 |
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: revulazo
Filename: revulazo.dll
Command: c:\windows\system32\revulazo.dll
Description: component of a trojan Vundo
How to remove: use Malwarebytes` Anti-malware + use SUPERAntiSpyware
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: wogipute
Filename: wogipute.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6933d543-b109-40aa-9185-58ccc8241c09}
Command: c:\windows\system32\wogipute.dll
CLSID: {6933d543-b109-40aa-9185-58ccc8241c09}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: (no name) – {6933d543-b109-40aa-9185-58ccc8241c09} – c:\windows\system32\wogipute.dll
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6933d543-b109-40aa-9185-58ccc8241c09}]
2009-06-20 03:46 50688 –sha-w- c:\windows\system32\wogipute.dll
Description: trojan Vundo that installs rogue antispyware programs
How to remove: use Malwarebytes` Anti-malware
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: gitabiga
Filename: gitabiga.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | derijidob
hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler | {e826441e-0920-4e05-9b2c-84189ccd7cba}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | gefiraled
Command: c:\windows\system32\gitabiga.dll
CLSID: {e826441e-0920-4e05-9b2c-84189ccd7cba}
Startup Type: HKLM->Run, SharedTaskScheduler, ShellServiceObjectDelayLoad
HijackThis Category: O4, O21, O22
Combofix/RSIT Line:
2009-09-19 01:46 . 2009-06-19 01:46 88576 –sha-w- c:\windows\system32\gitabiga.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“derijidob”=”c:\windows\system32\gitabiga.dll” [2009-09-19 88576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
“{e826441e-0920-4e05-9b2c-84189ccd7cba}”= “c:\windows\system32\gitabiga.dll” [2009-09-19 88576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“gefiraled”= {e826441e-0920-4e05-9b2c-84189ccd7cba} – c:\windows\system32\gitabiga.dll [2009-09-19 88576]
Description: trojan Vundo
How to remove: use Malwarebytes` Anti-malware
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: ise32
Filename: ise32.exe
Registry key:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dac57b3a-30d1-11dd-ad23-0008a1a9244d}
Command: E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
CLSID: {dac57b3a-30d1-11dd-ad23-0008a1a9244d}
Startup Type: autorun.inf
Combofix/RSIT Line:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dac57b3a-30d1-11dd-ad23-0008a1a9244d}]
shell\AutoRun\command – E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command – E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
Description: autorun.inf trojan also known as Trojan-DDoS.Win32.Agent
How to remove: use these autorun.inf trojans removal instructions + use Kaspersky virus removal tool
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: dwshd
Filename: dwshd.sys
Command: C:\WINDOWS\System32\drivers\dwshd.sys
Startup Type: Driver
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dwshd.sys]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
Description: trojan also known as trojan.Win32Agent.
How to remove: use Kaspersky virus removal tool
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: WStech
Filename: WStech.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
Command: C:\Documents and Settings\All Users\Application Data\gra\WStech.dll
CLSID: {A5DBD8CB-DF8A-4992-A655-B155216F6AFB}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:
O2 – BHO: WStechB – {A5DBD8CB-DF8A-4992-A655-B155216F6AFB} – C:\Documents and Settings\All Users\Application Data\gra\WStech.dll
Description: trojan FakeAlert that installed by Green AV rogue antispyware program
How to remove: use these Green AV removal instructions
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: _ex-08
Filename: _ex-08.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PromoReg
Command: C:\WINDOWS\Temp\_ex-08.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
Description: Trojan.Agent
How to remove: use MalwareBytes Anti-malware.
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: lsp
Filename: lsp.dll
Command: C:\WINDOWS\system32\lsp.dll
Description: trojan FakeAlert, also known as Trojan-Proxy.Win32.
How to remove: use Kaspersky Virus Removal tool.
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: syssvc
Filename: syssvc.exe
Command: C:\WINDOWS\syssvc.exe
Description: trojan FakeAlert also known as TrojanDropper.
How to remove: use Kaspersky Virus Removal tool.
|
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: winupdate
Filename: winupdate.exe
Registry key:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdate.exe
Command: C:\WINDOWS\system32\winupdate.exe
Startup Type: startupreg
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdate.exe]
C:\WINDOWS\system32\winupdate.exe [2009-08-07 46080]
2009-09-04 12:23:26 —-A—- C:\WINDOWS\system32\winupdate.exe
Description: Backdoor.Trojan also known as W32.Spybot.Worm, Backdoor.Win32.Rbot.
How to remove: use Kaspersky virus removal tool.