trojan.win32.mupad.a

trojan.win32.mupad.a also known as Adware.Agent, W32/S-38b4d92a!Eldorado, Adware.Agent. Malware Analysis of trojan.win32.mupad.a – WAGVEM.EXE Created files: %TEMP%FOLDER\NORROCHULAG\SSL3.DLL %APPDATA%\XIDKEPBODKUL\NAJDOM.DIN %APPDATA%\XIDKEPBODKUL\WAGVEM.EXE Detected by UnHackMe: WAGVEM.EXE DEFAULT LOCATION: %APPDATA%\XIDKEPBODKUL\WAGVEM.EXE Dropper hash(md5): d85a345db352d1ca9dc43d0398b9f668 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

PUP.Optional.Solvusoft

PUP.Optional.Solvusoft also known as W32.HfsAdware.D686, Program.Unwanted.952. Malware Analysis of PUP.Optional.Solvusoft – DRIVERDOC.EXE Created files: %Program Files%\Solvusoft\DriverDoc\DPInst32.exe %Program Files%\Solvusoft\DriverDoc\DPInst64.exe %Program Files%\Solvusoft\DriverDoc\DriverDoc.exe %Program Files%\Solvusoft\DriverDoc\DriverHiveEngine.dll %Program Files%\Solvusoft\DriverDoc\Html\about_lightbox.html Autostart registry keys: HKLM\Software\Classes\Applications\DriverDocSetup.exe\IsHostApp: “” HKLM\Software\Classes\Applications\EULA.rtf\NoStartPage: “” HKLM\Software\Classes\Applications\LogFilesCollector.exe\NoStartPage: “” HKLM\Software\Classes\Applications\Setup_DriverDoc_2016.exe\IsHostApp: “” HKLM\Software\Classes\Applications\ShortcutLauncher.exe\NoStartPage: “” HKLM\Software\Classes\Applications\SolvusoftTray.exe\NoStartPage: “” HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0570A0D4430B8FD479ED621F12A22CFF\InstallProperties\DisplayName: “DriverDoc” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\CommonToolkitTray_Solvusoft: “%Program Files%\Solvusoft\Tray\SolvusoftTray.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverDoc\DisplayName: “DriverDoc” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DRIVERDOC\UNINSTALLSTRING: “”%COMMON APPDATA%\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}\DRIVERDOCSETUP.EXE” REMOVE=TRUE MODIFY=FALSE” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF}\DisplayName: “DriverDoc” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF}\UNINSTALLSTRING: “%COMMON…

Continue reading

Win32/Heim

Win32/Heim also known as Artemis!A0C36E20081B, Win32.SuspectCrc, Suspicious.Cloud.5. Malware Analysis of Win32/Heim – SESSIONSTORE.EXE Created files: %Appdata%\Adobe\Flash Player\AssetCache\sessionstore.exe %Appdata%\Adobe\Flash Player\AssetCache\sessionstore.osv %Appdata%\Adobe\Flash Player\AssetCache\Transfer.tmp %Local Appdata%\Identities\{FD9F837C-5851-47A2-A9B3-B6680CCE76B7}\Microsoft\Outlook Express\Sent Items.dbx Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\sessionstore.exe: “”%Appdata%\Adobe\Flash Player\AssetCache\sessionstore.exe”” Detected by UnHackMe: SESSIONSTORE.EXE Default location: %APPDATA%\ADOBE\FLASH PLAYER\ASSETCACHE\SESSIONSTORE.EXE Dropper hash(md5): a0c36e20081babf9440298ea51a87d7b Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with…

Continue reading

Mal/KeyGen-M

Mal/KeyGen-M also known as W32/Risk.OHCW-8559, PSW.Generic7.BWBC. Malware Analysis of Mal/KeyGen-M Created files: %Program Files%\Wkarj\Ueaj\Qrpio.ini %Appdata%\Microsoft\Protect\S-1-5-21-1659004503-1708537768-1801674531-500\2b39c23a-e9aa-4695-bf8e-a733a6e2d532 %Temp%\g81\FinePrint.v6.10.x64.Incl.Keymaker-ZWT.exe %Temp%\g81\jTemp.dat %Temp%\g81\setup.ini Detected by UnHackMe: FINEPRINT.V6.10.X64.INCL.KEYMAKER-ZWT.EXE Default location: %TEMP%\G81\FINEPRINT.V6.10.X64.INCL.KEYMAKER-ZWT.EXE Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading

W32/SageCrypt.ASR!tr

W32/SageCrypt.ASR!tr also known as Win32.Trojan.Sagecrypt.Dygs, TR/Crypt.Xpack.ykxwa, malicious (moderate confidence). Malware Analysis of W32/SageCrypt.ASR!tr – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

OScope.Adware.GV.Cdn

OScope.Adware.GV.Cdn also known as ADSPY/Cdnup.A.1, CNav, BrowserModifier:Win32/CNNIC. Malware Analysis of OScope.Adware.GV.Cdn – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

TROJ_GEN.R0E3C0DAD17

TROJ_GEN.R0E3C0DAD17 also known as static engine – malicious, PWS:Win32/Zakahic.A, malicious (high confidence). Malware Analysis of TROJ_GEN.R0E3C0DAD17 – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Trojan[Ransom]/Win32.SageCrypt

Trojan[Ransom]/Win32.SageCrypt also known as Ransom_Milicry.R023C0CCN17, generic.ml, Win32:Malware-gen. Malware Analysis of Trojan[Ransom]/Win32.SageCrypt – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Backdoor:Win32/Zegost.AD!bit

Backdoor:Win32/Zegost.AD!bit also known as Win32/Trojan.e04, Trojan.GenericKD.4564741, Trojan.Generic.D45A705. Malware Analysis of Backdoor:Win32/Zegost.AD!bit – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d Share This: UnHackMe removes malware invisible…

Continue reading

Artemis!D3F054DE4C81

Artemis!D3F054DE4C81 also known as Win32.Trojan.Falsesign.Wtdg, not-a-virus:AdWare.Win32.Wews87.rg, Win32.Application.Agent.LED4GR. Malware Analysis of Artemis!D3F054DE4C81 – YX_DTS.EXE Created files: %TEMP%\NSSD2D1.TMP\SYSTEM.DLL %TEMP%\NSSD2D1.TMP\UCBROWSER_V3.1.1644.29_4443_(BUILD14102814)_DOWNLOADER.EXE %TEMP%\NSSD2D1.TMP\YX_DTS.EXE %TEMP%\NSX1004.TMP\BG.BMP %TEMP%\NSX1004.TMP\BGWORKER.DLL Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe”” HKLM\System\CurrentControlSet\services\RsMgrSvc\DisplayName: “Rsd Service” HKLM\System\CurrentControlSet\services\sysmon\ImagePath: “system32\DRIVERS\sysmon.sys” HKLM\System\CurrentControlSet\services\sysmon\DisplayName: “sysmon” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PPTASSIST\UNINSTALLSTRING: “%LOCAL APPDATA%\PPTASSIST\UTILITY\UNINST.EXE” HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PPTAssist\DisplayName:…

Continue reading

Atros5.RXZ

Atros5.RXZ also known as Ransom.Milicry, Trojan[Ransom]/Win32.SageCrypt, Trojan ( 004f76a01 ). Malware Analysis of Atros5.RXZ – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

MSIL.Trojan.Injector.JO

MSIL.Trojan.Injector.JO also known as generic.ml, Trj/GdSda.A, Trojan ( 004be5b21 ). Malware Analysis of MSIL.Trojan.Injector.JO – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Gen:Variant.Symmi.14354

Gen:Variant.Symmi.14354 also known as Gen:Variant.Symmi.14354 (B), Artemis!4A8EF5BB1F0E, Trojan ( 0040ed1c1 ). Malware Analysis of Gen:Variant.Symmi.14354 – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

Adware ( 005017e31 )

Adware ( 005017e31 ) also known as PUP/Win32.Linkury.R196393, RDN/Generic PUP.x, RiskWare[WebToolbar]/Win32.Linkury. Malware Analysis of Adware ( 005017e31 ) – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 Share This: UnHackMe…

Continue reading

BehavesLike.Win32.PWSGamania.cc

BehavesLike.Win32.PWSGamania.cc also known as Trojan.Gen, W32/Onlinegames.QTX!tr.pws. Malware Analysis of BehavesLike.Win32.PWSGamania.cc – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading

Trojan.GenericKD.4564741 (B)

Trojan.GenericKD.4564741 (B) also known as W32/Trojan.ZEAW-3919, Trojan.GenericKD.4564741, Mal/Generic-S. Malware Analysis of Trojan.GenericKD.4564741 (B) – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d Share This: UnHackMe removes…

Continue reading

Win32.Trojan.WisdomEyes.16070401.9500.9984

Win32.Trojan.WisdomEyes.16070401.9500.9984 also known as static engine – malicious, MSIL/Injecto.58E1!tr, Generic.awn. Malware Analysis of Win32.Trojan.WisdomEyes.16070401.9500.9984 – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Trojan.Generic.D461E6D

Trojan.Generic.D461E6D also known as Trojan-Ransom.Win32.SageCrypt.asr, Ransom.SageLocker, Win32:Malware-gen. Malware Analysis of Trojan.Generic.D461E6D – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Malware.Heuristic!ET#93% (rdm+)

Malware.Heuristic!ET#93% (rdm+) also known as static engine – malicious, malicious_confidence_87% (D), Win32.Trojan.WisdomEyes.16070401.9500.9999. Malware Analysis of Malware.Heuristic!ET#93% (rdm+) – TMD625.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: TMD625.DLL Default location: %SYSDIR%\TMD625.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Backdoor ( 04c4de411 )

Backdoor ( 04c4de411 ) also known as Adware.Cdnup.A, ADSPY/Cdnup.A.1, PE:Trojan.Win32.Generic.148B9C89!344693897. Malware Analysis of Backdoor ( 04c4de411 ) – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading

W32/Zuten.C.gen!Eldorado

W32/Zuten.C.gen!Eldorado also known as Trojan.Gen, Trojan ( 0040ed1c1 ), Gen:Variant.Symmi.14354. Malware Analysis of W32/Zuten.C.gen!Eldorado – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading

W32/Trojan.ZEAW-3919

W32/Trojan.ZEAW-3919 also known as Trojan.GenericKD.4564741, Trojan.Win32.Generic!BT, Win32.Trojan.WisdomEyes.16070401.9500.9991. Malware Analysis of W32/Trojan.ZEAW-3919 – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d Share This: UnHackMe removes malware invisible…

Continue reading

Generic PUA OC (PUA)

Generic PUA OC (PUA) also known as TROJ_GEN.R01BC0ECB17, PUP/Win32.Linkury.R196393, Application.AdLink (A). Malware Analysis of Generic PUA OC (PUA) – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 Share This: UnHackMe…

Continue reading

SHeur.AM

SHeur.AM also known as OScope.Adware.GV.Cdn, Adware.Cdnup.A, TrojWare.Win32.Pakes.lmb. Malware Analysis of SHeur.AM – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Trojan.GenericKD.4595309

Trojan.GenericKD.4595309 also known as Win32:Malware-gen, Trojan.Win32.SageCrypt.emkgle, Ransom_Milicry.R023C0CCN17. Malware Analysis of Trojan.GenericKD.4595309 – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

pws.win32.zakahic.a

pws.win32.zakahic.a also known as TROJ_GEN.R0E3C0DAD17, Gen:Variant.Symmi.14354, Gen:Variant.Symmi.14354. Malware Analysis of pws.win32.zakahic.a – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

Ransom.Cry

Ransom.Cry also known as Trojan.SageCrypt!, Mal/Generic-S, W32/SageCrypt.ASR!tr. Malware Analysis of Ransom.Cry – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Win32.Trojan-PSW.OLGames.bp

Win32.Trojan-PSW.OLGames.bp also known as W32/Onlinegames.QTX!tr.pws, Win32:OnLineGames-GNB [Trj]. Malware Analysis of Win32.Trojan-PSW.OLGames.bp – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

Artemis!4A8EF5BB1F0E

Artemis!4A8EF5BB1F0E also known as Win32/Trojan.GameThief.baa, W32/Zuten.C.gen!Eldorado, HEUR:Trojan.Win32.Generic. Malware Analysis of Artemis!4A8EF5BB1F0E – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

Dropper.AgentCRTD.Win32.7861

Dropper.AgentCRTD.Win32.7861 also known as Artemis!D3F054DE4C81, malicious (high confidence), a variant of Win32/Wews87.A potentially unwanted. Malware Analysis of Dropper.AgentCRTD.Win32.7861 – YX_DTS.EXE Created files: %TEMP%\NSSD2D1.TMP\SYSTEM.DLL %TEMP%\NSSD2D1.TMP\UCBROWSER_V3.1.1644.29_4443_(BUILD14102814)_DOWNLOADER.EXE %TEMP%\NSSD2D1.TMP\YX_DTS.EXE %TEMP%\NSX1004.TMP\BG.BMP %TEMP%\NSX1004.TMP\BGWORKER.DLL Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe”” HKLM\System\CurrentControlSet\services\RsMgrSvc\DisplayName: “Rsd Service” HKLM\System\CurrentControlSet\services\sysmon\ImagePath:…

Continue reading

Trojan.GenericKD.4595309 (B)

Trojan.GenericKD.4595309 (B) also known as Trojan.Win32.Generic!BT, Trojan.Encoder.10433, Win32/Trojan.Ransom.b1f. Malware Analysis of Trojan.GenericKD.4595309 (B) – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

a variant of Win32/RiskWare.LTLogger.A

a variant of Win32/RiskWare.LTLogger.A also known as malicious (high confidence), Generic PUA LE (PUA). Malware Analysis of a variant of Win32/RiskWare.LTLogger.A – 9377MYCS_Y_MGAZ2_01.EXE Created files: %TEMP%\INS1256858.EXE.LOG %TEMP%\NSSD2D1.TMP\1.RAR %TEMP%\NSSD2D1.TMP\9377MYCS_Y_MGAZ2_01.EXE %TEMP%\NSSD2D1.TMP\BASE64.DLL %TEMP%\NSSD2D1.TMP\F1023_S_30974.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe”” HKLM\System\CurrentControlSet\services\RsMgrSvc\DisplayName:…

Continue reading

Backdoor.Ramnit.Win32.3256

Backdoor.Ramnit.Win32.3256 also known as Win.Trojan.Ramnit-6040. Malware Analysis of Backdoor.Ramnit.Win32.3256 – BARCONTROL.DLL Created files: %TEMP%\~RNSETUP\ZGOOGLE_DESKTOP\GDSAPI.DLL %TEMP%\~RNSETUP\ZGOOGLE_DESKTOP\GDSSETUP.EXE %TEMP%\~RNSETUP\ZGOOGLE_TOOLBAR\BARCONTROL.DLL %TEMP%\~RNSETUP\ZGOOGLE_TOOLBAR\GOOGLETOOLBARINSTALLER.EXE %TEMP%\~RNSETUP\ZGOOGLE_TOOLBAR\GOOGLETOOLBARINSTALLER98.EXE Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: BARCONTROL.DLL DEFAULT LOCATION: %TEMP%\~RNSETUP\ZGOOGLE_TOOLBAR\BARCONTROL.DLL Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Trojan.Win32.OnLineGames.ejurye

Trojan.Win32.OnLineGames.ejurye also known as Trojan.Generic.afrpn, Gen:Variant.Symmi.14354, PSW.OnlineGames4.BOKM. Malware Analysis of Trojan.Win32.OnLineGames.ejurye – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera