Comments for Spyware-Virus Files and Process

Comment on Ramal Jodoh.pif by devy putri pratama

devy putri pratama — Mon, 16 Nov 2009 09:42:12 +0000

ramalkan saya ttgjodoh saya…dan apa saya bs menikah

Comment on Ramal Jodoh.pif by devy putri pratama

devy putri pratama — Mon, 16 Nov 2009 09:41:20 +0000

ramalkan ttg jodoh saya..

Comment on Classified.exe by bekyo

bekyo — Mon, 16 Nov 2009 05:28:20 +0000

me too..

i coudn’t delete also.

Comment on regsvr.exe by harish

harish — Sat, 14 Nov 2009 06:47:46 +0000

The procedure solves issue to an extent.

It only disable the regsvr virus but kill all the related registry stting. If you open you Regedit in the startup option, you will still see the Regsvr option which can be enabled or disbaled….Any way to remove it from here??

harry_g1979@rediffmail.com

Comment on FUvirus.exe by ega

ega — Thu, 12 Nov 2009 01:21:53 +0000

i’m also having the same problem….malwarebytes is effecitve in removing fuvirus….but all the files converted to .exe files were gone…

Comment on Classified.exe by gan

gan — Tue, 03 Nov 2009 07:19:06 +0000

hi..

i have finished doing steps 1 to 4..

but i couldn’t delete the ff files in step5:

%System%\hlpsvc1.exe
%System%\hlpsvc2.exe
%SystemDrive%\Read1st!.exe
%SystemDrive%\goats.exe
%UserProfile%\My Documents\Classified.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Keyboard\kbdsys.exe
C:\Documents and Settings\All Users\Application Data\PolariSys\dirlock.exe

i need help please… thank you.

God Bless.

Comment on winupgro.exe by Flon Klar

Flon Klar — Mon, 02 Nov 2009 14:06:38 +0000

Why is it that when I run the batch file, the DOS window runs a constant stream of “md5deep” is not a valid program, command, or batch file?” The “out” file is also blank at the end of the scan. Am I doing something wrong?

Comment on winupgro.exe by Piotr

Piotr — Sat, 31 Oct 2009 14:42:09 +0000

Thank you, Yasser. Thanks to your post I was able to remove the winupgro.exe. My antivirus, NOD32, as well as Windows Defender got their arses kicked by it. Luckily my PC is now clean.

Comment on True_Love.exe by Zac

Zac — Fri, 23 Oct 2009 03:06:48 +0000

Avast can detect and remove TRUE_LOVE.EXE. But the thing is it wont automatically detect unless you scan the folder that has the virus.

Comment on ogard.exe by CCCP

CCCP — Sun, 18 Oct 2009 21:40:09 +0000

Try to boot in safe mode then find it and try to delete or u can try vista cause im hearing ti doesnt work on vista

Comment on Classified.exe by Jefferson

Jefferson — Fri, 16 Oct 2009 04:45:28 +0000

How to remove this virus…

1. Boot in safe mode with command prompt. Do NOT boot on safe mode with networking. the virus will be active.
>to boot in safe mode>>>start your computer>> while restarting press F8>> then choose safe mode

2. Run regedit (Start >> Run >> cmd)
3. Delete the following registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”WinSys” = “%Windir%\system.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”LSAShell” = “%Windir%\lsass.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”SessionMngr” = “C:\Documents and Settings\All Users\Application Data\PolariSys\dirlock.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “Explorer.exe \”C:\Documents and Settings\All Users\Application Data\Microsoft\Keyboard\kbdsys.exe\”

4. Edit the following entries too:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\”DisableSR” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”Hidden” = “2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”HideFileExt” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”ShowSuperHidden” = “1″
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”Hidden” = “2″
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”HideFileExt” = “1″
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”ShowSuperHidden” = “0″
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”SuperHidden” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoFolderOptions” = “1″

Note: “0″ is to disable, “1″ is to enable.

Very Important Note:
Use Attribute Changer first to fix regular folders’ attribute BEFORE fixing the registry.
________________________________________

here’s my regentry for the above:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\”DisableSR” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”Hidden” = “2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”HideFileExt” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”ShowSuperHidden” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”SuperHidden” = “0″

________________________________________

5. Manually delete the following files
%System%\hlpsvc1.exe
%System%\hlpsvc2.exe
%SystemDrive%\Read1st!.exe
%SystemDrive%\goats.exe
%Windir%\Classified.exe
%Windir%\system.exe
%Windir%\lsass.exe
%Windir%\shutdown.dll
%UserProfile%\My Documents\Classified.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Keyboard\kbdsys.exe
C:\Documents and Settings\All Users\Application Data\PolariSys\dirlock.exe

Also clear your startup folder

%Windir%\ is usually Windows (unless you specified a diff one upon OS installation)
%system% and %systemDrive%\ is the drive where your OS is (usually C: drive)

Comment on Classified.exe by kirby

kirby — Fri, 16 Oct 2009 03:16:34 +0000

how do i show all the folders????

Comment on Classified.exe by kirby

kirby — Fri, 16 Oct 2009 03:15:12 +0000

all my foldera are gone. there is no folder options. how do i get it back? pls help jeff

Comment on Classified.exe by kirby

kirby — Fri, 16 Oct 2009 00:11:49 +0000

thanks jeff!

Comment on Classified.exe by weirdzal

weirdzal — Thu, 15 Oct 2009 03:29:02 +0000

can i just copy the “Advanced” folder from another pc and paste it on the directory on my pc?

Comment on Classified.exe by weirdzal

weirdzal — Wed, 14 Oct 2009 01:49:06 +0000

Hi Jeff…what if in the part below where the “Advanced” folder is missing in my case…how do i go around with this?

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”Hidden” = “2?
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer
Advanced\”HideFileExt” = “1?
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”ShowSuperHidden” = “0?
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”SuperHidden” = “1?

Thanks for all the help i could get =)

Comment on zxx by bgeo

bgeo — Mon, 12 Oct 2009 17:54:02 +0000

Just ran a scan with STOPzilla and removed 81 threats - however, there was one with a high threat quotiant, Zxx, which Stopzilla could not remove - what is it? how dangerous? I can’t find it in any component/program list - how do I get rid of it?

Comment on True_Love.exe by loganathan

loganathan — Sun, 04 Oct 2009 09:32:53 +0000

i have avast antivirus.but true love.exe virus cant able to remove by avast .its permanently in my pendrive. icant able to format my pen drive.

Comment on MarioForever.exe by cisso

cisso — Tue, 29 Sep 2009 18:19:06 +0000

je demande le jeu marioforever.zip 18 Mo
ou marioforever.exe 16 Mo

Comment on winupgro.exe by Alex

Alex — Sun, 27 Sep 2009 02:50:15 +0000

Thanks Yasser. Worked for me. Similar file I found was NtuneCmd.exe in Nvidia Ntune folder. Deleted both NtuneCmd.exe and winupgro.exe and their registry entries, and it worked.
Creating checksum lasted about 10 hours, so thanks
to Anish for his workaround tip too.

Comment on True_Love.exe by ragend

ragend — Fri, 25 Sep 2009 13:24:44 +0000

i have true-love.exe on my computer…………………

Comment on winupgro.exe by Anish

Anish — Wed, 23 Sep 2009 06:04:37 +0000

Thanks Yasser and everyone. Your tip was a great help.
My C drive contains huge amount of data and it took more than 3 hours to create checksum for half of the files in hard disk.
I tried a tricky workaround. It worked for me, I hope it might help u guys too.

I looked at the property of [%appdata%\drivers\winupgro.exe] which were following
size:=856064B date:=5/6/2006

I did a search of this specific file using windows search including hidden files.
To my surprise I got the other file withing minutes.
In my case it was [%appdata%\..\Local\Google\Update\GoogleUpdate.exe] which got overwritten.
“GoogleUpdate.exe” uses windows scheduler and calls itself pretty often like when system is idel or when it restarts…

Also one another observation:
Look at these place where the winupgro.exe points to.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
the hidden overwritten exe might be one of the exe listed in these locations.

Regards
Anish

Comment on Data Administrator.exe by ashkan

ashkan — Mon, 21 Sep 2009 03:08:40 +0000

anti adminstrator.exe

Comment on True_Love.exe by Dinesh Babu

Dinesh Babu — Fri, 18 Sep 2009 11:22:02 +0000

Easy Way To Remove True_love.exe is stop Msrun32 services by ending it in taskmanger and find msrun32 and remove the file .

at last delete true_love in drive. then virus problem will be over

Comment on My SeXy.exe by tj

tj — Fri, 18 Sep 2009 10:21:13 +0000

plz i have a problem wit this virus
i need a removal tool that can help me remove it frm my system.

Comment on Classified.exe by Roberto

Roberto — Fri, 18 Sep 2009 10:03:25 +0000

Thanks a lot jeff. It worked.

Comment on Classified.exe by Rem

Rem — Tue, 15 Sep 2009 02:06:45 +0000

thanks jeff !

Comment on ikowin32.exe by Andrew

Andrew — Mon, 14 Sep 2009 21:33:39 +0000

Jason you douche there are people in the world who speak other languages who may not know how to speak English perfectly.

Comment on winupgro.exe by Amundo

Amundo — Sat, 12 Sep 2009 10:01:53 +0000

Thanks to this forum and “ComboFix”, I was able to delete the infected files (unfortunately, I still have some suspicious entries in my registry). On my machine, this is what I found: it behaves like a rootkit and hooks several important system processes. It keeps watch for AV products (including “ComboFix” - when downloading, rename it to something else, like “Combo-Fix”, else you’ll get “invalid Win32 application”) and will corrupt? or intercept? attempts at running them. It will then check your registry and find a program that starts when Windows starts - it will replace it with the Winupgro.exe, renamed as the applications original filename (in my case, I had KeePass password keeper in my startup - it was only by accident I was wondering why it was not autostarting anymore - it had the same icon as the infecting program!! - that’s why I noticed it!!!). So if you know what you’re doing, as has been mentioned previously, use MSCONFIG or AUTORUNS to see what gets executed at startup, and target these for the MD5 checksum, rather that checking the whole of the C: drive. (”ComboFix” does seem to work, though, I just lost track of all the things I did).

Comment on ProtectFile.vbs by Siddharth

Siddharth — Mon, 07 Sep 2009 06:05:15 +0000

When i tried the Move ON boot tool to rename first of all the it says New Name should contain a valid relative local file system path and if oi dont specify the path it says the source file doesnt exist.What to do please help

Comment on braviax.exe by ty

ty — Sat, 05 Sep 2009 19:57:49 +0000

to kill braviax.exe :

1-shut down internet.
2-open task manager
3-end braviax.exe and its creator sys32_nov.exe
4-than open windows/system32/
5-search find and delete with unlocker these found files sys32_nov.exe and braviax.exe in system32 folder..it means you survived braviax.exe))

Comment on Classified.exe by Mike

Mike — Sat, 05 Sep 2009 09:29:04 +0000

Oct 10 2007, 09:24 AM

Here’s a Tip on USB Devices on protecting them.. Hope you want this… Enjoy

1. Check first the Auto Insert Notification setttings. Set it to “prompt user…”.
2. Insert your USB device
3. Open “My Computer” after the USB loads
4. DON’T left-click, but right-click on the USB drive
5. Check: (very important)

if it displays:
QUOTE
Open
Explore
Search
Autoplay

then it’s safe.

if it displays:
QUOTE
Autoplay
Open
Explore
Search

or:
QUOTE
Auto
Autoplay
Open
Explore
Search

or:
QUOTE
0pen
Autoplay
Open
Explore
Search

or:
QUOTE
Open
Autoplay Folder Options. If Folder Options isn’t displayed, then proceed to step 7**
2. Go to the View tab, then enable “Show hidden files and folders”, and uncheck “Hide extensions for known file types” and “Hide protected operating files” (click yes on this part)
3. Apply and Ok
4. Click the address bar
5. Type the drive letter of your USB device (example - F:\)
6. Look for suspicious files… like EXE files that has the icon of a folder, and named after the folder it is in… or VBS files in the root folder… or krag.exe and other unnecessary executables, or the folder RECYCLER. Delete those.
7. Run Notepad
8. Go to File>Save As, go to any folder you want to save.
9. Name it as “autorun.inf”, then save.
10. Copy autorun.inf
11. Paste it on the root folder of the USB drive (example - F:\)
12.Confirm file overwrite.
13. Reconnect your USB device.
14. Finished. No more Autoplay.

**if there is no Folder Options, then it might have been disabled by the administrator, or your system also has already been infected.

===================================

Also dont Reboot PC (pressing restart button.) while your USB Device is inserted. it can corrupt data…

Comment on ikowin32.exe by Jason

Jason — Thu, 03 Sep 2009 23:49:39 +0000

“is still a threat?”

“just hide in usb and moved in my files in startup and avg catched”

“Should I must install an anti-spyware?”

WHAT ARE YOU TRYING TO SAY???

Before you expect someone to fix your issue, learn how to use proper grammar. It goes a long way in being able to understand what someone is trying to say, not to mention it’s just plain lazy and dumb.

Comment on winjpg.jpg by Aman

Aman — Thu, 03 Sep 2009 20:39:13 +0000

Dear
Ven i enter the system password at login it hangs for somtime then enter can u help me out.

Comment on winupgro.exe by francesco

francesco — Tue, 01 Sep 2009 07:56:52 +0000

Hi Yasser, i tried your procedure, it’ ok the OUT.txt file, i found the others files were the winupgro was hidden but the problem is that these file togheter with the winupgro.exe file are not deletable….when i try to delete thme i get the messase “access denied” disk could be full or write protected or the file is currently in use….and it’s true because the winupgro is running as virus gettin the 99% of the cpu resources!
How can i get out of this trick!??
thanks for your help!
francesco

Comment on winupgro.exe by Ozgur

Ozgur — Fri, 28 Aug 2009 23:45:15 +0000

It is working 100%. Thanks again.

Comment on True_Love.exe by Mohan.S

Mohan.S — Thu, 27 Aug 2009 12:36:07 +0000

I am alos effected that the same virus, so please help me.

Comment on vshost.exe by razvan

razvan — Thu, 27 Aug 2009 12:03:30 +0000

hi,guys i have a problem with vshost.exe…when i try to entire in D: partitio i receive a vshost message like zgb..please help me:((

Comment on FUvirus.exe by Sheena Shroff

Sheena Shroff — Wed, 26 Aug 2009 01:09:44 +0000

Hi there I got hit by the FU virus and I was wondering if ISRESET works with AVG. Please help all my important office files got hit.

Comment on rncsys32.exe by rqqt

rqqt — Mon, 24 Aug 2009 11:21:56 +0000

this malware can hijack server files … piggys back to your other network machines.

I has got infected by this pairup:
rncsys32.exe
kovin32.exe

Comment on ikowin32.exe by FND

FND — Sat, 22 Aug 2009 11:43:00 +0000

yes but if moved by usb and was deleted by the avg, is still a threat?
the program virus is not installed on my pc, just hide in usb and moved in my files in startup and avg catched
Should i must install an anti-spyware?

Comment on vshost.exe by mihai

mihai — Fri, 21 Aug 2009 14:00:55 +0000

Hi, my PC does the same thing. I saw that nobody answered at your post for a long time, why is site for anyway?

Comment on Classified.exe by Jeff

Jeff — Thu, 20 Aug 2009 17:43:11 +0000

Guys try this to remove Classified.exe worm

1. Download Hitman Pro 3.5 and run it to your computer
* This will remove threats in windows. Restart your computer

2. Download Kaspersk removal tool and run this in your computer.
* Run this tool after hitman. Remove all the threats that were found

3. Open regedit and do the following
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
SystemRestore\”DisableSR” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\A
dvanced\”Hidden” = “2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”HideFileExt” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”ShowSuperHidden” = “1″

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”Hidden” = “2″
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer
Advanced\”HideFileExt” = “1″
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”ShowSuperHidden” = “0″
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”SuperHidden” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
\”NoFolderOptions” = “1″

4. Show all the folders. Open run command and type this to the terminal:

attrib -h -s /s /d

*At this point the folders were back and your computer is now free from Classified.exe

5. Rescan again just to make sure your computer is safe from any threats

Comment on Classified.exe by noelskie

noelskie — Mon, 17 Aug 2009 06:52:47 +0000

I may say, once your pc is infected with this worm, it disable or blocked your antivirus, making it useless…It replace folders with an application with the same name and icon…original folders are set by this wom as super hidden so it appears to be deleted though it is really not.

My solution scan your infected hardrive to another pc with a removal tool…i have use an updated removal tool from kaspersky and it works… here’s the links:
Download 1 (http://downloads1.kaspersky-labs.com/devbuilds/AVPTool/)
Download 2 (http://downloads2.kaspersky-labs.com/devbuilds/AVPTool/)
Download 3 (http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/)
install this on a clean virus free pc then scan your infected hard drive or usb…It will detect and delete the worms…

As to restore the hidden folders, you have to set folder options to show all files and uncheck the hide protected operating system…to be able to view the hidden folders…then you may manually change its folelder attributes by right click the properties… or you may download a software called Attribute Manager 2.6 to ease the work of setting attributes…

Be sure to reset folder options for protections…when done…you may rescan to be sure worms are gone…then test the hard drive on your pc…

Its kinda long process but it works for me…

Hope It helps…God Bless!!!

Comment on winupgro.exe by Ozgur

Ozgur — Sun, 16 Aug 2009 12:58:35 +0000

Or you can try the easy duplicate finder to find the duplicate. The program has a min. and max. file size to search. If you make it look between 820-840 kbs it would find the trojan. Then clean the registry and uninstall the affected program as Yasser says. For me it was the AI Roboform.
One more thing , I have security task manager and it shows the icons for programs working in the background. Roboform is a program working in the background and its icon was the same as winupgro’s. Maybe that can also help.

Thanks for the solution. I will check my system and will post here if this alternative way works 100%.

Comment on vshost.exe by zgb

zgb — Wed, 12 Aug 2009 07:46:07 +0000

My avast cannot delete this “vshost.exe”,even if i choose to delete that file it is still on … and i got 1 more problem..that svhost.exe won’t let me see files on my HDD. When I try to open C:/ message is : “Windows cannot find ‘vshost.exe’. Make sure you typed the name correctly, and try again. To search for a file, click the Start button, and then click Search.” Pls any help or i need to format my HDD?

Comment on Classified.exe by Fernando

Fernando — Tue, 11 Aug 2009 21:13:27 +0000

“try downloading usb disk security…

then make your HD as a flash disk by using a IDE/SATA USB cable to scan it in another computer with the disk security…

that would work i already tried it…”

Nah..It won’t!

Comment on True_Love.exe by ian

ian — Tue, 11 Aug 2009 06:02:30 +0000

my laptop is insfected my classified.exe then i tried to delete using task manager, later on my whole screen invert… what should i do?please help!…

Comment on True_Love.exe by webmaster

webmaster — Sat, 08 Aug 2009 10:28:51 +0000

If it is on memory stick you can use Flash Disinfector.
http://www.precisesecurity.com/tools-resources/adware-tools/flash-disinfector/

Comment on FUvirus.exe by jaymark

jaymark — Wed, 05 Aug 2009 03:13:53 +0000

..uhmmmmmm

..webmaster

..are you sure it can delete the FUvirus

..bcoz my pc is very affected by that virus

..i hope that this Malwarebytes’ Anti-Malware

..is working tnx

Comment on True_Love.exe by mani

mani — Mon, 03 Aug 2009 08:19:54 +0000

i also have the same…
true_love.exe virus
in my memory stick

help me how to remove…

Comment on Classified.exe by Rodel

Rodel — Wed, 29 Jul 2009 14:07:49 +0000

try downloading usb disk security…

then make your HD as a flash disk by using a IDE/SATA USB cable to scan it in another computer with the disk security…

that would work i already tried it…

Comment on True_Love.exe by mamun reza

mamun reza — Wed, 29 Jul 2009 08:12:40 +0000

i have two viruses
true_love.exe

in my pen drive and computer if delete after close and open they are reappeared

help me to remove viruses
i cant open my taskmanager

Comment on Patah Hati.doc .exe by ratheesh

ratheesh — Wed, 29 Jul 2009 07:17:28 +0000

i want removal tool of pathahati.doc

Comment on Classified.exe by hahabelat

hahabelat — Sun, 26 Jul 2009 13:12:15 +0000

i had the same problem too.. my first anti virus was avira.. and also i have malwarebytes.. but it only inactivate my antivirus. then i tried to download kaspersky but it can’t delete the classified.exe.. this folder is locked.. and all the sites of antivirus, malware, spyware and others are also blocked.

Comment on solution.vbs by Ody

Ody — Sat, 25 Jul 2009 08:56:35 +0000

My AVG alerted me that solution.vbs in my usb was potentially harmful. So I moved the file in to the vault.

Now whenever I try to access my usb, the Windows Script Host buble says “Can not find script file “G:\solution.vbs”.

What does this mean and how can I access my USB again?

Comment on chrome.exe by abrar

abrar — Wed, 22 Jul 2009 07:08:25 +0000

i hve got a virus with .exe extensions it creates a folder.exe folder in every pre-existing folder.please advice what to do

Comment on rncsys32.exe by fernanda

fernanda — Wed, 22 Jul 2009 05:23:43 +0000

It happened to me. The site of a client started to going wrong, showing blank pages. When I was searching the code, I saw that it had been mysteriously added a that directs to a site called “q1n.in” in all of my index and default pages. I contacted my host’s support and they said I was hacked. Not understand, because the files were all on the server and the password remains the same. Turning the antivirus on my machine I saw that I was more a victim of this trojan …

Comment on PAV.exe by KeV

KeV — Mon, 20 Jul 2009 22:27:00 +0000

I have a variant on my mates system in a PersonalAV folder and no winexplorer.dll and so I’m not sure if it will still operate quietly. Also, Does it need javascript, activex or something to install as prevention is better than a cure?

Comment on True_Love.exe by anand

anand — Sun, 19 Jul 2009 05:53:08 +0000

hi i also have same virues true love on my pendrive please help me how to remove this. the PC is getting stuck once i plug this in.

Comment on wiawow32.sys by Kimi

Kimi — Sat, 18 Jul 2009 19:22:43 +0000

I have the same problem. But currently I created a new admin account on my computer, and it seems to not be affected yet, so I’m able to get online and do many things that the other computer account can’t. I’m using Avast! (the free version) antivirus software, I did a thorough scan, and it came acrossed this virus. It moved it to the chest. Is that going to be sufficient enough or should it be deleted?

Comment on Classified.exe by Elis

Elis — Sat, 18 Jul 2009 06:58:53 +0000

i had tested out almost all of the known antivirus to remove the virus but they doesn’t solve the removal of the classified.exe.

any help will be much appreciated

Comment on wiawow32.sys by Jeffrey

Jeffrey — Thu, 16 Jul 2009 05:07:42 +0000

oh and by the way, that last post and this post are coming from a different computer. I cant open up IE explorer or Firefox on the other computer.

Comment on wiawow32.sys by Jeffrey

Jeffrey — Thu, 16 Jul 2009 05:06:03 +0000

Hey help me out…I have this virus and I can’t open any programs, but I can open up folders and whatnot (My Computer, Recycle Bin, etc.)

Comment on regsvr.exe by chaitu

chaitu — Wed, 15 Jul 2009 11:58:06 +0000

sorry to tell you this pal
but the procedure u have explained might not work on all systems affected by this virus as regsvr.exe will disable the registry also. so you cannot remove it from registry.. and also once u open the autorun.inf file and try to save it back again it will accept any changes….

Comment on rncsys32.exe by Chris

Chris — Tue, 14 Jul 2009 18:10:55 +0000

Found this on both computers in my house; probably transferred by a flash drive. Still not sure how it was conceived on the computers, but it was very frustrating. Re-routes all “Google” search results to a php error page.

Comment on USBCILLIN.EXE by nikhil

nikhil — Sat, 11 Jul 2009 14:40:01 +0000

plz help me to delet this virus usbcilin.exe

Comment on winifighter.exe by shamsul hoque

shamsul hoque — Fri, 10 Jul 2009 15:55:48 +0000

Its show me the on dialogbox “SSVICHOSST.exe” life not found ! when I start my computer . pls give me the proper helps .
thanks
shamsul hoque

Comment on SSVICHOSST.exe by shamsul hoque

shamsul hoque — Fri, 10 Jul 2009 15:44:51 +0000

When I starte my computer then it show the dialog box “SSVICHOSST.exe” not found . pls sussest me for remady.

Comment on winupgro.exe by John

John — Thu, 09 Jul 2009 07:41:01 +0000

Hi all, well it has been 12 hours now and I am still virus free.

The tt.bat did not work for me, I am using Vista ultimate 64 bit, I don’t know if that makes a difference, but I did not get an output file. but the file size search did the trick perfectly.

Many thanks again.

Comment on winupgro.exe by John

John — Wed, 08 Jul 2009 20:44:14 +0000

I followed Pascal method, after waiting for more than 2 hours fore the tt.bat to run, and searched in Vista for files equal to 832Kb and found ISUSPM.exe, it even had the same icon as the winupgro.exe file.
Searched the registry and deleted all reference to the file, one was in the startup section. I will post again if I am still clean tommorow.

A great help, and thanks to all the contributors.

Comment on True_Love.exe by bhoobalan

bhoobalan — Wed, 08 Jul 2009 14:35:28 +0000

i have two viruses
true_love.exe
Ms_run.exe
in my pen drive and computer if delete after close and open they are reappeared

help me to remove viruses
i cant open my taskmanager

Comment on regsvr.exe by rahul naik

rahul naik — Tue, 07 Jul 2009 07:41:53 +0000

my regsver.exe virus doesnt removed.

Comment on tazebama.exe by rajl

rajl — Sun, 05 Jul 2009 19:20:32 +0000

Excuse please I have a very big problem with tazebama.dl_ could you help me ?
please
answe me
to mine email :
vemberajil@yahoo.fr

Comment on sysguard.exe by jim

jim — Fri, 03 Jul 2009 16:53:59 +0000

Thanks for the info

Comment on winudpmgr.exe by webmaster

webmaster — Fri, 03 Jul 2009 11:05:26 +0000

Removing Malware

1. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as “default” only
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the “Show Results”
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.

Note: Some malware may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.

Comment on rncsys32.exe by bob

bob — Thu, 02 Jul 2009 23:42:19 +0000

This trojan steals ftp ids (stored where? filezilla maybe?) and inserts some iframe tags into whatever php files it can found, preferably index.php files.

Whenever this tag is read by a client, he is contaminated with rncsys32.exe (if lack of protection).

Comment on ogard.exe by Wajeb

Wajeb — Tue, 30 Jun 2009 18:53:25 +0000

true, I have 3 malware, and anti spy, and AVG, none detected it except AVG but only acusing none are deleting it… :S… WTF?

Comment on PAV.exe by LAW223

LAW223 — Tue, 30 Jun 2009 15:02:37 +0000

Thank you LiLi.. Killbox.net was the answer to my prayers here at the office. Got rid of PAV virus in a zap!

Comment on rncsys32.exe by lek

lek — Mon, 29 Jun 2009 15:43:55 +0000

I just got this virus in my computer.
Fortunately, my antivirus can delete it!

PS: I found this virus in my startup.

Comment on MsRun32.exe by malar

malar — Sun, 28 Jun 2009 06:10:18 +0000

In my pc a new virus entered and in process showing MsRun32.exe.
please instruct me how to remove completely.
thanks

Comment on PAV.exe by LiLi

LiLi — Thu, 25 Jun 2009 04:39:29 +0000

KILLBOX.net! enter a search for PAV and it kills it dead!

Comment on PAV.exe by Julie

Julie — Mon, 22 Jun 2009 17:44:07 +0000

What if the virus has now locked me out of the internet? I can’t get to the Microsoft website to follow the steps.

Comment on rncsys32.exe by dc

dc — Mon, 15 Jun 2009 05:42:41 +0000

think this is pretty new. detected slight increase in network traffic activity.

sits in start up folder, no other source exes or files it links to/references found on the pc (so far..)

anyone has more details abt it’s origins/what it is related to, what it might do etc?

- dc

Comment on tazebama.dll by Vod

Vod — Thu, 11 Jun 2009 13:44:59 +0000

Try Nod32 anti virus, hope it will fix your problem

Comment on Ramal Jodoh.pif by NOVRIALTANJUNG

NOVRIALTANJUNG — Thu, 11 Jun 2009 06:18:19 +0000

ramalkan saya dan pasangan saya

Comment on Ramal Jodoh.pif by NOVRIALTANJUNG

NOVRIALTANJUNG — Thu, 11 Jun 2009 06:01:23 +0000

tgl lahir 13-11-1985
pasangan
nama: erna dewi puspita saputri
tgl lahir 28-08-1988

Comment on PAV.exe by Tim

Tim — Tue, 09 Jun 2009 13:22:55 +0000

For step 6 run “Autoruns” as administrator by right clicking it and it will let you delete

Comment on ProtectFile.vbs by srichandar

srichandar — Sat, 06 Jun 2009 10:55:43 +0000

go to task manager kill the processes explorer and wscript.exe(if available)
now go to applications tab and press new task
enter cmd in the cmd go to the drive c:\
enter del /f/q/a protectfile.vbs
and del /f/q/a autorun.inf
and now go to c:\windows\system32
and enter del /f/q/a secureguard.vbs
now u have deleted all the infected files in ur system
and now goto
regedit and search for protectfile.vbs and delete all the files with this name
and again search for the secureguard.vbs
and u have to modify it as in the path del only”c:\windows\system32\secureguard.vbs… and let the other part of the path be there alive..
and restart ur system
thats all u r done…!!!!!!!!
Source(s):
self, i tried it when it occurred in my system

Comment on PAV.exe by Jim

Jim — Sat, 06 Jun 2009 00:45:19 +0000

Excellent right on the money got rid of that stupid thing easily. thanks

Comment on PAV.exe by Joe-Tech

Joe-Tech — Wed, 03 Jun 2009 20:32:07 +0000

@Keith Schmidt: Un-register the .DLL (”Step 5.995″) file prior to deleting it.

hxxp://www.xp-vista.com/other/how-to-unregister-dll-files

Comment on PAV.exe by Keith Schmidt

Keith Schmidt — Sat, 30 May 2009 18:48:39 +0000

I get to step six and it doesnt let me, it says access is denied. How can i get past this?

Comment on FUvirus.exe by Nintendo.com

Nintendo.com — Sat, 30 May 2009 15:54:08 +0000

i have ClamWin

Comment on FUvirus.exe by Nintendo.com

Nintendo.com — Sat, 30 May 2009 15:52:51 +0000

i know

Comment on MarioForever.exe by Roy

Roy — Sat, 30 May 2009 15:50:16 +0000

Sorry napnap i was not looking

Comment on MarioForever.exe by Roy

Roy — Sat, 30 May 2009 15:48:49 +0000

Look, Type Carefully [EXAMPLE]You called Mario Forever.exe marioforeever.exe

Comment on MarioForever.exe by Roy

Roy — Sat, 30 May 2009 15:42:36 +0000

I’m Replying to mukti ranjan senapaty:
Look, Type Carefully +
You called Mario Forever.exe marioforeever.exe What are you Chinese?
I’m Replying to napnap:
Look, Type Carefully +
You called Mario Forever.exe marioforeever.exe What are you Chinese?

Comment on MarioForever.exe by Roy

Roy — Sat, 30 May 2009 15:38:48 +0000

From Softendo (NINTENDO FANGAMES)

Comment on MarioForever.exe by Roy

Roy — Thu, 28 May 2009 17:46:31 +0000

i have Super Mario 3: Mario Forever

Comment on FUvirus.exe by bonsainess.com

bonsainess.com — Wed, 27 May 2009 18:45:04 +0000

Hello…. im new here… try downloading the latest bit defender Total Security. Works very fine and removes all malwares and viruses. works like more better than malwareProtection…..

my only problem is like with lupin, my files where gone and i followed ADDIN’s instruction with the show folder factor….

im sorry i just dont understand the “highlight all folders, and drop to isreset
press reset, and that should do it ”

please guide….. i dont get the highlight thing….
please guide in step by step…thank you very much….