What is restorer32_a.exe, How to remove restorer32_a.exe
restorer32_a.exe is a harmful program.
 |
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: restorer32_a
Filename: restorer32_a.exe
Registry key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | restorer32_a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | restorer32_a
Command: c:\windows\system32\restorer32_a.exe
Startup Type: HKCU->Run, HKLM->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKCU\..\Run: [restorer32_a] c:\documents and settings\username\restorer32_a.exe
O4 – HKLM\..\Run: [restorer32_a] c:\windows\system32\restorer32_a.exe
Combofix/RSIT Line:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“restorer32_a”=”c:\documents and settings\username\restorer32_a.exe” [2009-09-29 40448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“restorer32_a”=”c:\windows\system32\restorer32_a.exe” [2009-09-29 40448]
Description: trojan that installed with Antivirus Pro 2010 (rogue antispyware)
How to remove: use HijackThis + use Malwarebytes` Anti-malware
November 24th, 2009 at 12:32 am
Hello
I have followed this process and really it is very very useful,
i have quick heal anti virus on my system and this virus has been detected by it but i did not know, is it removed or not.
Every time i started my system, after welcome message deletion of this virus message appears,
i was tired of that message, i have installed other programs(searching from google) to delete this but no result,
but this registry process is awesome,
finally it has been gone.
Thank you
Thank you very much (you can understand to see my mail’s length how i was sick from this virus)
November 24th, 2009 at 2:34 am
Pavi, open a new topic in the Spyware removal forum and post your HijackThis log to it.