What is restorer64_a.exe, How to remove restorer64_a.exe


restorer64_a.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: restorer64_a
Filename: restorer64_a.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | restorer64_a
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | restorer64_a

Command: C:\Documents and Settings\Nancy\restorer64_a.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 – HKCU\..\Run: [restorer64_a] C:\Documents and Settings\Nancy\restorer64_a.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“restorer64_a” = C:\Documents and Settings\Nancy\restorer64_a.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“restorer64_a” = C:\Documents and Settings\Nancy\restorer64_a.exe

Description: a trojan that installed with Antivirus Pro 2010 (rogue antispyware program)

How to remove: use HijackThis + use Malwarebytes` Anti-malware

Leave a Reply