfee], TROJ_VAKLIK.EQ [Trend Micro], Mal/EncPk-CE [Sophos], Worm:Win32/Taterf.B [Microsoft], Dropper/Malware.158261 [AhnLab]. It uses autorun.inf files to spread itself.

How to remove: use these autorun.inf trojans removal instructions

essledv.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: essledv
Filename: essledv.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | ttool

Command: C:\Windows\essledv.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [ttool] C:\Windows\essledv.exe

DDS Line:

uRun: [ttool] C:\Windows\essledv.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ttool”=C:\Windows\essledv.exe

Description: trojan also known as Trojan.Generic [PCTools], Trojan Horse [Symantec], Trojan-PSW.Win32.Papras.og [Kaspersky Lab], Troj/PWS-BFX [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool

regsvr.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: regsvr
Filename: regsvr.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Msn Messsenger

Command: C:\Windows\System32
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Msn Messsenger] C:\Windows\System32\regsvr.exe

DDS Line:

uRun: [Msn Messsenger] C:\Windows\System32regsvr.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Msn Messsenger”=C:\Windows\System32regsvr.exe

Description: trojan also known as W32.Imaut [Symantec], Worm.Win32.AutoIt.x, not-a-virus:Monitor.Win32.Ardamax.ae [Kaspersky Lab], W32/Autorun.worm.bm [McAfee], Mal/Generic-A [Sophos], VirTool:Win32/ModTool.A [Microsoft]

How to remove: use HijackThis + Kaspersky virus removal tool

reader_s.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: reader_s
Filename: reader_s.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | reader_s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | reader_s

Command:

%WinDir%\System32\reader_s.exe
%UserProfile%\reader_s.exe

Startup Type: O4
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 – HKCU\..\Run: [reader_s] C:\Documents and Settings\user\reader_s.exe

DDS Line:

mRun: [[reader_s] C:\WINDOWS\System32\reader_s.exe
uRun: [[reader_s] C:\Documents and Settings\user\reader_s.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“reader_s”=C:\WINDOWS\System32\reader_s.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“reader_s”=C:\Documents and Settings\user\reader_s.exe

Description: component of Virut virus also known as W32.Virut.CF [Symantec], W32/Scribble-B [Sophos], Virus.Win32.Virut.ce [Kaspersky Lab], Virus:Win32/Virut.BM [Microsoft], W32/Virut.n.gen [McAfee]

How to remove: use Kaspersky virus removal tool + Dr.Web CureIt

msa.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: msa
Filename: msa.exe
Command: C:\WINDOWS\msa.exe
Description: component of trojan FakeAlert

How to remove: use these trojan FakeAlert removal instructions.

mark_32.dll is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: mark_32
Filename: mark_32.dll
Command: C:\WINDOWS\mark_32.dll
CLSID: {7052b010-2d0f-459e-bf1b-0903f09c1836}
Startup Type: Filter
HijackThis Category: O18
HijackThis Line:

O18 – Filter hijack: text/html – {7052b010-2d0f-459e-bf1b-0903f09c1836} – C:\WINDOWS\mark_32.dll

Description: a trojan that installed with rogue antispyware programs

How to remove: use HijackThis + Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winssled
Filename: winssled.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Taskman
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | shccde

Command: C:\Windows\winssled.exe
Startup Type: HKCU->Run, Winlogon\TaskMan
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [shccde] C:\Windows\winssled.exe

DDS Line:

uRun: [shccde] C:\Windows\winssled.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“shccde”=C:\Windows\winssled.exe

Description: a trojan also known as Malware.Virut [PCTools], W32.Virut.CF [Symantec], Trojan.Win32.Buzus.cqmu [Kaspersky Lab], Trojan:Win32/Lethic.B [Microsoft]

How to remove: use HijackThis + Kaspersky virus removal tool

AntiKeep.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiKeep
Filename: AntiKeep.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiKeep.exe

Command: C:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiKeep.exe] C:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe

DDS Line:

uRun: [AntiKeep.exe] C:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiKeep.exe”=C:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe [2009-12-03 1638400]

Description: core component of AntiKeep. AntiKeep is a rogue antispyware program.

How to remove: use these AntiKeep removal instructions.