Archive for the 'Virus' Category

What is ansid.exe, How to remove ansid.exe

Sunday, December 13th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ansid
Filename: ansid.exe
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvcRDSessMgr

Command: c:\windows\SYSTEM32\ansid.exe
Startup Type: Service
HijackThis Category:
HijackThis Line:

O23 – Service: NetMeeting Remote Desktop Sharing mnmsrvcRDSessMgr (mnmsrvcRDSessMgr) – – C:\WINDOWS\system32\ansid.exe srv

DDS/Combofix/RSIT Line:

R2 mnmsrvcRDSessMgr;NetMeeting Remote Desktop Sharing mnmsrvcRDSessMgr;c:\windows\SYSTEM32\ansid.exe srv

Description: virus also known as W32.Virut.CF [Symantec], Virus.Win32.Virut.ce [Kaspersky Lab], W32/Virut.n.gen [McAfee], W32/Scribble-B [Sophos], Virus:Win32/Virut.BM [Microsoft]

How to remove: use Kaspersky virus removal tool

What is reader_s.exe, How to remove reader_s.exe

Thursday, December 3rd, 2009

reader_s.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: reader_s
Filename: reader_s.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | reader_s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | reader_s

Command:

%WinDir%\System32\reader_s.exe
%UserProfile%\reader_s.exe

Startup Type: O4
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 – HKCU\..\Run: [reader_s] C:\Documents and Settings\user\reader_s.exe

DDS Line:

mRun: [[reader_s] C:\WINDOWS\System32\reader_s.exe
uRun: [[reader_s] C:\Documents and Settings\user\reader_s.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“reader_s”=C:\WINDOWS\System32\reader_s.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“reader_s”=C:\Documents and Settings\user\reader_s.exe

Description: component of Virut virus also known as W32.Virut.CF [Symantec], W32/Scribble-B [Sophos], Virus.Win32.Virut.ce [Kaspersky Lab], Virus:Win32/Virut.BM [Microsoft], W32/Virut.n.gen [McAfee]

How to remove: use Kaspersky virus removal tool + Dr.Web CureIt

sopidkc.exe is a virus

Saturday, June 27th, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: sopidkc
Filename: sopidkc.exe
Command: C:\WINDOWS\system32\sopidkc.exe
Startup Type: Service
HijackThis Category: O23
HijackThis Line:

O23 – Service: sopidkc Service (sopidkc) – Elecard Lt – C:\WINDOWS\system32\sopidkc.exe

Combofix/RSIT Line:

R2 sopidkc;sopidkc Service; C:\WINDOWS\system32\sopidkc.exe [2004-08-18 124928]

Description: Virus, identified as Backdoor:Win32/Refpron.gen!C [Microsoft], Troj/Comsa-C [Sophos], New Win32 [McAfee], Packed.Win32.Koblu.b [Kaspersky Lab]

lkxcqdb.bat is a component of autorun.inf virus

Sunday, February 15th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: lkxcqdb
Filename: lkxcqdb.bat
Command: E:\lkxcqdb.bat
CLSID: {df709192-1538-11dd-bc9a-0011675aabad}
Startup Type: autorun.inf

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df709192-1538-11dd-bc9a-0011675aabad}]
shell\AutoRun\command – E:\lkxcqdb.bat
shell\explore\command – E:\lkxcqdb.bat
shell\open\command – E:\lkxcqdb.bat

Description: component of autorun.inf virus

How to remove: How to remove lkxcqdb.bat – trojan that uses autorun.inf file

gy.cmd is a component of autorun.inf virus

Saturday, February 14th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: gy
Filename: gy.cmd
CLSID: {b75b8d74-94b1-11dc-bb7c-00c09fcd8ea0}
Startup Type: autorun.inf

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b75b8d74-94b1-11dc-bb7c-00c09fcd8ea0}]
shell\AutoRun\command – gy.cmd
shell\explore\command – gy.cmd
shell\open\command – gy.cmd

Description: component of autorun.inf virus

How to remove: How to remove gy.cmd – trojan that uses autorun.inf file

itsduel.exe is a component of autorun.inf virus

Saturday, February 14th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: itsduel
Filename: itsduel.exe
Command: E:\itsduel.exe
CLSID: {98ffd239-a6ee-11dd-bd91-00c09fcd8ea0}
Startup Type: autorun.inf
Combofix/RSIT Line:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98ffd239-a6ee-11dd-bd91-00c09fcd8ea0}]
shell\AutoRun\command – E:\itsduel.exe
shell\explore\command – E:\itsduel.exe
shell\open\command – E:\itsduel.exe

Description: component of autorun.inf virus

How to remove: How to remove itsduel.exe – trojan that uses autorun.inf file