HT Logs. Tips, FAQs, Analyze.

netuza32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: netuza32
Filename: netuza32.exe
Command: %UserProfile%\start menu\programs\startup\netuza32.exe
Startup Type: Startup Folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: netuza32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\netuza32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
netuza32.exe

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

extrac64_cab.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: extrac64_cab
Filename: extrac64_cab.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | extrac64_cab.exe

Command: %UserProfile%\temp\extrac64_cab.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [extrac64_cab.exe] C:\DOCUME~1\user\LOCALS~1\Temp\extrac64_cab.exe

DDS Line:

uRun: [extrac64_cab.exe] c:\dokume~1\user\lokale~1\temp\extrac64_cab.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“extrac64_cab.exe”=c:\dokume~1\user\lokale~1\temp\extrac64_cab.exe

Description: new variant of cls_pack.exe trojan. It also known as HeurEngine.MaliciousPacker [PCTools], Packed.Generic.277 [Symantec], Trojan-Downloader.Win32.FraudLoad.wxry [Kaspersky Lab], Mal/Generic-A [Sophos], Trojan-Downloader.Win32.FraudLoad [Ikarus]

How to remove: use these extrac64_cab.exe removal instructions.

0021.DLL is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: 0021
Filename: 0021.DLL
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | CrntDLL

Command: C:\WINDOWS\system32\0021.DLL
Startup Type: AppInit_DLLs + CrntDLL
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\0021.DLL

DDS Line:

AppInit_DLLs: C:\WINDOWS\system32\0021.DLL

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\0021.DLL”

Description: trojan also known as Trojan-Spy.Win32.Delf.hvj [Kaspersky Lab], BackDoor-BAC [McAfee], Troj/Bckdr-RAP [Sophos], Trojan:Win32/Witkinat.A [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

0020.DLL is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: 0020
Filename: 0020.DLL
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | CrntDLL

Command: C:\WINDOWS\system32\0020.DLL
Startup Type: AppInit_DLLs + CrntDLL
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\0020.DLL

DDS Line:

AppInit_DLLs: C:\WINDOWS\system32\0020.DLL

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\0020.DLL”

Description: trojan also known as Trojan-Spy.Win32.Delf.hvj [Kaspersky Lab], BackDoor-BAC [McAfee], Troj/Bckdr-RAP [Sophos], Trojan:Win32/Witkinat.A [Microsoft]

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

0019.DLL is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: 0019
Filename: 0019.DLL
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS

Command: C:\WINDOWS\system32\0019.DLL
Startup Type: AppInit_DLLs
HijackThis Category: O20
HijackThis Line:

O20 – AppInit_DLLs: C:\WINDOWS\system32\0019.DLL

DDS Line:

AppInit_DLLs: C:\WINDOWS\system32\0019.DLL

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=”C:\WINDOWS\system32\0019.DLL”

Description: trojan agent

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

incognito.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: incognito
Filename: incognito.exe
Registry key:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB}

Command: c:\windows\system32\incognito.exe
CLSID: {ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB}
Startup Type: Microsoft active setup
DDS Line:

mASetup: {ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB} – c:\windows\system32\incognito.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ADEEAF15-7FE8-DEDD-3FFF-4DF56EBB1DFB}]
c:\windows\system32\incognito.exe

Description: trojan also known as Trojan.Win32.Buzus.dahy [Kaspersky Lab], Mal/Generic-A [Sophos]

How to remove: use Kaspersky virus removal tool or Windows Registry editor

9fo3ar0j.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: 9fo3ar0j
Filename: 9fo3ar0j.exe
Command: c:\9fo3ar0j.exe
Startup Type: autorun.inf
Description: autorun.inf trojan also known as Mal/Generic-A [Sophos], PWS.Win32 [Ikarus], packed with ASPack [Kaspersky Lab]. The trojan is installed with herss.exe trojan.

How to remove: use these autorun.inf trojans removal instructions + run Kaspersky virus removal tool

wwwpos32.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: wwwpos32
Filename: wwwpos32.exe
Command: c:\documents and settings\user\start menu\programs\startup\wwwpos32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: wwwpos32.exe

DDS Line:

StartupFolder: c:\documents and settings\user\start menu\programs\startup\wwwpos32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
wwwpos32.exe [2008-4-14 40448]

Description: trojan

How to remove: use HijackThis + Kaspersky virus removal tool

sdra64.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sdra64
Filename: sdra64.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit

Command: C:\WINDOWS\system32\sdra64.exe
Startup Type: Winlogon\UserInit
HijackThis Category: F2
HijackThis Line:

F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,

Description: core component of trojan ZBot also known as Trojan-Spy.Win32.Zbot.gen [Kaspersky Lab], PWS:Win32/Zbot.gen!R [Microsoft], Mal/Zbot-O [Sophos], Infostealer.Banker.C [Symantec]

How to remove: use HijackThis + Malwarebytes` Anti-malware

winIogon.exe is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: winIogon
Filename: winIogon.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft System Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices | Microsoft System Service
HKEY_CURRENT_USER\Software\Microsoft\OLE | Microsoft System Service

Command: C:\Windows\System32\winIogon.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft System Service] winIogon.exe

DDS Line:

mRun: [Microsoft System Service] winIogon.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft System Service”=winIogon.exe

Description: trojan also known as W32/Virut.gen.a [McAfee], Backdoor:Win32/Poebot.gen [Microsoft], W32.IRCBot [Symantec], PE_VIRUT.AV [Trend Micro], W32.Virut.W [Symantec]

How to remove: use HijackThis + Kaspersky virus removal tool