Archive for the 'Trojan' Category

« Previous Entries
Next Entries »

What is syre32.exe, How to remove syre32.exe

Thursday, March 4th, 2010

syre32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: syre32
Filename: syre32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | syre32

Command: C:\WINDOWS\system32\syre32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [syre32] C:\WINDOWS\system32\syre32.exe

DDS Line:

mRun: [syre32] C:\WINDOWS\system32\syre32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“syre32″=C:\WINDOWS\system32\syre32.exe

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, Trojan | No Comments »

What is cleansweep.exe, How to remove cleansweep.exe

Thursday, March 4th, 2010

cleansweep.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: cleansweep
Filename: cleansweep.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cleansweep.exe

Command: C:\cleansweep.exe\cleansweep.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe

DDS Line:

uRun: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cleansweep.exe”=C:\cleansweep.exe\cleansweep.exe

Description: trojan also known as Trojan.Spyeye [PCTools], Trojan.Spyeye [Symantec], Trojan-Spy.Win32.SpyEyes.h [Kaspersky Lab], BackDoor-Spyeye [McAfee], Mal/Spyeye-A, Mal/Spyeye-A [Sophos], Trojan:Win32/Spyeye.B [Microsoft],

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, Trojan | No Comments »

What is nynw.wmo, How to remove nynw.wmo

Thursday, March 4th, 2010

nynw.wmo is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: nynw
Filename: nynw.wmo
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell

Command:Explorer.exe rundll32.exe nynw.wmo mynleeq
Startup Type: Winlogon->Shell
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: Shell=”Explorer.exe rundll32.exe nynw.wmo mynleeq”

Description: trojan also known as Trojan.Sasfis [PCTools], Trojan.Sasfis [Symantec], Mal/Oficla-A [Sophos], Trojan:Win32/Oficla.M [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in F2, Trojan, Winlogon\Shell | No Comments »

What is _VOIDd.sys, How to remove _VOIDd.sys

Thursday, March 4th, 2010

_VOIDd.sys is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: _VOID[random]
Filename: _VOID[random].sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\_VOIDd.sys

Command: %WinDir%\system32\drivers\_VOID[random].sys
Startup Type: Hidden driver
RootRepeal log line:

Service Name: _VOIDd.sys
Image Path: C:\WINDOWS\system32\drivers\_VOIDaabmetnqbf.sys

Description: variant of TDSS trojan

How to remove: use the TDSS trojan removal instructions.

Posted in Driver, Trojan | No Comments »

What is drwatson64ex.exe, How to remove drwatson64ex.exe

Thursday, February 25th, 2010

drwatson64ex.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: drwatson64ex
Filename: drwatson64ex.exe
Command: %UserProfile%\LOCALS~1\Temp\drwatson64ex.exe
Description: trojan FakeAlert that installed with Paladin Antivirus. Paladin Antivirus is a rogue antispyware program.

How to remove: use these Paladin Antivirus removal instructions.

Posted in Trojan | No Comments »

What is msdtctr.exe, How to remove msdtctr.exe

Thursday, February 25th, 2010

msdtctr.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: msdtctr
Filename: msdtctr.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | msdtctr.exe

Command: %UserProfile%\LOCALS~1\Temp\msdtctr.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [msdtctr.exe] C:\DOCUME~1\user\LOCALS~1\Temp\msdtctr.exe

DDS Line:

uRun: [msdtctr.exe] C:\DOCUME~1\user\LOCALS~1\Temp\msdtctr.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“msdtctr.exe”=C:\DOCUME~1\user\LOCALS~1\Temp\msdtctr.exe

Description: trojan FakeAlert that once started, will download and install Paladin Antivirus. Paladin Antivirus is a rogue antispyware program.

How to remove: use these Paladin Antivirus removal instructions.

Posted in O4, Run, Trojan | No Comments »

What is spoo1sv.exe, How to remove spoo1sv.exe

Sunday, February 21st, 2010

spoo1sv.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: spoo1sv
Filename: spoo1sv.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | spoo1sv

Startup Type:HKCU->Policies\Explorer\Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Policies\Explorer\Run: [spoo1sv] spoo1sv.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“spoo1sv”=spoo1sv.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Policies\Explorer\Run, Trojan | No Comments »

What is monnid32.exe, How to remove monnid32.exe

Sunday, February 21st, 2010

monnid32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: monnid32
Filename: monnid32.exe
Command: %userProfile%\start menu\programs\startup\monnid32.exe
Startup Type: Startup Folder
HijackThis Category: O4
HijackThis Line:

O4 – S-1-5-18 Startup: monnid32.exe (User ‘SYSTEM’)
O4 – .DEFAULT Startup: monnid32.exe (User ‘Default user’)
O4 – Startup: monnid32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\monnid32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
monnid32.exe

Description: Trojan.Bredolab

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Startup folder, Trojan | 5 Comments »

What is eventcreatexp.exe, How to remove eventcreatexp.exe

Friday, February 19th, 2010

eventcreatexp.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: eventcreatexp
Filename: eventcreatexp.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | eventcreatexp.exe

Command: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eventcreatexp.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [eventcreatexp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eventcreatexp.exe

DDS Line:

uRun: [eventcreatexp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eventcreatexp.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“eventcreatexp.exe”=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eventcreatexp.exe

Description: trojan FakeAlert that installed with Paladin Antivirus. Paladin Antivirus is a rogue antispyware program.

How to remove: use these Paladin Antivirus removal instructions.

Posted in O4, Run, Trojan | No Comments »

What is taskmandb.exe, How to remove taskmandb.exe

Friday, February 12th, 2010

taskmandb.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: taskmandb
Filename: taskmandb.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | taskmandb.exe

Command: %UserProfile%\LOCALS~1\Temp\taskmandb.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [taskmandb.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\taskmandb.exe

DDS Line:

uRun: [taskmandb.exe] C:\DOCUME~1\comp\LOCALS~1\Temp\taskmandb.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“taskmandb.exe”=C:\DOCUME~1\comp\LOCALS~1\Temp\taskmandb.exe

Description: trojan FakeAlert

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

« Previous Entries
Next Entries »