Archive for the 'Threats' Category
Tuesday, August 25th, 2009
This is a harmful program.
Name: SaveSoldierSvc
Filename: SaveSoldierSvc.exe
Command: C:\Program Files\SaveSoldier Software\SaveSoldier\SaveSoldierSvc.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:
O23 – Service: SaveSoldier Security Service (SaveSoldierSvc) – Unknown owner – C:\Program Files\SaveSoldier Software\SaveSoldier\SaveSoldierSvc.exe
Description: component of SaveSoldier (rogue antispyware program)
How to remove: use these SaveSoldier removal instructions.
Posted in O23, Rogue Antispyware/Antivirus, Service | No Comments »
Tuesday, August 25th, 2009
This is a harmful program.
Name: SaveSoldier
Filename: SaveSoldier.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SaveSoldier
Command: C:\Program Files\SaveSoldier Software\SaveSoldier\SaveSoldier.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [SaveSoldier] C:\Program Files\SaveSoldier Software\SaveSoldier\SaveSoldier.exe -min
Description: main file of SaveSoldier (rogue antispyware program)
How to remove: use these SaveSoldier removal instructions.
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Tuesday, August 25th, 2009
This is a harmful program.
Name: brey1eza
Filename: brey1eza.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | brey1eza.exe
Command: %UserProfile%\LOCALS~1\Temp\brey1eza.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [brey1eza.exe] C:\DOCUME~1\PEDROA~1\LOCALS~1\Temp\brey1eza.exe
Description: trojan that installed with SaveSoldier (rogue antispyware program)
How to remove: use these SaveSoldier removal instructions.
Posted in O4, Rogue Antispyware/Antivirus, Run, Trojan | No Comments »
Sunday, August 16th, 2009
This is a harmful program.
Name: cru629
Filename: cru629.dat
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS
Startup Type: AppInit DLLs
HijackThis Category: O20
HijackThis Line:
O20 – AppInit_DLLs: cru629.dat
Description: component of braviax trojan
How to remove: use these braviax trojan removal instructions.
Posted in AppInit DLLs, O20, Trojan | No Comments »
Sunday, August 16th, 2009
This is a harmful program.
Name: braviax
Filename: braviax.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | braviax
Command: C:\WINDOWS\system32\braviax.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
Description: component of trojan braviax that installs rogue antispyware programs.
How to remove: use these braviax removal instructions.
Posted in O4, Run, Trojan | 1 Comment »
Saturday, August 15th, 2009
This is a harmful program.
Name: WiniShieldSvc
Filename: WiniShieldSvc.exe
Command: C:\Program Files\WiniShield Software\WiniShield\WiniShieldSvc.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:
O23 – Service: WiniShield Security Service (WiniShieldSvc) – Unknown owner – C:\Program Files\WiniShield Software\WiniShield\WiniShieldSvc.exe
Description: component of WiniShield (rogue antispyware program)
How to remove: use these WiniShield removal instructions
Posted in O23, Rogue Antispyware/Antivirus, Service | No Comments »
Saturday, August 15th, 2009
This is a harmful program.
Name: WiniShield
Filename: WiniShield.exe
Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WiniShield
Command: C:\Program Files\WiniShield Software\WiniShield\WiniShield.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [WiniShield] C:\Program Files\WiniShield Software\WiniShield\WiniShield.exe -min
Description: main component of WiniShield (rogue antispyware program)
How to remove: use these WiniShield removal instructions
Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »
Monday, August 3rd, 2009
This is a harmful program.
Name: PC_Antispyware2010
Filename: PC_Antispyware2010.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PC Antispyware 2010
Command: C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [PC Antispyware 2010] “C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe” /hide
Description: main file of PC Antispyware 2010 (rogue antispyware program)
How to remove: use these PC Antispyware 2010 removal instructions.
Posted in O4, Rogue Antispyware/Antivirus, Run | 3 Comments »
Monday, July 27th, 2009
This is a harmful program.
Name: desot
Filename: desot.exe
Registry key:
HKEY_CLASSES_ROOT\exefile\shell\open\command
Command: D:\WINDOWS\system32\desot.exe
Startup Type: File associations
Combofix/RSIT Line:
.exe – open – D:\WINDOWS\system32\desot.exe “%1” %*
Description: component of Windows Antivirus Pro (rogue antivirus program)
How to remove: use these Windows Antivirus Pro removal instructions.
Posted in File associations, Rogue Antispyware/Antivirus | 16 Comments »
Monday, July 27th, 2009
This is a harmful program.
Name: svchast
Filename: svchast.exe
Command: C:\WINDOWS\svchast.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:
O23 – Service: AntipyPro_12 (AntipPro2009_12) – Unknown owner – C:\WINDOWS\svchast.exe
Combofix/RSIT Line:
S2 AntipPro2009_12;AntipyPro_12; C:\WINDOWS\svchast.exe
Description: component of Windows Antivirus Pro (fake antivirus program)
How to remove: use these Windows Antivirus Pro removal instructions.
Posted in O23, Rogue Antispyware/Antivirus, Service | No Comments »
