What is {RANDOM}shdw.exe, How to remove {RANDOM}shdw.exe


{RANDOM}shdw.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Filename: {RANDOM}shdw.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Command: %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
Startup Type: HKCU->Run, HKLM-> Run
HijackThis Category:
HijackThis Line:

O4 – HKLM\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
O4 – HKCU\..\Run: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe

DDS Line:

mRun: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
uRun: [{RANDOM}] %UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“{RANDOM}”=%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“{RANDOM}”=%UserProfile%\Local Settings\Application Data\{RANDOM}\{RANDOM}shdw.exe

Description: core component of Security Suite. Security Suite is a rogue antispyware program.

How to remove: use the Security Suite removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

2 Responses to “What is {RANDOM}shdw.exe, How to remove {RANDOM}shdw.exe”

  1. Doug Rivord Says:

    I have this virus and have run a scan using MalwareBytes. The program finds nothing, yet when I reboot into normal mode the virus still exists. Any ideas? Please help this is really annoying. I am contemplating backing up files and doing a clean sweep and reinstall of windows if I can not successfully get it off

  2. admin Says:

    Run HijackThis, perform a scan and fix all lines that have shdw.exe string at right.

Leave a Reply