Archive for the 'Threats' Category

« Previous Entries
Next Entries »

jwgkvsq.vmx is component of Conficker worm

Sunday, July 26th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: jwgkvsq
Filename: jwgkvsq.vmx
Registry key:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adaa1c54-332e-11de-bf44-001c25045ca7}

Command: F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
CLSID: {adaa1c54-332e-11de-bf44-001c25045ca7}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adaa1c54-332e-11de-bf44-001c25045ca7}]
shell\AutoRun\command – C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

Description: component of Conficker worm also known as Kido worm

How to remove: use these Conficker removal instructions

Posted in autorun.inf, Worm | 2 Comments »

sfc.sys is a trojan Win32.Agent

Sunday, July 26th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sfc
Filename: sfc.sys
Registry key:

KEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SFC

Command: C:\WINDOWS\system32\drivers\sfc.sys
Startup Type: Driver
Combofix/RSIT Line:

S4 sfc;sfc; C:\WINDOWS\system32\drivers\sfc.sys

Description: trojan Win32.Agent

How to remove: try Malwarebytes` Anti-malware or ask for help at Spyware removal forum.

Posted in Driver, Trojan | No Comments »

AVCare.exe is main file of AVCare

Sunday, July 26th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AVCare
Filename: AVCare.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AV Care

Command: C:\Program Files\AV Care\AvCare.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AV Care] C:\Program Files\AV Care\AvCare.exe

Description: main file of AVCare (rogue antispyware program)

How to remove: use Malwarebytes` Anti-malware or use these AVCare removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

kj32.dll is trojan.bho

Thursday, July 23rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: kj32
Filename: kj32.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6458C00E-EF7F-4f06-9E06-49EA923386FD}

Command: C:\WINDOWS\System32\kj32.dll
CLSID: {6458C00E-EF7F-4f06-9E06-49EA923386FD}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: pl – {6458C00E-EF7F-4f06-9E06-49EA923386FD} – C:\WINDOWS\System32\kj32.dll

Description: trojan bho

How to remove: use HijackThis + use Malwarebytes` Anti-malware

Posted in BHO, O2, Trojan | No Comments »

_ex-68.exe is a trojan

Thursday, July 23rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: _ex-68
Filename: _ex-68.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PromoReg

Command: C:\WINDOWS\Temp\_ex-68.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-68.exe

Description: unknown trojan component, that installed with rogue antispyware programs

How to remove: use HijackThis + use Malwarebytes Antimalware

Posted in O4, Run, Trojan | No Comments »

csrcs.exe is a worm [W32/Spybot]

Thursday, July 23rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: csrcs
Filename: csrcs.exe
Command: C:\WINDOWS\system32\csrcs.exe
Startup Type: Policies->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe

Description: worm [W32/Spybot]

How to remove: use HijackThis + use Malwarebytes Antimalware

Posted in O4, Policies\Explorer\Run, Worm | No Comments »

rncsys32.exe is a trojan [Downloader-BRM]

Thursday, July 23rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: rncsys32
Filename: rncsys32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: rncsys32.exe

Description: trojan [Downloader-BRM]. Read more here.

How to remove: use HijackThis

Posted in O4, Startup folder, Trojan | No Comments »

Cleanup.exe is a trojan

Thursday, July 23rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Cleanup
Filename: Cleanup.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Global Startup: Cleanup.exe

Description: trojan component [Trojan.Win32.Zapchast]

How to remove: use HijackThis + use Malwarebytes Antimalware

Posted in O4, Startup folder, Trojan | No Comments »

HomeAntivirus2010.exe is main file of Home Antivirus 2010

Sunday, July 19th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: HomeAntivirus2010
Filename: HomeAntivirus2010.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Home Antivirus 2010

Command: C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Home Antivirus 2010] “C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe” /hide

Description: main file of Home Antivirus 2010 (rogue antispyware program)

How to remove: use these Home Antivirus 2010 removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

MalwareRemoval.exe is main file of Fake Microsoft Windows Malicious Software Removal Tool

Thursday, July 16th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: MalwareRemoval
Filename: MalwareRemoval.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | MalwareRemoval

Command: C:\Program Files\MalwareRemoval\MalwareRemoval.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [MalwareRemoval] C:\Program Files\MalwareRemoval\MalwareRemoval.exe

Description: main file of Fake Microsoft Windows Malicious Software Removal Tool

How to remove: use Malwarebytes Antimalware

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

« Previous Entries
Next Entries »