Free Spyware Adware Worm and Virus Trojan Horse Download Removal Tools » Virus

PeakProtection2010 Adware Windows 2003/XP/2000/NT/ME/98/95

admin — Sun, 04 Dec 2011 21:35:22 +0000

Brief Description

PeakProtection2010is spyware and adware program which lets the end PC users know of the latest spyware and virus threats in their PC’ computers, much like spybot, AVG, melwarebytes and so on.PeakProtection2010 can reach the computer when the user accesses certain websites which can display banner ads and pop ups and what have you which can lead to the download of this program. It can also be reached via email spam, email link and so forth.

Visible Symptoms

PeakProtection2010is pretty simple to recognize.

When the app runs in windows, it will display the installer like the one below.
Once installed, the computer is restarted and the following screen is displayed where only one option can be selected:
When users click on this button, it stats scanning the system and once ended, it shows the results with the infected and restored files:

BackDoor-EVC!8F7F8F47013F Network Trojan and how to remove

admin — Fri, 30 Sep 2011 04:39:12 +0000

This backdoor Trojan infects files, registry, and network communication.

The following registry elements have been created:

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BF50AC63-19DA-487E-AD4A-0B452D823B59}\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BF50AC63-19DA-487E-AD4A-0B452D823B59}\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BF50AC63-19DA-487E-AD4A-0B452D823B59}\INPROCSERVER32\

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BF50AC63-19DA-487E-AD4A-0B452D823B59}\

This virus can be removed with microsoft security essentials. If your PC gets locked you are getting a black screen, you might want to run scan in safe mode.

Other names to reffer to.

Windows 7 black screen ram shortage infection % of my ram wasn’t functioning properly

admin — Fri, 30 Sep 2011 04:29:22 +0000

If your windows 7 screen turns black and you get an error stating something along the lines of ram shortage infection or a given % value was not functioning properly, here is what you do:

download unhide.exe and TDssKiller
Run TDSSKiller and it will locate your infection. It will ask you to remoev the infection ans simply say yes. IF all goes well and your PC is clean, it will ask to reboot your windows 7. Please do so.

It will most likely find: TrojanDownloader.OpenStream.NBF trojan

If this does not work for you, download the latest malwarebytes and update and scan.

Trojan.win32.Generic.pak!cobra.Engine

admin — Mon, 27 Jun 2011 19:22:56 +0000

This virus might be a google redirect trojan and it is not easy to clean, however, these are the first steps to take in trying to delete this nasty win32 virus.

go to start menu, then run, now type in MSCONFIG, go to startup tab and look for a long string of command that has random letters and sometimes numbers, disable that line and save.

Download Malwarebytes, update malwarebytes then do a full system scan. if any virus is found, it will delete it.

Now download spybot, do an update and a full scan, delete any melware or spyware it finds.

You surly must have a virus protection software, if not, download Microsoft Security Essentials, its free, update the app then a full scan.

These steps above should fix and delete the Trojan.win32.Generic.pak!cobra.Engine virus

Here are other virus trojans that are smiler to the one above and can be cleaned the same way.

Trojan.Win32.Generic!BT: Trojan
Trojan-Spy.Win32.Zbot.gen: Trojan
Exploit.PDF-JS.Gen (v): Exploit
Trojan.Win32.Generic!SB.0: Trojan
INF.Autorun (v): Trojan
Trojan.Win32.Hiloti.gen.d (v): Trojan
Trojan.Win32.Generic.pak!cobra: Trojan
Trojan.Win32.Adware: Adware (General)
MyWebSearch Toolbar: Potentially Unwanted Program
Trojan.Win32.Malware: Trojan

Virus PWS-Zbot.gen.gi!E69284FFC72E

admin — Mon, 20 Jun 2011 19:02:41 +0000

Other Company Detection Aliases

Company Names	Detection Names
AVG (GriSoft)	Generic23.CWM
avira	TR/FakeSysdef.A.1499
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Kazy.26475
FortiNet	W32/Krap.AON!tr
Symantec	Trojan.Fakeav
Eset	Win32/Kryptik.OYP
Sophos	Mal/FakeAV-IK

Attempts to connect to a high risk domain that may pose a security risk. It also creates one or more shortcuts .LNK files to provide user accessible links to start a program usually form the desktop or start menu.

The following registry elements have been changed:

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = Yes

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944

The applications attempted the following network connection(s):

188.229.88.***:80

46.161.11.***:80

hxxp://searcham.org/*****

To remove this virus,

1.Disable System Restore Windows ME XP only.

2.Update to current engine and DAT files for detection and removal.

3.Run a complete system scan.

Modifications made to the system Registry and INI files for the purposes of hooking system startup, will be removed if cleaning with the recommended engine and DAT combination or higher.

Virus Profile: BackDoor-CEP.gen how to clean

admin — Fri, 20 May 2011 06:16:16 +0000

Virus Profile: BackDoor-CEP.gen.cq!CF151229CE1E

avast Win32:Caxnet [Trj]
AVG (GriSoft) Rootkit-Pakes.BG (Trojan horse)
avira TR/Koutodoor.psa
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Variant.Koutodoor.18
clamav Trojan.Dropper-27717
Dr.Web Trojan.MulDrop.origin
F-Prot W32/Koutodoor.N.gen!Eldorado
FortiNet W32/Koutodoor.KWD!tr.bdr
Microsoft Trojan:Win32/Koutodoor.E
Symantec Trojan.Koutodoor
Eset Win32/Koutodoor.HM trojan (variant)
norman W32/Suspicious_Gen2.LZIQS (trojan)
panda Trj/Genetic.gen
rising Trojan.Win32.Generic.1282E422
Sophos Troj/Kouto-D
Trend Micro TROJ_DLOADR.SMOM
vba32 Trojan.Downloader.gen.h (suspected)

The following files have been added to the system:
%WINDIR%\SYSTEM32\szccw.dll
%TEMP%\nsd12.tmp
%PROGRAMFILES%\Microsoft\ie13\Internat Explorer\target.lnk
%ALLUSERSPROFILE%\Desktop\Internat Explorer.jgp
%WINDIR%\SYSTEM32\drivers\fmsde.sys
%PROGRAMFILES%\Microsoft\ie13\Internat Explorer\Desktop.ini
The following files were temporarily written to disk then later removed:
%TEMP%\hmufctw.bat
%TEMP%\nsq13.tmp
%TEMP%\ygnpyvce.bat
%TEMP%\nsi11.tmp
%WINDIR%\SYSTEM32\mhzscp.bat
%TEMP%\faxjdr.exe
%TEMP%\tmp.bat
%TEMP%\yxcdiz.exe
%TEMP%\nsq13.tmp\System.dll
%TEMP%\wcyolgo.bat
%TEMP%\ftrnkqxw.bat

This is a Trojan detection Unlike viruses Trojans do not self replicate they are spread manually under the premise that they are beneficial. The most common installation methods involve system security exploitation unsuspecting users manually executing unknown programs. Distribution channels include email malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks and what have you.

Generic Trojan BackDoor!cyh!E437DACFF88B Virus Threat Removal

admin — Wed, 09 Mar 2011 05:22:04 +0000

ystem Changes

Some path values have been replaced with environment variables as the exact location may vary with different configurations.
e.g.
%WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000)
%PROGRAMFILES% = \Program Files

The following registry elements have been created:

HKEY_CURRENT_USER\SOFTWARE\ENIGMA PROTECTOR\

HKEY_CURRENT_USER\SOFTWARE\ENIGMA PROTECTOR\29AEB4A0365755F6-B862CAE984EA4D0E\

HKEY_CURRENT_USER\SOFTWARE\ENIGMA PROTECTOR\29AEB4A0365755F6-B862CAE984EA4D0E\02F01F553A112DCE-00C9DB38C18D5FD1\

HKEY_CURRENT_USER\SOFTWARE\ENIGMADEVELOPERS\

The following files have been added to the system:

* %WINDIR%\SYSTEM32\svhest.dll

* %WINDIR%\SYSTEM32\svhest.exe

To remove Generic Trojan BackDoor!cyh!E437DACFF88B Virus

Download Malwarebytes’ Anti-Malware if you do now have this free software, from here and save it to your computer.

Double click mbam-setup.exe and install
At the end of the installation be sure a checkmark
- Update Malwarebytes’ Anti-Malware
- and Launch Malwarebytes’ Anti-Malware
- do a full scan and allow your computer to fix your virus.

Win32/Olmarik trojan virus removal

admin — Thu, 24 Feb 2011 22:34:02 +0000

To clean this nasty Win32/Olmariktrojan horse virus,

Open RootRepeal, click the Drivers tab and select Scan. Right click and select Wipe File on:

H8SRTmeyqxwbpxd.sys

Click the Files tab and select Scan. Right click and select Wipe File on any file that begins with the following:

H8SRT

Do the same for the Hidden Services tab.

Reboot your machine

Then let’s run RootRepeal again:

Double click ROOTREPEAL to start the program
Click on the Report tab at the bottom of the program window
Click the SCAN button
In the Select Scan dialog, check:
Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan

Note: The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, click the SAVE REPORT button and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

Downloader-CEW.q!D1137DCFCEBA Trojan how to remove

admin — Wed, 02 Feb 2011 21:36:28 +0000

Company Names	Detection Names
Kaspersky	HEUR:Trojan.Win32.Generic
Dr.Web	Trojan.DownLoader1.60944
F-Prot	W32/FakeAlert.IV.gen!Eldorado
Microsoft	TrojanDownloader:Win32/Renos.LX
Eset	Win32/Kryptik.KDM trojan (variant)
norman	W32/Obfuscated.M
panda	Suspicious
Sophos	Mal/FakeAV-CX
V-Buster	Trojan.Codecpack.Gen.13 (mutant)
Vet (Computer Associates)	Win32/Renos.D!generic

1.Disable System Restore windows XP only, Win 7 will not work.

2.Update to current engine and DAT files for detection and removal.

3.Run a complete system scan using AGG or Microsoft security or Kaspersky

Modifications made to the system Registry files for the purposes of hooking system startup will be removed if cleaning with the recommended engine and DAT combination.

How to remove Trojan.Zlob.P virus trojan

admin — Tue, 25 Jan 2011 00:06:19 +0000

Temporarily Disable System Restore then update the virus definitions on your virus program then Reboot computer in SafeMode, then delete the IE temp files some Trojan.Zlob.P temp file exisit in that folder as well, you can wither search for the temp files or manually delete them.
You may now download Malwarebytes from Here or Here

Update the definition and scan your computer, it will find any traces of Trojan.Zlob.P now delete and you should be good to go.

W32/RAHack!DD10EDBD5690 Virus Removal

admin — Fri, 14 Jan 2011 20:43:40 +0000

Other Common Aliases

Company Names	Detection Names
avast	Win32:Allaple [Wrm]
AVG (GriSoft)	Worm/Allaple.B
avira	WORM/Allaple.Gen
Kaspersky	Net-Worm.Win32.Allaple.b
BitDefender	Win32.Worm.Allaple.Gen
clamav	Worm.Allaple-255
Dr.Web	Trojan.Starman
F-Prot	W32/RAHack.A.gen!Eldorado
FortiNet	W32/Allaple.gen!tr
Microsoft	worm:win32/allaple.a
Symantec	W32.Rahack.W
Eset	Win32/Kryptik.AJD trojan (variant)
norman	Allaple.gen (trojan)
panda	W32/Rahack.gen.worm
rising	Worm.Win32.Allaple.a
Sophos	W32/Allaple-F
Trend Micro	WORM_ALLAPLE.IK
vba32	OScope.Malware-Cryptor.Win32.Allaple
V-Buster	Error
Vet (Computer Associates)	Win32/Mallar.Y

The following files were analyzed:

urdvxc.exe
The following files have been added to the system:

* %COMMONPROGRAMFILES%\microsoft shared\stationery\bzqlkhrh.exe

* %COMMONPROGRAMFILES%\microsoft shared\stationery\vkjljzrn.exe

* %COMMONPROGRAMFILES%\microsoft shared\web server extensions\40\bin\1033\ebsjlbhn.exe

* %COMMONPROGRAMFILES%\microsoft shared\stationery\bhrhnkht.exe

* %PROGRAMFILES%\Adobe\Reader 9.0\rrtkrbtl.exe

* %COMMONPROGRAMFILES%\microsoft shared\stationery\elwtjnbj.exe

* %TEMP%\0A5A6FE619B07BBAFB1F9C1B5F798F7DF96745D9

* %COMMONPROGRAMFILES%\microsoft shared\stationery\bnbtzwxt.exe

* %COMMONPROGRAMFILES%\microsoft shared\stationery\bcwvzwbh.exe

* %COMMONPROGRAMFILES%\microsoft shared\stationery\ehbebsrn.exe

* %PROGRAMFILES%\msn\msncorefiles\tlbhnrlv.exe

* %PROGRAMFILES%\Microsoft Office\OFFICE11\rsrrhtck.exe

* %COMMONPROGRAMFILES%\microsoft shared\stationery\nsqjttkv.exe

* %PROGRAMFILES%\netmeeting\rsewzjqn.exe

* %COMMONPROGRAMFILES%\microsoft shared\stationery\qjllsjhl.exe

* %COMMONPROGRAMFILES%\system\ado\tsektjkj.exe

* %COMMONPROGRAMFILES%\microsoft shared\web server extensions\40\bin\brbvhsvx.exe

* %COMMONPROGRAMFILES%\microsoft shared\stationery\brvrjrke.exe

* %COMMONPROGRAMFILES%\microsoft shared\stationery\njbsvtll.exe

* %COMMONPROGRAMFILES%\microsoft shared\stationery\tlcwjrwt.exe

* %COMMONPROGRAMFILES%\microsoft shared\stationery\czjevcet.exe

* %COMMONPROGRAMFILES%\microsoft shared\stationery\xrljqjzn.exe

* %COMMONPROGRAMFILES%\microsoft shared\web server extensions\40\bin\tjnwrhns.exe

How to remove this virus.

1.Disable System Restore (Windows ME/XP only).

2.Update to current engine and DAT files for detection and removal.

3.Run a complete system scan.

W32/HLLP.Philis.ki!DD08745D1471 Virus Removal

admin — Fri, 14 Jan 2011 20:33:58 +0000

This symptoms of this W32/HLLP.Philis.ki detection are the registry and network communication.

1.Disable System Restore (Windows ME/XP only).

2.Update to current engine and DAT files for detection and removal.

3.Run a complete system scan.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

The following files have been changed:

c:\Users exe File.exe

%PROGRAMFILES%\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe

%PROGRAMFILES%\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe

c:\Users exe File.exe

%PROGRAMFILES%\Adobe\Reader 9.0\Reader\AcroRd32.exe

%PROGRAMFILES%\msn\msncorefiles\copymar.exe

%PROGRAMFILES%\Adobe\Reader 9.0\Reader\Eula.exe

%PROGRAMFILES%\Adobe\Reader 9.0\Reader\Reader_sl.exe

%PROGRAMFILES%\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

%PROGRAMFILES%\msn\msncorefiles\dw.exe

%PROGRAMFILES%\Microsoft Office\OFFICE11\EXCEL.EXE

%PROGRAMFILES%\msn\msncorefiles\setup\msnunin.exe

%PROGRAMFILES%\Adobe\Reader 9.0\Reader\LogTransport2.exe

%PROGRAMFILES%\Adobe\Reader 9.0\Reader\AcroBroker.exe

%PROGRAMFILES%\Adobe\Reader 9.0\Reader\PDFPrevHndlrShim.exe

%PROGRAMFILES%\msn\msncorefiles\update.exe

%PROGRAMFILES%\msn\msncorefiles\msn6.exe

%PROGRAMFILES%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-[private subnet]-A92000000001}\Setup.exe

c:\Users exe File.exe

%PROGRAMFILES%\Adobe\Reader 9.0\Reader\A3DUtility.exe

%PROGRAMFILES%\winrar\winrar.exe

%PROGRAMFILES%\Microsoft Office\OFFICE11\WINWORD.EXE

The following files were temporarily written to disk then later removed:

%TEMP%\$$a5.bat

%TEMP%\049E09EA0D36D974DB4B1DF0A56D2AC2E1507FAF

The following registry elements have been created:

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\DOWNLOADMANAGER\

HKEY_LOCAL_MACHINE\SOFTWARE\SOFT\

HKEY_LOCAL_MACHINE\SOFTWARE\SOFT\DOWNLOADWWW\

The following registry elements have been changed:

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\LOAD = %WINDIR%\rundl132.exe

HKEY_LOCAL_MACHINE\SOFTWARE\SOFT\DOWNLOADWWW\AUTO = 49

The applications attempted the following network connection(s):

hxxp://www.17aa.com/ic4/*****

222.186.12.**:80

W32/RAHack Worm/Allaple.A Virus Removal

admin — Fri, 17 Dec 2010 00:45:56 +0000

Other Common Detection Aliases

Company Names	Detection Names
AVG (GriSoft)	Worm/Allaple.A
Microsoft	worm:win32/allaple.a
Symantec	W32.Rahack.W
norman	Allaple.gen
panda	W32/Rahack.gen

some of the path values that have been replaced with environment variables as the location may vary with different configurations for example.

%WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000)
%PROGRAMFILES% = \Program Files

The following files were scanned:

urdvxc.exe

REMOVAL

Although this is a low threat virus, the removal of W32/RAHack Worm/Allaple.A Virus can be a pest but i have found that COMBFIX will remove this threat from your PC. Simply download CombFix by clicking here, save it to your desktop, double click and and press next a few times and let the program scan your PC and clean it. Very simple really, might take some time and make sure you close all browsers and applications before you run CombFix.

Or you may just use MelwareBytes to remove the W32/RAHack virus. I would scan with both apps just to make sure. Good luck

W32/Autorun.worm.zf.gen!F342CDD8894F Virus

admin — Wed, 27 Oct 2010 18:14:26 +0000

Viruses are self replicating which are often spread by a network or by transmission to a removable medium e.g writable CD, or USB drive. Viruses may also spread by infecting files on a network system or a file system that is shared by another users computer.

Company Names	Detection Names
AVG (GriSoft)	Packed.AutoIt
Kaspersky	Worm.Win32.Autoit.xl
BitDefender	Backdoor.Generic.434041
ClamAV	Trojan.Autoit-70
Dr.Web	Win32.HLLW.Autoruner.based
F-Prot	W32/AutoIt.M.gen!Eldorado
FortiNet	W32/AutoIt.A!worm
Microsoft	Worm:Win32/Autorun.XK
Symantec	W32.Harakit
Eset	Win32/Packed.Autoit.B.Gen (application)
Norman	Suspicious_Gen2.BFSNZ (trojan)
Panda	Trj/CI.A
Rising	Trojan.Win32.Generic.520A2FD6
Sophos	Sus/Tiotua-A (suspicious)
Trend Micro	TROJ_GEN.R99C1HD
Vba32	Trojan.Autoit.F
V-Buster	Trojan.Autoit.Gen!Pac

The applications attempted the following network connections.

77.55.21.***:80
95.211.21.***:82
95.211.21.***:80
72.233.89.***:80
hxxp://95.211.21.184:89/*****
194.71.107.**:80
95.211.21.***:89
209.190.24.**:80
95.211.21.***:85

Skintrim.gen.k!72FD33EC8D39 Trojan Horse Virus

admin — Wed, 27 Oct 2010 18:03:05 +0000

This is a Trojan Horse which most might think its a virus, unlike viruses Trojanhorses do not self replicate but rather are spread manually often under the premise that they are beneficial . The most common installation methods involve system or security exploitation and unsuspecting one can manually executing unknown programs. The way these Trojans are spread is via e-mail, Web pages, Internet Relay Chat, peer-to-peer networks and so on.

Indication of Infection

This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

TSPY_AGENT.WWCJ Virus Worm

admin — Tue, 20 Jul 2010 18:26:19 +0000

potential for damage, information stealing, or both, that it possesses. Specifically, it is capable of monitoring affected users browsing habits to steal sensitive information.

This spy software can be downloaded from certain remote sites.

Check if the following applications are installed on the affected system to steal login credentials:

* Ftpcommander
* SmartFTP
* Steam (an online gaming platform)

It also oversees the relevant users’ browsing habits to steal sensitive information.

Save the information gathered in a text file using the file name () Name of the team. Txt and upload to a specific Web site.

How to remove BackDoor.SmallX.VX virus trojan

admin — Tue, 13 Jul 2010 20:02:33 +0000

Backdoor.smallX.VX is a nasty virus that enters the PC adn opens system back doors in Windows XP and Vista and could enter windows 7, once in your computer, the virus starts to download countless packed malware threats and gives distant hackers access to the infected machine via open ports.

Stopzilla says to use their app to remove this threat, but you can simply use http://www.malwarebytes.org to remove this threat. Make sure you first download this app, update it, disconnect your PC from the internet, then run malwarebytes.

How to remove Trojan Horse Generic.17 16 15 14.DYJ

admin — Mon, 10 May 2010 18:17:39 +0000

If you have gotten a virus in your PC called Trojan Horse Generic with a number next to it such as .17 or 16 or 15 or 14, this simply means you have downloaded an illegal software from a torrent. The risk level of this virus is not that great but still needs to be removed asap.

Trojan horse Generic 14.DYJ is a detection for a trojan that applies a Rootkit technology to remain itself hidden from system so as to avoid being detected by antivirus application. Trojan horse Generic 14.DYJ can hook itself into Windows registry and create a backdoor to allow a remote attacker gain full access on victims computer.

Damage Level: Medium

Systems Affected: Windows XP, Vista, 7

To remove this virus, you will need to download Rkill

Downloads:
Download from BleepingComputer.com – 257kb

After you have finished with Rkill, do not reboot your PC, make sure you also have MalwareBytes installed on your PC, you will need to run this next.

Click here to download MalwareBytes

Now run Malwarebytes and this should fix your virus. You may run quick scan, and make sure you update malwarebytes before you scan and clean. Good luck

SONAR.ProcessHijack.2 Trojan Virus

admin — Wed, 05 May 2010 09:34:27 +0000

Discovered: May 4, 2010

Updated: May 4, 2010 10:56:26 PM

Type: Trojan, Virus

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP

SONAR.ProcessHijack.2 is a heuristic detection that is designed to detect new malware based on how it launches new processes. Malware will commonly launch and hijack trusted Windows processes like svchost.exe in order to perform malicious actions.

Antivirus Protection Dates

Initial Rapid Release version pending
Latest Rapid Release version pending
Initial Daily Certified version pending
Latest Daily Certified version May 4, 2010 revision 048
Initial Weekly Certified release date pending

Threat Assessment

Wild

Wild Level: Low
Number of Infections: 0 – 49
Number of Sites: 0 – 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy

Damage

Damage Level: Low

Distribution

Distribution Level: Low

Free Spyware Adware Worm and Virus Trojan Horse Download Removal Tools » Virus

PeakProtection2010 Adware Windows 2003/XP/2000/NT/ME/98/95

Brief Description

Visible Symptoms

BackDoor-EVC!8F7F8F47​013F Network Trojan and how to remove

Windows 7 black screen ram shortage infection % of my ram wasn’t functioning properly

Trojan.win32.Generic.pak!cobra.Engine

Virus PWS-Zbot.gen.gi!E69284FFC72E

Virus Profile: BackDoor-CEP.gen how to clean

Generic Trojan BackDoor!cyh!E437DACF​F88B Virus Threat Removal

Win32/Olmarik trojan virus removal

Downloader-CEW.q!D113​7DCFCEBA Trojan how to remove

How to remove Trojan.Zlob.P virus trojan

W32/RAHack!DD10EDBD56​90 Virus Removal

W32/HLLP.Philis.ki!DD​08745D1471 Virus Removal

W32/RAHack Worm/Allaple.A Virus Removal

W32/Autorun.worm.zf.gen!F342CDD8894F Virus

Skintrim.gen.k!72FD33EC8D39 Trojan Horse Virus

Indication of Infection

TSPY_AGENT.WWCJ Virus Worm

How to remove BackDoor.SmallX.VX virus trojan

How to remove Trojan Horse Generic.17 16 15 14.DYJ

SONAR.ProcessHijack.2 Trojan Virus

Antivirus Protection Dates

Threat Assessment

Wild

Damage

Distribution

BackDoor-EVC!8F7F8F47013F Network Trojan and how to remove

Generic Trojan BackDoor!cyh!E437DACFF88B Virus Threat Removal

Downloader-CEW.q!D1137DCFCEBA Trojan how to remove

W32/RAHack!DD10EDBD5690 Virus Removal

W32/HLLP.Philis.ki!DD08745D1471 Virus Removal