Archive for the 'Trojan' Category

« Previous Entries
Next Entries »

What is awxm.vho, How to remove awxm.vho

Monday, April 19th, 2010

awxm.vho is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: awxm
Filename: awxm.vho
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe awxm.vho rlvgf
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe awxm.vho rlvgf

Description: component of a trojan that also known as Backdoor.Bredolab [PCTools], Mal/EncPk-NS, Mal/FakeAV-BW, Mal/FakeAV-DF, Mal/FakeAV-BW [Sophos], packed with: PE_Patch.UPX [Kaspersky Lab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in F2, Trojan, Winlogon\Shell | No Comments »

What is ngts.vao, How to remove ngts.vao

Friday, April 16th, 2010

ngts.vao is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ngts
Filename: ngts.vao
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe ngts.vao uvibls
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe ngts.vao uvibls

Description: component of a trojan that also known as Backdoor.Bredolab [PCTools], Mal/EncPk-NS, Mal/FakeAV-BW, Mal/FakeAV-DF, Mal/FakeAV-BW [Sophos], packed with: PE_Patch.UPX [Kaspersky Lab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in F2, Trojan, Winlogon\Shell | No Comments »

What is mcenspc.dll, How to remove mcenspc.dll

Tuesday, April 13th, 2010

mcenspc.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mcenspc
Filename: mcenspc.dll
Registry key:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders | SecurityProviders

Command: C:\Windows\System32\mcenspc.dll
Startup Type: SecurityProviders
Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
“SecurityProviders”=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll

Description: a trojan that also known as Trojan Horse [Symantec], Trojan.Win32.Agent2.htd [Kaspersky Lab], Generic Downloader.x!a [McAfee], Troj/Agent-JNX [Sophos], TrojanDownloader:Win32/Agent.KF [Microsoft], Trojan.Win32.Agent2 [Ikarus], Win-Trojan/Agent2.58880.B [AhnLab]

How to remove: use Malwarebytes` Anti-malware + Kaspersky virus removal tool

Posted in SecurityProviders, Trojan | No Comments »

What is rihd.pno, How to remove rihd.pno

Tuesday, April 13th, 2010

rihd.pno is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: rihd
Filename: rihd.pno
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe, rundll32.exe rihd.pno eaoydsi
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe, rundll32.exe rihd.pno eaoydsi

Description: component of Bredolab trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in F2, Trojan, Winlogon\Shell | No Comments »

What is PRAGMAd.sys, How to remove PRAGMAd.sys

Tuesday, April 13th, 2010

PRAGMAd.sys is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: PRAGMAd
Filename: PRAGMAd.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PRAGMA{random}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PRAGMAd.sys

Command:

C:\WINDOWS\system32\drivers\PRAGMA{random}.sys
C:\WINDOWS\PRAGMArchxnseqxn\PRAGMAd.sys

Startup Type: hidden driver
RootRepeal shows infection:

Hidden Services
——————-
Service Name: PRAGMAd.sys
Image Path C:\WINDOWS\system32\drivers\PRAGMAewxhsvitbd.sys

Service Name: PRAGMArchxnseqxn
Image Path C:\WINDOWS\PRAGMArchxnseqxn\PRAGMAd.sys

GMER shows infection:

Service system32\drivers\PRAGMAewxhsvitbd.sys (*** hidden *** ) [SYSTEM] PRAGMAd.sys <-- ROOTKIT !!! Service C:\WINDOWS\PRAGMArchxnseqxn\PRAGMAd.sys (*** hidden *** ) [SYSTEM] PRAGMArchxnseqxn <-- ROOTKIT !!!

Description: new variant of TDSS trojan

How to remove: use these TDSS trojan removal instructions.

Posted in Driver, Trojan | No Comments »

What is davclnt.exe, How to remove davclnt.exe

Sunday, April 11th, 2010

davclnt.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: davclnt
Filename: davclnt.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | davclnt.exe

Command: %Temp%\davclnt.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [davclnt.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\davclnt.exe

DDS Line:

uRun: [davclnt.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\davclnt.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“davclnt.exe”=C:\DOCUME~1\comp\LOCALS~1\Temp\davclnt.exe

Description: trojanFakeAlert that installed with Digital Protection. Digital Protection is a rogue antispyware program.

How to remove: use these Digital Protection removal instructions.

Posted in O4, Run, Trojan | No Comments »

What is YVIBBBHA8C, How to remove YVIBBBHA8C

Tuesday, April 6th, 2010

YVIBBBHA8C is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: YVIBBBHA8C
Filename: [random 3 characters].exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | YVIBBBHA8C

Command: %Temp%\[random 3 characters].exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [YVIBBBHA8C] C:\DOCUME~1\user\LOCALS~1\Tem\Lpw.exe

DDS Line:

uRun: [YVIBBBHA8C] C:\DOCUME~1\user\LOCALS~1\Temp\Lpw.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“YVIBBBHA8C”=C:\DOCUME~1\user\LOCALS~1\Temp\Lpw.exe

Description: a trojan that also known as Downloader-CEW [McAfee], Mal/FakeAV-CX, Mal/FakeAV-CO [Sophos]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

What is lgou.rlo, How to remove lgou.rlo

Friday, April 2nd, 2010

lgou.rlo is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: lgou
Filename: lgou.rlo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe lgou.rlo nhemkk
Startup Type: Winlogon\Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe lgou.rlo nhemkk

Description: component of Bredolab trojan, also known as Trojan-Downloader.Win32.Agent.dkld [Kaspersky Lab], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in F2, Trojan, Winlogon\Shell | No Comments »

What is fontviewxp.exe, How to remove fontviewxp.exe

Saturday, March 27th, 2010

fontviewxp.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: fontviewxp
Filename: fontviewxp.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | fontviewxp.exe

Command: %Tenp%\fontviewxp.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [fontviewxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\fontviewxp.exe

DDS Line:

uRun: [fontviewxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\fontviewxp.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“fontviewxp.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\fontviewxp.exe

Description: a trojan fakeAlert that shows a lot of fake security alerts and installed with User Protection onto your computer. User Protection is a rogue antispyware program.

How to remove: use these User Protection removal instructions.

Posted in O4, Run, Trojan | No Comments »

What is nnfj.tqo, How to remove nnfj.tqo

Tuesday, March 23rd, 2010

nnfj.tqo is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: nnfj
Filename: nnfj.tqo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe nnfj.tqo nhemkk
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe nnfj.tqo nhemkk

Description: trojan also known as Trojan.Win32.Sasfis.ajil [Kaspersky Lab], SpyAgent-br.dll [McAfee], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft], Win-Trojan/Xema.variant [AhnLab]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in F2, Trojan, Winlogon\Shell | 1 Comment »

« Previous Entries
Next Entries »