What is {RANDOM}shdw.exe, How to remove {RANDOM}shdw.exe


{RANDOM}shdw.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Filename: {RANDOM}shdw.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Command: %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
Startup Type: HKCU->Run, HKLM-> Run
HijackThis Category:
HijackThis Line:

O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe

DDS Line:

mRun: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
uRun: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“{RANDOM}”=%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“{RANDOM}”=%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe

Description: core component of Security Suite. Security Suite is a rogue antispyware program.

How to remove: use the Security Suite removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

This entry was posted on Thursday, August 12th, 2010 at 8:44 am and is filed under O4, Rogue Antispyware/Antivirus, Run. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “What is {RANDOM}shdw.exe, How to remove {RANDOM}shdw.exe”

  1. Doug Rivord Says:
    August 25th, 2010 at 1:56 pm

    I have this virus and have run a scan using MalwareBytes. The program finds nothing, yet when I reboot into normal mode the virus still exists. Any ideas? Please help this is really annoying. I am contemplating backing up files and doing a clean sweep and reinstall of windows if I can not successfully get it off

  2. admin Says:
    August 26th, 2010 at 12:38 pm

    Run HijackThis, perform a scan and fix all lines that have shdw.exe string at right.

Leave a Reply