Trojan-psw.win32.fantast

Trojan-psw.win32.fantast is a fake threat that appears in pop-up messages and desktop warnings, which is associated with the fake antispyware: Security Master AV and its affiliated rogue sites.

This particular infection tends to tracks the user\'s keystrokes. Trojan-psw.win32.fantast is a Windows PE EXE file, and is approximately 40KB in size. Also important to note: Trojan-psw.win32.fantast is not packed in any way.

Once launched, Trojan-psw.win32.fantast may tend to copy itself to the Windows system and root directories under the following names:

%WinDir%winns.exe
%System%sys.exe

In order to ensure that Trojan-psw.win32.fantast is launched automatically each time Windows is restarted, the Trojan registers its executable file in the system registry, as follows:

[HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
\"Shell\" = \"Explorer.exe winns.exe\"
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]
\"msgserv16_\" = \"%System%sys.exe\"

Trojan-psw.win32.fantast is an infection that facilitates the delivery of advertising content to the system user and in some cases may gather information from the user\'s computer, including information related to Internet browser usage and other computer habits. All in an attempt to get the user to purchase the fake antispyware: Security Masters AV

Trojan-psw.win32.fantast may monopolize the computer system’s resources and is largely responsible for the countless pop-up advertisements the user will be bombarded with.

Trojan-psw.win32.fantast is often bundled with or embedded within freeware programs like such as clocks, messengers, alerts, weather, and so on.

To avoid any unneeded risks of damage to your computer system, it is highly recommended to make use of a reliable and legitimate anti-spyware application, to remove Trojan-psw.win32.fantast and all its components from the infected computer system.

There are a few ways Trojan-psw.win32.fantast could have entered into a system, namely:
- The user’s operating system and Web browser security setting are too flexible
- The user does not follow safe Internet and PC practices.

There are a few symptoms affiliated with the Trojan-psw.win32.fantast infection, which are usually tell-tale signs of an infection:

1. PC is working slowly
2. New desktop shortcuts are displayed on the system
3. Annoying pop-up messages (in some cases) keep appearing on the PC
4. E-mails are being sent from your email address without your consent.

Although this type of program is not always malicious, it has been known to perform suspicious activity such as monitoring the user’s internet behavior, forwarding that along (with information regarding the other programs on your

The best way to be sure whether your system has been infected with Trojan-psw.win32.fantast is to perform a full computer system scan with a legitimate anti-spyware application. Should your system then be showing signs of Trojan-psw.win32.fantast’s presence, I suggest it be removed ASAP!

Download Spyware Removal Tool to Remove* Trojan-psw.win32.fantast

Quick & tested solution for Trojan-psw.win32.fantast removal.
100% Free Scan for Windows

How to manually remove Trojan-psw.win32.fantast

Files associated with Trojan-psw.win32.fantast infection:

msmxjchn.dll
vshost.exe
nodlogin.exe
wm1dap.dll
yxcsbhlp.dll
tavo1.dll
ltsolvrz.dll
dzmydf.dll
WinSoft3.DLL
533931MM.DLL
WebPaper.exe
csrns.exe
msuqddft.dll
msejfzrl.dll
WINSvr64.exe
ctfmon.exe
sichost.exe
jsdb.dll
10417sys.dll
08223b03.dll
122b901e.dll
2ef0d734.dll
49400W.exe
49400M.exe
533931M.exe
338448L.exe
55551.dll
7F1C46C1BD7F.dll
fgjk4wvb.dll
326xxx.dll
03518usc.dll
kavo.exe
kavo1.dll
msosfmsq00.dll
amvo.exe
winsvr32.exe
4138kou.dll
3272xxx.dll
msosdrop00.dll
mfchlp64.exe
tciocp64.exe
ttFKKFKK1065.dll
msosjtio00.dll
zywmdime.dll
yuiabct.exe
wintunpce.exe
dat5.tmp
svchosts.exe
wyrsdj.dll
fjyjy.dll
iexplorer.exe
kavo0.dll
yebaep.dll
fsrgeb.dll
winlogun.exe
tdfhex.dll
jfdses.dll
sgdewg.dll
dndsaf.dll
zgxfdx.dll
wzcfsw.dll
zAPWgSjGrSpdsE4.fon
liser.dll
pcidisk.sys
RhdwE8NYdbqQ.dll
fmsjhif.dll
yuiabct.dll
iexplore.exe
msasvc.exe
ZCfgSvc.exe
Slave.exe
gina_x86.dll
helper.dll
otrewe1.dll
mkfght0.dll
rttrwq.exe
cvsdfw.exe
z9gNwvuVDpyQqHSu.fon
isadisk.sys
antit.dll
hyrteas0.dll
load[2].exe
1[1].exe
WowInitcode.dll
mf[1].exe

Trojan-psw.win32.fantast DLL's to remove:

WinSoft3.DLL
533931MM.DLL
msmxjchn.dll
wm1dap.dll
yxcsbhlp.dll
tavo1.dll
ltsolvrz.dll
dzmydf.dll
msuqddft.dll
msejfzrl.dll
jsdb.dll
10417sys.dll
08223b03.dll
122b901e.dll
2ef0d734.dll
55551.dll
7F1C46C1BD7F.dll
fgjk4wvb.dll
326xxx.dll
03518usc.dll
kavo1.dll
msosfmsq00.dll
4138kou.dll
3272xxx.dll
msosdrop00.dll
ttFKKFKK1065.dll
msosjtio00.dll
zywmdime.dll
wyrsdj.dll
fjyjy.dll
kavo0.dll
yebaep.dll
fsrgeb.dll
tdfhex.dll
jfdses.dll
sgdewg.dll
dndsaf.dll
zgxfdx.dll
wzcfsw.dll
liser.dll
RhdwE8NYdbqQ.dll
fmsjhif.dll
yuiabct.dll
gina_x86.dll
helper.dll
otrewe1.dll
mkfght0.dll
antit.dll
hyrteas0.dll
WowInitcode.dll

Trojan-psw.win32.fantast processes to kill:

SearchSettingsProtection.exe
vshost.exe
nodlogin.exe
WebPaper.exe
csrns.exe
WINSvr64.exe
ctfmon.exe
sichost.exe
49400W.exe
49400M.exe
533931M.exe
338448L.exe
kavo.exe
amvo.exe
winsvr32.exe
mfchlp64.exe
tciocp64.exe
yuiabct.exe
wintunpce.exe
svchosts.exe
iexplorer.exe
winlogun.exe
iexplore.exe
msasvc.exe
ZCfgSvc.exe
Slave.exe
rttrwq.exe
cvsdfw.exe
load[2].exe
1[1].exe
mf[1].exe

Remove Trojan-psw.win32.fantast registry entries:

HKEY_CURRENT_USERSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN ttool
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ amva
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ anhtaas
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ertyuop
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Explorer
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ kava
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN SysCom
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINDOWS\APPINIT_DLLS\ AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT\ userinit
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00D13CE9-1879-41bd-B8A3-EA3CB1BD01BC}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Fyj
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ HKLM
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ jsg8jfgfdfhfhf
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ mfchlp64
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Subsystem Monitor
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ systeminfors
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ tciocp64
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ WINSvr64
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ WinSysM
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ WinSysW
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ yuiabct
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\isadisk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft authenticate service
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pcidisk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RA Server
RUNNING PROGRAM\Explorer.EXE
RUNNING PROGRAM\winlogon.exe
RUNNING PROGRAM\wintunpce.exe

Post comment — WE NEED YOUR OPINION!