Archive for the 'Trojan' Category

« Previous Entries
Next Entries »

What is winhlp64.exe, How to remove winhlp64.exe

Saturday, January 16th, 2010

winhlp64.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winhlp64
Filename: winhlp64.exe
Command: %UserProfile%\Temp\winhlp64.exe
Description: component of trojan FakeAlert. This is installed with cls_pack.exe.

How to remove: use these winhlp64.exe removal instructions.

Posted in Trojan | No Comments »

What is cls_pack.exe, How to remove cls_pack.exe

Saturday, January 16th, 2010

cls_pack.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: cls_pack
Filename: cls_pack.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cls_pack.exe

Command: %UserProfile%\temp\cls_pack.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cls_pack.exe] C:\DOCUME~1\user\LOCALS~1\Temp\cls_pack.exe

DDS Line:

uRun: [cls_pack.exe] c:\dokume~1\user\lokale~1\temp\cls_pack.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cls_pack.exe”=c:\dokume~1\user\lokale~1\temp\cls_pack.exe

Description: component of trojan FakeAlert

How to remove: use these cls_pack.exe removal instructions.

Posted in O4, Run, Trojan | No Comments »

What is rarype32.exe, How to remove rarype32.exe

Saturday, January 16th, 2010

rarype32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: rarype32
Filename: rarype32.exe
Command: %userProfile%\start menu\programs\startup\rarype32.exe
Startup Type: O4
HijackThis Category:
HijackThis Line:

O4 – Startup: rarype32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\rarype32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
rarype32.exe

Description: trojan also known as Mal/Bredo-A [Sophos]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in O4, Startup folder, Trojan | 1 Comment »

What is sshnas21.dll, How to remove sshnas21.dll

Thursday, January 14th, 2010

sshnas21.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sshnas21
Filename: sshnas21.dll
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | LosAlamos
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Canaveral
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSHNAS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSHNAS

Command: C:\Windows\System32\sshnas21.dll
Startup Type: Service
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,DllWork
O4 – HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\username\AppData\Local\Temp\sshnas21.dll,BackupReadW

Combofix/RSIT Line:

S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe

Description: this is a new version of sshnas.dll trojan (trojan FakeAlert)

How to remove: use these sshnas.dll removal instructions.

Posted in O4, Service, Trojan | 10 Comments »

What is ndisdrv.sys, How to remove ndisdrv.sys

Sunday, January 10th, 2010

ndisdrv.sys is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ndisdrv
Filename: ndisdrv.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NDISDRV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ndisdrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISDRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisdrv

Command: c:\windows\system32\ndisdrv.sys
Startup Type: Driver
DDS/Combofix/RSIT Line:

S3 ndisdrv;ndisdrv;\??\c:\windows\system32\ndisdrv.sys –> c:\windows\system32\ndisdrv.sys [?]

Description: trojan-rootkit also known as Mal/Rootkit-Q [Sophos]

How to remove:

Download OTM by OldTimer from here
Run OTM.
Copy, then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:services
ndisdrv

:files
c:\windows\system32\ndisdrv.sys

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. When the tool is finished, it will produce a report for you.
Download and run Malwarebytes` Anti-malware

Posted in Driver, Rootkit, Trojan | No Comments »

What is mshlps.dll, How to remove mshlps.dll

Sunday, January 10th, 2010

mshlps.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mshlps
Filename: mshlps.dll
Registry key|value:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls | AppSecDll = “C:\Windows\System32\mshlps.dll”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls | AppSecDll = “C:\Windows\System32\mshlps.dll”

Command: %WinDir%\System32\mshlps.dll
Startup Type: AppCertDlls
Description: trojan also known as Trojan.Win32.Agent.deou [Kaspersky Lab]. Its installed with kbdsock.dll trojan.

How to remove: use Windows Registry editor + Kaspersky virus removal tool

Posted in AppCertDlls, Trojan | No Comments »

What is kbdsock.dll, How to remove kbdsock.dll

Sunday, January 10th, 2010

kbdsock.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: kbdsock
Filename: kbdsock.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS

Command: C:\WINDOWS\system32\kbdsock.dll
Startup Type: AppInit_DLLs
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll

DDS Line:

AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\kbdsock.dll”

Description: trojan also known as Trojan.Win32.Agent.deot [Kaspersky Lab]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, Trojan | No Comments »

What is PR19.DLL, How to remove PR19.DLL

Saturday, January 9th, 2010

PR19.DLL is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: PR19
Filename: PR19.DLL
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows |AppInit_DLLS

Command: C:\WINDOWS\system32\PR19.DLL
Startup Type: AppInit_Dlls
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\PR19.DLL

DDS Line:

AppInit_DLLs: C:\WINDOWS\system32\PR19.DLL

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\PR19.DLL”

Description: trojan that installed with adobemedia.exe trojan.

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in AppInit DLLs, O4, Trojan | No Comments »

What is PR15.DLL, How to remove PR15.DLL

Saturday, January 9th, 2010

PR15.DLL is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: PR15
Filename: PR15.DLL
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS

Command: C:\WINDOWS\system32\PR15.DLL
Startup Type: AppInit Dlls
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\PR15.DLL

DDS Line:

AppInit_DLLs: C:\WINDOWS\system32\PR15.DLL

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\PR15.DLL”

Description: trojan that installed with adobemedia.exe trojan.

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in AppInit DLLs, O20, Trojan | No Comments »

What is adobemedia.exe, How to remove adobemedia.exe

Saturday, January 9th, 2010

adobemedia.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: adobemedia
Filename: adobemedia.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | adobemedia.exe

Command: C:\WINDOWS\system32\adobemedia.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [adobemedia.exe] C:\WINDOWS\system32\adobemedia.exe

DDS Line:

uRun: [adobemedia.exe] C:\WINDOWS\system32\adobemedia.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“adobemedia.exe”=C:\WINDOWS\system32\adobemedia.exe

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, Trojan | No Comments »

« Previous Entries
Next Entries »