What is {random}lanw.exe, How to remove {random}lanw.exe


{RANDOM}lanw.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Filename: {RANDOM}lanw.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Command: %Temp%\{RANDOM}\{RANDOM}lanw.exe
Startup Type: HKCU->Run, HKLM-> Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [{RANDOM}] %Temp%\{RANDOM}\{RANDOM}lanw.exe
O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}\{RANDOM}lanw.exe

DDS Line:

mRun: [{RANDOM}] %Temp%\{RANDOM}\{RANDOM}lanw.exe
uRun: [{RANDOM}] %Temp%\{RANDOM}\{RANDOM}lanw.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“{RANDOM}”=%Temp%\{RANDOM}\{RANDOM}lanw.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“{RANDOM}”=%Temp%\{RANDOM}\{RANDOM}lanw.exe

Description: core component of Antivirus IS. Antivirus IS is a rogue antispyware program.

How to remove: use the Antivirus IS removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

Leave a Reply