Archive for the 'Trojan' Category

« Previous Entries
Next Entries »

What is inetprovider.dll, How to remove inetprovider.dll

Wednesday, December 2nd, 2009

inetprovider.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: inetprovider
Filename: inetprovider.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | InternetProvider

Command: C:\Documents and Settings\All Users\Microsoft PData\inetprovider.dll
CLSID: {76377D16-FC8D-4505-B8E1-237EA19C401A}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: InternetProvider – {76377D16-FC8D-4505-B8E1-237EA19C401A} – C:\Documents and Settings\All Users\Microsoft PData\inetprovider.dll

DDS Line:

SSODL: InternetProvider – {76377D16-FC8D-4505-B8E1-237EA19C401A} – C:\Documents and Settings\All Users\Microsoft PData\inetprovider.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
InternetProvider – {76377D16-FC8D-4505-B8E1-237EA19C401A} – C:\Documents and Settings\All Users\Microsoft PData\inetprovider.dll

Description: trojan that installed with Personal Protector. Personal Protector is a rogue antispyware program.

How to remove: use HijackThis + these Personal Protector removal instructions.

Posted in O21, ShellServiceObjectDelayLoad, Trojan | No Comments »

What is swupdate.dll, How to remove swupdate.dll

Wednesday, December 2nd, 2009

swupdate.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: swupdate
Filename: swupdate.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | SwUpdate

Command: C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
CLSID: {009541A0-3B00-1F1C-00F3-040224001C01}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: SwUpdate – {009541A0-3B00-1F1C-00F3-040224001C01} – C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll

DDS Line:

SSODL: SwUpdate – {009541A0-3B00-1F1C-00F3-040224001C01} – C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll

RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SwUpdate – {009541A0-3B00-1F1C-00F3-040224001C01} – C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll

Description: trojan AdClick

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O21, ShellServiceObjectDelayLoad, Trojan | No Comments »

What is algqeh32.exe, How to remove algqeh32.exe

Tuesday, December 1st, 2009

algqeh32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: algqeh32
Filename: algqeh32.exe
Command: %UserProfile%\Start Menu\Programs\Startup\algqeh32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: algqeh32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
algqeh32.exe

Description: trojan

How to remove: use HijackThis + manually remove the file.

Posted in O4, Startup folder, Trojan | No Comments »

What is photo_id.exe, How to remove photo_id.exe

Tuesday, December 1st, 2009

photo_id.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: photo_id
Filename: photo_id.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | photo_id
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | photo_id

Command:

C:\WINDOWS\system32\photo_id.exe
%UserProfile%\photo_id.exe
C:\WINDOWS\system32\config\systemprofile\photo_id.exe

Startup Type: HKLM->Run. HKCU->Run
HijackThis Category:
HijackThis Line:

O4 – HKLM\..\Run: [photo_id] C:\WINDOWS\system32\photo_id.exe
O4 – HKCU\..\Run: [photo_id] C:\Documents and Settings\user\photo_id.exe
O4 – HKUS\S-1-5-18\..\Run: [photo_id] C:\WINDOWS\system32\config\systemprofile\photo_id.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [photo_id] C:\WINDOWS\system32\config\systemprofile\photo_id.exe (User ‘Default user’)

DDS Line:

mRun: [photo_id] C:\WINDOWS\system32\photo_id.exe
uRun: [photo_id] C:\Documents and Settings\user\photo_id.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“photo_id”=C:\WINDOWS\system32\photo_id.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“photo_id”=C:\Documents and Settings\user\photo_id.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

What is pbudsara.exe, How to remove pbudsara.exe

Tuesday, December 1st, 2009

pbudsara.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: pbudsara
Filename: pbudsara.exe
Command: c:\pbudsara.exe
Startup Type: autorun.inf
Description: trojan that using autorun.inf files to spread inself

How to remove: use these autorun.inf trojans removal instructions

Posted in autorun.inf, Trojan | No Comments »

What is herss.exe, How to remove herss.exe

Tuesday, December 1st, 2009

herss.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: herss
Filename: herss.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cdoosoft

Command: %Temp%\herss.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cdoosoft] %Temp%\herss.exe

DDS Line:

uRun: [cdoosoft] %Temp%\herss.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cdoosoft”=%Temp%\herss.exe

Description: trojan also known as Trojan-GameThief.Win32.Magania.cmla [Kaspersky Lab], Mal/Taterf-A [Sophos], Worm:Win32/Taterf.B [Microsoft], Trojan.Win32.Inhoo [Ikarus]

How to remove: use HijackThis + these autorun.inf trojans removal instructions.

Posted in autorun.inf, O4, Run, Trojan | No Comments »

What is wind7upd.exe, How to remove wind7upd.exe

Tuesday, December 1st, 2009

wind7upd.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wind7upd
Filename: wind7upd.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup

Command: C:\Windows\wind7upd.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4:HKLM\..\Run: [Microsoft Driver Setup] C:\Windows\wind7upd.exe
O4:HKLM\..\policies\Explorer\Run: [Microsoft Driver Setup] C:\Windows\wind7upd.exe

DDS Line:

mRun: [Microsoft Driver Setup] C:\Windows\wind7upd.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
“Microsoft Driver Setup”=C:\Windows\wind7upd.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\Windows\wind7upd.exe

Description: trojan downloader

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Policies\Explorer\Run, Run, Trojan | No Comments »

What is winhelper86.dll, How to remove winhelper86.dll

Tuesday, December 1st, 2009

winhelper86.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winhelper86
Filename: winhelper86.dll
Command: C:\WINDOWS\system32\winhelper86.dll
Startup Type: LSP
HijackThis Category: O10
HijackThis Line:

O10 – Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll

MalwareBytes Anti-malware Log Line:

C:\WINDOWS\system32\winhelper86.dll (Trojan.Fakeinit)

Combofix:

LSP: c:\windows\system32\winhelper86.dll

Description: trojan that installed with Advanced Virus Remover

How to remove: use LSP Fix or these Advanced Virus Remover removal instructions.

Posted in LSP, O10, Rogue Antispyware/Antivirus, Trojan | No Comments »

What is sys64_nov.exe, How to remove sys64_nov.exe

Sunday, November 29th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sys64_nov
Filename: sys64_nov.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sys64_nov
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | sys64_nov

Command:

%WinDir%\system32\sys64_nov.exe
%UserProfile%\sys64_nov.exe

Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sys64_nov] C:\WINDOWS\system32\sys64_nov.exe
O4 – HKCU\..\Run: [sys64_nov] C:\Documents and Settings\user\sys64_nov.exe

DDS Line:

mRun: [sys64_nov] C:\WINDOWS\system32\sys64_nov.exe
uRun: [sys64_nov] C:\Documents and Settings\user\sys64_nov.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“sys64_nov”=C:\WINDOWS\system32\sys64_nov.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“sys64_nov”=C:\Documents and Settings\user\sys64_nov.exe

Description: trojan agent that installed with rogue antispyware programs

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

What is sshnas.dll, How to remove sshnas.dll

Saturday, November 28th, 2009

sshnas.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sshnas
Filename: sshnas.dll
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SSHNAS

Command: C:\Windows\system32\sshnas.dll
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork

DDS Line:

uRun: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SSHNAS”=rundll32.exe C:\Windows\system32\sshnas.dll,DllWork
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

Description: component of trojan FakeAlert

How to remove: use these sshnas.dll removal instructions.

Posted in O4, Run, Trojan | 3 Comments »

« Previous Entries
Next Entries »