Archive for the 'Trojan' Category

« Previous Entries
Next Entries »

awtuUNDT.dll is a trojan (Vundo)

Tuesday, March 31st, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: awtuUNDT
Filename: awtuUNDT.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB248511-529D-4956-A291-1535CEDF9250}

Command: C:\Windows\system32\awtuUNDT.dll
CLSID: {DB248511-529D-4956-A291-1535CEDF9250}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {DB248511-529D-4956-A291-1535CEDF9250} – C:\Windows\system32\awtuUNDT.dll

Description: Internet Explorer BHO module, trojan (Vundo)

How to remove: Use HijackThis + Use Malwarebytes Antimalware

Posted in BHO, O2, Trojan | No Comments »

svchost.exe is a trojan fake.alert

Monday, March 30th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: svchost
Filename: svchost.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SVCHOST.EXE

Command: C:\WINDOWS\System32\drivers\svchost.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe

Description: trojan fake.alert

How to remove: Use HijackThis + Use Malwarebytes Antimalware

Posted in O4, Run, Trojan | No Comments »

vitamine.dll is a trojan

Monday, March 30th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: vitamine
Filename: vitamine.dll
Command: c:\windows\system32\vitamine.dll
CLSID: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
Startup Type: HKLM->Run, AppInit DLL, SSODL, SharedTaskScheduler
HijackThis Category: O4, O20, O21, O22
HijackThis Line:

O4 – HKLM\..\Run: [CPMfbaed640] Rundll32.exe “c:\windows\system32\vitamine.dll”,a
O20 – AppInit_DLLs: c:\windows\system32\vitamine.dll
O21 – SSODL: SSODL – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\vitamine.dll
O22 – SharedTaskScheduler: STS – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\vitamine.dll

Description: trojan (Vundo)

How to remove: Use HijackThis + Use Malwarebytes Antimalware

Posted in AppInit DLLs, O20, O21, O22, O4, Run, SharedTaskScheduler, ShellServiceObjectDelayLoad, Trojan | No Comments »

higudivo.dll is a trojan Vundo

Monday, March 30th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: higudivo
Filename: higudivo.dll
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | wawusavasi

Command: C:\WINDOWS\System32\higudivo.dll
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [wawusavasi] Rundll32.exe “C:\WINDOWS\System32\higudivo.dll”,s
O4 – HKUS\S-1-5-19\..\Run: [wawusavasi] Rundll32.exe “C:\WINDOWS\System32\higudivo.dll”,s (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [wawusavasi] Rundll32.exe “C:\WINDOWS\System32\higudivo.dll”,s (User ‘NETWORK SERVICE’)

Description: component of trojan Vundo

How to remove: Use HijackThis + Use Malwarebytes Antimalware

Posted in O4, Run, Trojan | No Comments »

zenonabi.dll is a trojan Vundo

Monday, March 30th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: zenonabi
Filename: zenonabi.dll
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | f89de5dc

Command: C:\WINDOWS\System32\zenonabi.dll
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [f89de5dc] rundll32.exe “C:\WINDOWS\System32\zenonabi.dll”,b

Description: trojan Vundo component

How to remove: Use HijackThis + Use Malwarebytes Antimalware

Posted in O4, Run, Trojan | No Comments »

gumapoke.dll is a trojan Vundo component

Monday, March 30th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: gumapoke
Filename: gumapoke.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18865f87-42b0-47d6-8fc4-5301aa0f0f80}

Command: C:\WINDOWS\System32\gumapoke.dll
CLSID: {18865f87-42b0-47d6-8fc4-5301aa0f0f80}
Startup Type: BHO
HijackThis Category: O2
HijackThis Line:

O2 – BHO: (no name) – {18865f87-42b0-47d6-8fc4-5301aa0f0f80} – C:\WINDOWS\System32\gumapoke.dll

Description: BHO module, trojan Vundo component

How to remove: Use HijackThis + Use Malwarebytes Antimalware

Posted in BHO, O2, Trojan | No Comments »

svchost.exe is a trojan

Monday, March 30th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: svchost
Filename: svchost.exe
Command: C:\Program Files\Outlook Express\svchost.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: Window Net Dns (MyDNS) – Unknown owner – C:\Program Files\Outlook Express\svchost.exe

Description: unknown trojan component

How to remove: Use HijackThis + Use Malwarebytes Antimalware

Posted in O23, Service, Trojan | No Comments »

DisableRegedit=1, result of trojan activity

Monday, March 30th, 2009

This is a signature of trojan activity.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name of trojan activity: DisableRegedit
HijackThis Category: O7
HijackThis Line:

O7 – HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Description: Disabled Regedit tools is a signature of trojan activity

How to remove: Use HijackThis or Use Malwarebytes Antimalware

Posted in O7, Trojan | 3 Comments »

XP-4A87B914.EXE is a trojan

Monday, March 30th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: XP-4A87B914
Filename: XP-4A87B914.EXE
Command: C:\WINDOWS\system32\XP-4A87B914.EXE
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-4A87B914.EXE

Description: unknown trojan

How to remove: Use HijackThis

Posted in O4, Startup folder, Trojan | No Comments »

regsvr.exe is a trojan

Monday, March 30th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: regsvr
Filename: regsvr.exe
Startup Type: system.ini
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe regsvr.exe

Description: regsvr.exe is a trojan

How to remove: Use HijackThis + Use Malwarebytes Antimalware

Posted in F2, system.ini, Trojan | No Comments »

« Previous Entries
Next Entries »