Spytech SpyAOL
Monday, 21 May 2012 06:17
Spytech SpyAOL is a program from Spytech Software. You can find more information about it on their website. In case if you are trying to manually uninstall this program, then the information in the threatexpert report can be helpful. see report
- The installer of this program is of about 1.12 MB. It is detected by Anti-virus programs
It creates Setup.exe, NoStealth.exe, SpyAOL.exe, SystemSA32.dll and other files on the infected computer that you need to search and delete. You should end running processes named Setup.exe, NoStealth.exe, SpyAOL.exe from Task Manager. And also remove the file's entries from windows startup.
lsass.exe
Last Updated on Saturday, 19 May 2012 14:20 Saturday, 19 May 2012 14:00
lsass.exe is a legitimate windows system file/ process. If you search your hard disk for lsass.exe you may find its mention at C:\Windows\system32, C:\Windows\system32\dllcache and C:\Windows\SoftwareDistribution\download\.. folders. If you take your mouse pointer over the filename, you will see a small tooltip that says
In Folder: C:\Windows\System32
Description: LSA shell (Export Version)
Company: Microsoft Corporation
File Version: x.x.xxxx.xxxx
Date Created:x/x/xxxx x:xx AM/PM
Size: xxx KB
You will also see a process lsass.exe running in the task manager. Virus makers use this file name, usually they save it in different location other than the default, so that the user does not get suspicious after seeing the process/es of this name running in the task manager. You will need to use special tools such as Windows Defender or Sysinternal's process explorer to find out the actual path of a process seen inside task manager.
Below are analysis reports of some of the viruses that use lsass.exe in different locations.
1) Creates %Temp%\lsass.exe see report
2) Creates %AppData%\lsass.exe see report
3) Creates C:\Win\lsass.exe see report
4) Creates %AppData%\Microsoft\lsass.exe see report
5) Creates %AppData%\lsass.exe see report
6) Creates %AppData%\SystemProc\lsass.exe see report
You can watch a video on How to use Windows Defender.
- How to use Windows Defender in windows XP
- How to use Windows Defender in windows Vista
- How to use Windows Defender in windows7
Or you can use Sysinternal's Process Explorer. How to use Sysinternal's Process Explorer
[Video of How to use Sysinternal's/ Windows Process Explorer]
pagefile.sys
Saturday, 19 May 2012 13:26
Pagefile.sys is a legitimate hidden system file located in C:\pagefile.sys. You may find this file in each partition.
However there are a number of viruses that use this name in different locations. You can safely delete any pagefile.sys other than one specified above.
Below are the reports of viruses that create this name.
1) Creates %Temp%\virus\pagefiles.sys.v5 see report
Reprinted with permission from Threatexpert.com
More Articles...
Page 1 of 1526
«StartPrev12345678910NextEnd»Search within this site
Read in your language
Main Menu
| Home |
| ----Sections---- |
| Harmful Files |
| Virus Removal |
| Trojan Removal |
| Worms Removal |
| Rogues Removal |
| Unwanted Apps |
| Removal Tools |
| Current News |
| ----Articles---- |
| Warning/ Disclaimer |
| Common Folders |
| Preventive Measures |
| Removal Instructions |
| Video Tutorials |
| ----Site Info---- |
| Sitemap |
| About/Contact |
