Archive for the 'Trojan' Category

« Previous Entries
Next Entries »

What is Syspck32.exe, How to remove Syspck32.exe

Tuesday, March 23rd, 2010

Syspck32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Syspck32
Filename: Syspck32.exe
Command: %UserProfile%\start menu\programs\startup\Syspck32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: syspck32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\syspck32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
syspck32.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Startup folder, Trojan | No Comments »

What is zipdkg32.exe, How to remove zipdkg32.exe

Sunday, March 21st, 2010

zipdkg32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: zipdkg32
Filename: zipdkg32.exe
Command: c:\documents and settings\user\start menu\programs\startup\zipdkg32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: zipdkg32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\zipdkg32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
zipdkg32.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Startup folder, Trojan | No Comments »

What is WEK9EMDHI9, How to remove WEK9EMDHI9

Saturday, March 20th, 2010

WEK9EMDHI9 is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: WEK9EMDHI9
Filename: [ranndom].exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WEK9EMDHI9

Command: C:\WINDOWS\Bhihuc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [WEK9EMDHI9] C:\WINDOWS\Bhihuc.exe

DDS Line:

uRun: [WEK9EMDHI9] C:\WINDOWS\Bhihuc.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“WEK9EMDHI9″=C:\WINDOWS\Bhihuc.exe [2010-03-15 40448]

Description: trojan FakeAlert

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

What is msnfo32.exe, How to remove msnfo32.exe

Wednesday, March 17th, 2010

msnfo32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: msnfo32
Filename: msnfo32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | msnfo32

Command: %WinDir%\system32\msnfo32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [msnfo32] C:\WINDOWS\system32\msnfo32.exe

DDS Line:

mRun: [msnfo32] C:\WINDOWS\system32\msnfo32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“msnfo32″=C:\WINDOWS\system32\msnfo32.exe

Description: trojan also known as trojan agent

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

What is eventtriggersxp.exe, How to remove eventtriggersxp.exe

Wednesday, March 17th, 2010

eventtriggersxp.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: eventtriggersxp
Filename: eventtriggersxp.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | eventtriggersxp.exe

Command: %Temp%\eventtriggersxp.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [eventtriggersxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\eventtriggersxp.exe

DDS Line:

uRun: [eventtriggersxp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\eventtriggersxp.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“eventtriggersxp.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\eventtriggersxp.exe

Description: trojan fakeAlert that once started will display a lot of fake security alerts and will suggest to download and install Dr. Guard. Dr. Guard is a rogue antispyware program.

How to remove: use these Dr. Guard removal instructions in order to remove Dr. Guard and the eventtriggersxp.exe trojan fakealert.

Posted in O4, Run, Trojan | No Comments »

What is mlthnj.dll, How to remove mlthnj.dll

Saturday, March 13th, 2010

mlthnj.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: mlthnj
Filename: mlthnj.dll
Registry key:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls

Command: c:\windows\system32\config\systemprofile\Local Settings\Application Data\Windows Server\mlthnj.dll
Startup Type: AppSecDll
Combofix:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ c:\windows\system32\config\systemprofile\Local Settings\Application Data\Windows Server\mlthnj.dll

Description: desc
Notes: trojan also known as Trojan.Agent/Gen-FakeAV, which is installed with a rogue antispyware program.

How to remove: use Registry editor + Malwarebytes` Anti-malware

Posted in AppCertDlls, Trojan | No Comments »

What is overlapp32.dll, How to remove overlapp32.dll

Friday, March 5th, 2010

overlapp32.dll is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: overlapp32
Filename: overlapp32.dll
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck

Command: %Windir%\System32\overlapp32.dll
CLSID: {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C}
Startup Type: ShellServiceObjectDelayLoad
HijackThis Category: O21
HijackThis Line:

O21 – SSODL: WebCheck – {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C} – overlapp32.dll

DDS Line:

SSODL: WebCheck – {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C} – overlapp32.dll

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck – {FF4EC53A-CA51-9A39-6CDD-5FFB26FB445C} – overlapp32.dll

Description: trojan also known as Trojan-PSW.Generic [PCTools], Infostealer [Symantec], Downloader-BZS [McAfee], Trojan.KeyLogger.4260 [DrWEB], Win32:Malware-gen [AVAST]

How to remove: use HijackThis +Kaspersky virus removal tool

Posted in O21, ShellServiceObjectDelayLoad, Trojan | No Comments »

What is amht.xfo, How to remove amht.xfo

Friday, March 5th, 2010

amht.xfo is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: amht
Filename: amht.xfo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command: Explorer.exe rundll32.exe amht.xfo kixxkk
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=Explorer.exe rundll32.exe amht.xfo kixxkk

Description: trojan also known as Trojan.Sasfis [PCTools], Trojan.Sasfis [Symantec], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

What is RTHDBPL, How to remove RTHDBPL

Friday, March 5th, 2010

RTHDBPL is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: RTHDBPL
Filename: lsass.exe
Registry key:

Command: %userProfile%\Application Data\SystemProc\lsass.exe
CLSID: clsid
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\user\Application Data\SystemProc\lsass.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“RTHDBPL”=C:\Documents and Settings\user\Application Data\SystemProc\lsass.exe

Description: trojan also known as Trojan.Gen [Symantec], Mal/VBInject-D [Sophos], WORM_BUZUS.EHM [TrendMicro]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

What is TOY5KNQ8OC, How to remove TOY5KNQ8OC

Friday, March 5th, 2010

TOY5KNQ8OC is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: TOY5KNQ8OC
Filename: [random 3 characters].ex
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | TOY5KNQ8OC

Command: %UserProfile%\LOCALS~1\Temp\[random 3 characters].exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\user\LOCALS~1\Temp\Xb1.exe

DDS Line:

uRun: [TOY5KNQ8OC] C:\DOCUME~1\user\LOCALS~1\Temp\Xb1.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“TOY5KNQ8OC”=C:\DOCUME~1\user\LOCALS~1\Temp\Xb1.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

« Previous Entries
Next Entries »