HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sys32_nov
Filename: sys32_nov.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sys32_nov
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | sys32_nov

Command: C:\WINDOWS\system32\sys32_nov.exe
Startup Type:HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sys32_nov] C:\WINDOWS\system32\sys32_nov.exe
O4 – HKCU\..\Run: [sys32_nov] C:\Documents and Settings\Admin\sys32_nov.exe

Description: trojan that installed with braviax trojan and rogue antispyware software

How to remove: use these braviax trojan removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: DnsFilter
Filename: DnsFilter.sys
Command: c:\windows\system32\drivers\DnsFilter.sys
Startup Type: driver, svchost
Combofix/RSIT Line:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“8085:TCP”= 8085:TCP:ddnsfilter
R2 ddnsfilter;ddnsfilter;c:\windows\sySTEM32\SvchoSt.ExE -k ddnsfilter [7/16/2003 11:41 AM 14336]
R1 DnsFilter;DnsFilter;c:\windows\system32\drivers\DnsFilter.sys [8/23/2009 8:43 AM 38016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter

Description: trojan also known as Trojan.DNSChanger, Trojan.Dropper [Symantec], Trojan.Win32.Agent.cupu, [Kaspersky Lab], Trojan-Dropper [Ikarus]

How to remove: use Malwarebytes Anti-malware + use Kaspersky virus removal tool.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: regedit
Filename: regedit.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Regedit32

Command: C:\WINDOWS\system32\regedit.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

Description: trojan, that installed with PC Antispyware2010 (rogue antispyware program)
Note: regedit.exe trojan located in the C:\WINDOWS\system32 folder, Windows system file regedit.exe located in the C:\WINDOWS folder !!!

How to remove: use these PC Antispyware2010 removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: hp32_nword
Filename: hp32_nword.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | hp32_nword
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | hp32_nword

Command: C:\WINDOWS\system32\hp32_nword.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [hp32_nword] C:\WINDOWS\system32\hp32_nword.exe
O4 – HKCU\..\Run: [hp32_nword] C:\Documents and Settings\Michael\hp32_nword.exe

Description: trojan also known as Win-Trojan/SpamMailer, installed with PC Antispyware2010 (rogue anispyware program)

How to remove: use HijackThis + use SUPERAntiSpyware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: ESQULserv
Filename: uses random filenames, examples below

c:\windows\system32\drivers\ESQULpjyrxmafdndomsrumnadwoyxcbowcdul.sys
c:\windows\system32\drivers\ESQULvvmlotmovroyobfrbmltkmtttklyrqje.sys
c:\windows\system32\ESQULdfowmsoetvgoovmoowvkctgpjykiyoaq.dll
c:\windows\system32\ESQULjgxtjwkxefqrntwuekdqcwtuospqgmas.dll

Command: c:\windows\system32\drivers\ESQULfqjdadpxylqppquwnvxjkomleltuiihj.sys
Startup Type: hidden driver
Description: variant of trojan DNSChanger

How to remove: use these trojan DNSChanger removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: olhrwef
Filename: olhrwef.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cdoosoft

Command: C:\WINDOWS\system32\olhrwef.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 – HKUS\S-1-5-21-527237240-113007714-854245398-1007\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe (User ‘?’)

Description: trojan that uses autorun.inf file for infecting computers.

How to remove: use these autorun.inf trojan removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: waw32
Filename: waw32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | Microsoft Driver Setup

Command: C:\WINDOWS\waw32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\waw32.exe
O4 – HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\waw32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\WINDOWS\waw32.exe [2009-08-20 84992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“Microsoft Driver Setup”=C:\WINDOWS\waw32.exe [2009-08-20 84992]

Description: trojan-dropper, also known as Worm.Palevo

How to remove: use HijackThis + use Malwarebytes` Anti-malware

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: brey1eza
Filename: brey1eza.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | brey1eza.exe

Command: %UserProfile%\LOCALS~1\Temp\brey1eza.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [brey1eza.exe] C:\DOCUME~1\PEDROA~1\LOCALS~1\Temp\brey1eza.exe

Description: trojan that installed with SaveSoldier (rogue antispyware program)

How to remove: use these SaveSoldier removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: cru629
Filename: cru629.dat
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS

Startup Type: AppInit DLLs
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: cru629.dat

Description: component of braviax trojan

How to remove: use these braviax trojan removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: braviax
Filename: braviax.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | braviax

Command: C:\WINDOWS\system32\braviax.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe

Description: component of trojan braviax that installs rogue antispyware programs.

How to remove: use these braviax removal instructions.