My Computer
At a glance
Windows 7 Home
- Computer type
- PC/Desktop
- Computer Manufacturer/Model Number
- HP
- OS
- Windows 7 Home
What is amsecure.exe? This word is a synonym to the rogue anti-spyware application called Internet Security 2013. This is the malicious application which we described in our previous article. Amsecure.exe is its core process that starts running on the attacked machine from the very first moments of system startup. All attempts of users to get rid of Internet Security 2013 virus turn out to be vain because they can’t terminate this amsecure.exe process. Thus, if one succeeds in stopping this dangerous process on the attacked machine, he/she will surely be able to completely remove the rogue.
start
HKCU\...\Run: [Gogeecni] "C:\Users\Ferreira Family\AppData\Roaming\Mufin\aluce.exe" [208896 2013-01-02] ()
HKCU\...\Run: [Dehyquu] "C:\Users\Ferreira Family\AppData\Roaming\Yrvihu\yccif.exe" [208896 2013-02-08] ()
HKCU\...\Run: [Internet Security] C:\ProgramData\amsecure.exe [830976 2013-05-07] (Apple Computer, Inc.)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\FERREI~1\AppData\Local\Temp\sibwxwx\sqonbam\wow64.dll ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [] [x]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\soxyme.exe ()
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\acaxku.exe (DT Soft Ltd)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\soxyme.exe ()
URLSearchHook: (No Name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No File
URLSearchHook: (No Name) - {f4c28532-b9d0-4950-a2df-e83f9929242b} - No File
2013-05-07 17:31 - 2013-05-07 17:31 - 00000645 ____A C:\Users\Public\Desktop\Internet Security 2013.lnk
ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2451089773-2969554723-1024505751-1000\$71d7cbe246470cbaec705e091023f4e2
ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$71d7cbe246470cbaec705e091023f4e2
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.C:\ProgramData\amsecure.exe
C:\ProgramData\y86I4d8e.exe
C:\ProgramData\36m6K07.dat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
TDL4: custom:26000022 <===== ATTENTION!
end