Comments for Malware Analysis and Removal

Comment on IMDCSC.EXE is Trojan CDur by NightWatcher

NightWatcher — Thu, 17 May 2012 02:45:33 +0000

Please visit our support center:
http://greatis.com/support
Attach your regrunlog.txt and we will help you.

Comment on IMDCSC.EXE is Trojan CDur by Zach

Zach — Wed, 16 May 2012 20:46:04 +0000

I had it on my computer, and as soon as I saw this I deleted it with this program.

Comment on FACEBOOKUPDATE.EXE – not a virus by Rob

Rob — Thu, 26 Apr 2012 01:00:34 +0000

It might not be a virus, but it sure as hell wasn’t something I chose to install. I don’t even have skype on this machine. Bye Bye…

Comment on SIAPORT.EXE is Trojan Kazy by THANKYOU

THANKYOU — Fri, 20 Apr 2012 22:18:18 +0000

OMG thank you so much my i7 was so slow the past days and kept having a pop up saying to allow the idiotic SiaPort.exe but with your help I successfully deleted it!

Comment on NVVSVC.EXE is trojan Sisron by NightWatcher

NightWatcher — Sun, 15 Apr 2012 04:41:31 +0000

VT info:
https://www.virustotal.com/file/3b9cdc2767b975ef0539bcd331e401e0894b96ecb7c6d5a7f65ebe2ac46b2503/analysis/

Comment on NVVSVC.EXE is trojan Sisron by John

John — Sun, 15 Apr 2012 02:04:27 +0000

NVVSVC is the NVidea graphics card, I am not so sure you would want to remove it ?

Comment on FACEBOOKUPDATE.EXE – not a virus by Sahimone

Sahimone — Tue, 10 Apr 2012 09:56:32 +0000

Bozo, what do I have to delete to get ride of all those crapware ?

I’lm really concern by the fact that FB is selling all our info. By the way the privacy terms in FB are getting crazy !

Hope you will help me.

Cheers; Sahimone

Comment on FACEBOOKUPDATE.EXE – not a virus by Bozo

Bozo — Wed, 04 Apr 2012 18:34:54 +0000

I believe it’s a vector. I’ve had multiple attacks since this loaded onto my rig without asking, including a complete takeover of my Facebook account by someone advertising shoes. Disable, or better yet, remove with CCleaner. When did Facebook ask for permission to install ANY programs on my computer? They are a website. Nothing more. And for those “hey, it’s free” people, no, it’s not. Facebook sells your life story for a buck – billions of them, actually, and needs to be more respectful of the souls they are exploiting.

Did I say respectful? I am a dreamer…

So far, after removing all background Facebook crapware, my connection has stopped logging on and off at random,and my Facebook account has not been spammed.

Comment on FACEBOOKUPDATE.EXE – not a virus by Ummm

Ummm — Fri, 30 Mar 2012 07:04:54 +0000

C:\Users\Rohan\AppData\Local\Facebook\Update\FacebookUpdate.exe” /c /nocrashserver

…is this what you mean though..? I don’t think anything that runs from ‘appdata\local” is meant to be on your startup list O.o
…I just have it disabled with ccleaner…it sounds too much like a virus .-.

Comment on FLINT4YTW.EXE is Locker Randsom by NightWatcher

NightWatcher — Mon, 19 Mar 2012 07:16:30 +0000

The desktop is clean!
Follow these steps to solve the problem:
1. Press “Win+R”, type “regedit” and press “Enter”.
2. Set in the Registry Editor key value:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
equal to “0″
3. Reboot.

Comment on LOBOUYVVYW.EXE is Trojan Patched by NightWatcher

NightWatcher — Mon, 05 Mar 2012 03:37:04 +0000

The desktop is clean!
Follow these steps to solve the problem:
- Press “Win + R”
- Type “attrib -h /S /D c:\ *.*” and press “Enter”

Comment on AON32.EXE is BackDoor Ddoser by Jason

Jason — Mon, 13 Feb 2012 18:42:21 +0000

Ok so to remove it you open task manager and there should many duplicate task normally some type of browser now forget those you cannot close them as fast as it will reopen now find the process aon32.exe right click and select properties now change its preference from hidden to un hidden then close those windows leaving you with just task manager now right click aon32.exe and select OPEN FILE LOCATION now you should see the file as aon32.exe now first end the process and delete the file and you are done!

Comment on REACTIVATEIE.EXE is Adware Zugo by kimo

kimo — Sun, 12 Feb 2012 16:41:36 +0000

thanks pro (:
that is found in startnow toolbar

Comment on Removed: REGSRV.EXE, STDRT.EXE by bill

bill — Sat, 04 Feb 2012 19:16:49 +0000

THIS SOLUTION DOES NOT WORK ON WINDOWS 7 x64

Comment on SIAPORT.EXE is Trojan Kazy by NightWatcher

NightWatcher — Mon, 23 Jan 2012 11:45:09 +0000

http://greatis.com/blog/how-to-remove-malware/mvscavap-exe.htm

Comment on SIAPORT.EXE is Trojan Kazy by NightWatcher

NightWatcher — Sun, 22 Jan 2012 13:07:35 +0000

The easiest way to remove these trojans:)
http://youtu.be/sDU4_Jgydbs

Comment on SIAPORT.EXE is Trojan Kazy by Blake

Blake — Fri, 20 Jan 2012 17:17:33 +0000

just to clear things up at the beginning of my last post you only type in “%temp%” then you simply navigate in the window. “Organize” being found in the top left corner

Comment on SIAPORT.EXE is Trojan Kazy by Blake

Blake — Fri, 20 Jan 2012 17:15:54 +0000

i just got this figured out thanks for the great help guys!:D
anyone still struggling type in
-> %temp% -> “Organize” -> “Folder and Search Options” -> “View” (Middle Tab)

from there you are going to change two thing…
1). under the folder “Hidden files and folders” simply change the bubble from “Don’t show hidden files, folders, or drives” to “Show hidden files, folders, and drives”

2).under the same folder there will be about 11 boxes, some being checked some unchecked. It should be the 3rd box from the top of that list of 11. its called “Hide protected operating system files(Recommended)” Un-check that box. it will give you a warning message, just hit yes.

After doing the following click “Apply” -> then “Ok”

you should be back in the temp folder. now look for the folder titled “System”
(if you cannot locate system simply go to the navigation bar at the top of the window and re-click on temp to refresh it)

go into system and you will see siaport. Delete that bastard!

Any questions feel free to ask! Email me at dadiggin@live.com i will answer on that faster than this!

Comment on SIAPORT.EXE is Trojan Kazy by Cannot find SiaPort.exe

Cannot find SiaPort.exe — Fri, 20 Jan 2012 15:58:59 +0000

I found the system folder but I CANT FIND THE SiaPort.exe. If i organise it and pressing “Hide all folders,files” It wont show. Plz Help me………….

Comment on SIAPORT.EXE is Trojan Kazy by Hazza

Hazza — Fri, 20 Jan 2012 08:49:58 +0000

never mind, found it…

PEOPLE WHO CANT FIND THE “SYSTEM” FOLDER

When you go to the organise thing, there should be a little circle filled with blue with text next to it saying “Hide all Folders, files etc.” Click the one below it that says”Show” as well as the boxes below. Might help…

Comment on SIAPORT.EXE is Trojan Kazy by Hazza

Hazza — Fri, 20 Jan 2012 08:42:43 +0000

I tried the “Unhide Folders” thing and i still cant find the System Folder, I think the Trojan might have let in a virus… HELP!!!

Comment on SIAPORT.EXE is Trojan Kazy by Milo

Milo — Thu, 19 Jan 2012 10:54:25 +0000

For those of us who dosn’t know how to fix this: press windows button (Windows 7 here) and type in “%TEMP%\SYSTEM\” then there should be no files, click on organize (top left corner) then press Folder and search options from the drop down menu. Choose View and then you must uncheck the box that says “Hide operating system files” even though it’s recommended not to. Then delete siaport.exe (click it once and press delete) then yes and it’s outta the world

Comment on SIAPORT.EXE is Trojan Kazy by Rostov

Rostov — Sun, 15 Jan 2012 13:26:17 +0000

Can’t find the System subfolder after the Temp subfolder. I get into the Temp folder and there are hundreds of my other folders but no System folder. Siaport.exe says it’s in the System but I can see it, even with all hidden files made to appear.

Comment on SIAPORT.EXE is Trojan Kazy by Johnny D

Johnny D — Sat, 14 Jan 2012 05:39:48 +0000

This is simple.

For Windows 7, Go to the directory of the file… AppData\Local\Temp\System
If you don’t see any files it means they’re hidden, so what you’ll need to do is
simply unhide them. Near the Top Left, click on (Organize). A drop down menu
should appear. Now go to (Folder and search options). A window will appear. At the top you’ll see 3 tabs/pages. Click on (View). Now, in the list, you want to look for (Hide protected operating system files Recommended). Now uncheck that. A warning may pop up but that’s ok. Click (Yes). Now click (Apply) then (OK).
If you did all that correctly you should see 2 files…. Delete them and you’re Done!
Now you might want to go back and make sure you Hide the system files. Just Check the box for (Hide protected operating system files Recommended) then click Apply and OK! Easy!

Comment on REGSRV64.EXE is trojan Offend by NightWatcher

NightWatcher — Thu, 12 Jan 2012 03:17:06 +0000

Please visit our support center:
http://greatis.com/support
Attach your regrunlog.txt and we will help you.

Comment on REGSRV64.EXE is trojan Offend by Ket

Ket — Wed, 11 Jan 2012 15:11:43 +0000

I cannot remove the file. It always said this file has been used by another program even though I open only a folder to delete it. How can I delete it? Please help.

Comment on Removed: C:\WINDOWS\system32\system\dll.exe (trojan VBInject) by Mark

Mark — Tue, 10 Jan 2012 01:17:54 +0000

Before deleting suspect malware it is best to create a system restore point first in case the system crashes. I am new to removing malware and it appears it may be easier to block the IP addresses and close the ports. As you can imagine a hacker may not be very happy to find out that the RATs have been cutoff. The hacker will try everything to regain access. Once the user knows who is doing what it is a lot easier to manage the risk. I have only found 1 software package that monitors the traffic. BeeHive is good stuff, and if you want to be a wise guy you can cause the hacker to have many sleepless nights as they watch the user watch the hacker.

Maybe you software guys could creatre some fun software to better monitor the hackers activities.

Comment on Removed: pb.dll, forinout.exe, LiveSS.exe, pb.sys (FakeAV – Live Security Suite) by Reena mathew

Reena mathew — Mon, 09 Jan 2012 08:17:58 +0000

I have searched so many weblogs for a solution, at last I got the complete fix from here, KUDOS to greatis.com technical team. You guys are really rocking!!!

Thanks, please keep on posting on new spyware issues.

Comment on SIAPORT.EXE is Trojan Kazy by NightWatcher

NightWatcher — Thu, 05 Jan 2012 10:26:26 +0000

Please visit our support center:
http://greatis.com/support
Attach your regrunlog.txt and we will help you.

Comment on SIAPORT.EXE is Trojan Kazy by will

will — Wed, 04 Jan 2012 22:09:13 +0000

same problem here… how to solve it???