Archive for the 'Trojan' Category

What is jdsuml.exe, How to remove jdsuml.exe

Wednesday, December 23rd, 2009

jdsuml.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: jdsuml
Filename: jdsuml.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | qaswww
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Taskman

Command: C:\WINDOWS\system32\jdsuml.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [qaswww] C:\WINDOWS\system32\jdsuml.exe

DDS Line:

uRun: [qaswww] C:\WINDOWS\system32\jdsuml.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“qaswww”=C:\WINDOWS\system32\jdsuml.exe

Description: trojan also known as Malware.Virut [PCTools], W32.Virut.CF [Symantec], Trojan.Win32.Buzus.cqmu [Kaspersky Lab], Troj/Agent-LXF [Sophos], Trojan:Win32/Lethic.B

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is providd.exe, How to remove providd.exe

Wednesday, December 23rd, 2009

providd.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: providd
Filename: providd.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | sqlpdro

Command: C:\WINDOWS\system32\providd.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [sqlpdro] C:\WINDOWS\system32\providd.exe

DDS Line:

uRun: [sqlpdro] C:\WINDOWS\system32\providd.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“sqlpdro”=C:\WINDOWS\system32\providd.exe

Description: trojan dropper

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is ihaupd32.exe, How to remove ihaupd32.exe

Wednesday, December 23rd, 2009

ihaupd32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ihaupd32
Filename: ihaupd32.exe
Command: %UserProfile%\start menu\programs\startup\ihaupd32.exe
Startup Type: StartupFolder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: ihaupd32.exe

Combofix/RSIT Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\ihaupd32.exe

Description: trojan dropper. It installed with updxsp32.exe trojan.

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is updxsp32.exe, How to remove updxsp32.exe

Wednesday, December 23rd, 2009

updxsp32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: updxsp32
Filename: updxsp32.exe
Command: %UserProfile%\start menu\programs\startup\updxsp32.exe
Startup Type: StartupFolder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: updxsp32.exe

Combofix/RSIT Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\updxsp32.exe

Description: Trojan.Dropper

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is Googlev2010.com, How to remove Googlev2010.com

Monday, December 21st, 2009

Googlev2010.com is a malicious website

remove The site was created to hijack a web browsers and redirect them to unwanted and irrelevant search results. If your browser is redirected to Googlev2010.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Site addess: Googlev2010.com

How to remove: use Malwarebytes` Anti-malware

What is clspackxq.exe, How to remove clspackxq.exe

Saturday, December 19th, 2009

clspackxq.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: clspackxq
Filename: clspackxq.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | clspackxq.exe

Command: %Temp%\clspackxq.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [clspackxq.exe] c:\docume~1\user\locals~1\temp\clspackxq.exe

DDS Line:

uRun: [clspackxq.exe] c:\docume~1\user\locals~1\temp\clspackxq.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“clspackxq.exe”=c:\docume~1\user\locals~1\temp\clspackxq.exe

Description: trojan FakeAlert

How to remove: use HijackThis + Malwarebytes` Anti-malware

What is winsts.sys, How to remove winsts.sys

Sunday, December 13th, 2009

winsts.sys is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winsts
Filename: winsts.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsts

Command: c:\windows\system32\winsts.sys
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: winsts (winsts) – – C:\WINDOWS\system32\winsts.sys

DDS/Combofix/RSIT Line:

S3 winsts;winsts;c:\windows\system32\winsts.sys

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool or ask for help in the Spyware removal forum.
How to remove: link

What is services.exe, How to remove services.exe

Sunday, December 13th, 2009

services.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: services
Filename: services.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | exec

Command: %FontsDir%\services.exe
Startup Type:
HijackThis Category:
HijackThis Line:

HKLM\..\Run: [exec] %FontsDir%\services.exe

DDS Line:

mRun: [exec] %FontsDir%\services.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“exec”=%FontsDir%\services.exe

Description: trojan, also known as Trojan Horse [Symantec], Trojan-Spy.Win32.VB.bzc [Kaspersky Lab], Adclicker-GV [McAfee], Troj/VB-EHN [Sophos], Trojan:Win32/Puzlice.A [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is wincert.dll, How to remove wincert.dll

Sunday, December 13th, 2009

wincert.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wincert
Filename: wincert.dll
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls | AppSecDll

Command: C:\Windows\System32\wincert.dll
Startup Type: AppCertDlls
Description: trojan also known as Mal/Xilcter-A [Sophos]

How to remove: use Malwarebytes` Anti-malware + Kaspersky virus removal tool

What is svchust.exe, How to remove svchust.exe

Sunday, December 13th, 2009

svchust.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: svchust
Filename: svchust.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Net_Login

Command: c:\windows\svchust.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: Net_Login (Net_Login) – Sigma Designs In – C:\WINDOWS\svchust.exe

DDS/Combofix/RSIT Line:

R2 Net_Login;Net_Login;c:\windows\svchust.exe

Description: trojan also known as W32.Pinfi [Symantec], Virus.Win32.Parite.b [Kaspersky Lab], W32/Pate.b [McAfee], PE_PARITE.A [Trend Micro], W32/Parite-B [Sophos], Virus:Win32/Parite.B [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool