PSW.ILSpy

PSW.ILSpy also known as Gen:Variant.Barys.7488 (B), MSIL:Bladabindi-A [Trj], W32/MSIL_Troj.AP.gen!Eldorado. Malware Analysis of PSW.ILSpy – YAHOO MESENGER.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016061720160618\CONTAINER.DAT %LOCAL APPDATA%\MICROSOFT\WINDOWS\WER\REPORTARCHIVE\KERNEL_0_0_CAB_095CD0FC\REPORT.WER %TEMP%\YAHOO MESENGER.EXE %TEMP%\YAHOO MESENGER.EXE.TMP %STARTUP%-\09FE2B66FA61CF510CD157F5FAB34C41.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\09FE2B66FA61CF510CD157F5FAB34C41: “”%TEMP%\YAHOO MESENGER.EXE” ..” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\09FE2B66FA61CF510CD157F5FAB34C41: “”%TEMP%\YAHOO MESENGER.EXE” ..” Detected by UnHackMe: YAHOO MESENGER.EXE DEFAULT LOCATION: %TEMP%\YAHOO MESENGER.EXE Dropper hash(md5): b9b0028040b8342f5521a66eb9eabb28 Share This: UnHackMe removes malware…

Continue reading

PUP.Optional.Elex

PUP.Optional.Elex also known as AdPlugin.OGN. Malware Analysis of PUP.Optional.Elex – FEDARYQEULESERVERSRV.EXE Created files: %Common Appdata%\SecurityUtility\install.log %Common Appdata%\SecurityUtility\NSISHelper.dll %Program Files%\Fedaryqeule\FedaryqeuleServerSrv.exe %Program Files%\Fedaryqeule\FedaryqeuleServerTsk.exe %Program Files%\Fedaryqeule\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678} Detected by UnHackMe: FEDARYQEULESERVERSRV.EXE Default location: %PROGRAM FILES%\FEDARYQEULE\FEDARYQEULESERVERSRV.EXE Dropper hash(md5): 281757c174a9b4f08c50205677aec622 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

PUP.Optional.YesSearches

PUP.Optional.YesSearches also known as HEUR/QVM10.1.Malware.Gen. Malware Analysis of PUP.Optional.YesSearches – SHORTCCCBOOST.EXE Created files: %Program Files%\SpeedSearchesbnd\CCeuter.exe %Program Files%\SpeedSearchesbnd\FFeuter.exe %Program Files%\SpeedSearchesbnd\ShortCccBoost.exe %Program Files%\SpeedSearchesbnd\Uninst.exe %Program Files%\SpeedSearchesbnd\WinSvces.exe Autostart registry keys: HKLM\System\CurrentControlSet\Services\BugreportW\ImagePath: “”%Program Files%\SpeedSearchesbnd\Bugreportauclt.exe” {154DFF63-3402-4815-941A-AAD63AE8B428}” HKLM\System\CurrentControlSet\Services\BugreportW\DisplayName: “BugreportW” HKLM\System\CurrentControlSet\Services\WinSvces\ImagePath: “”%Program Files%\WinSvces\WinSvces\WinSvces.exe” {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678}” HKLM\System\CurrentControlSet\Services\WinSvces\DisplayName: “WinSvces” Detected by UnHackMe: SHORTCCCBOOST.EXE Default location: %PROGRAM FILES%\SPEEDSEARCHESBND\SHORTCCCBOOST.EXE Dropper hash(md5): bfe54774fb30798673232714d694cf73 Share This: UnHackMe removes malware…

Continue reading

Multiplug-FUX

Multiplug-FUX also known as Gen:Variant.Mikey.11576, Trojan.Exception.gen.101. Malware Analysis of Multiplug-FUX – CDRCGL3NFYAVFU.EXE Created files: %Program Files%\bestadblocker\cDRcGl3nfyaVfu.dat %Program Files%\bestadblocker\cDRcGl3nfyaVfu.dll %Program Files%\bestadblocker\cDRcGl3nfyaVfu.exe %Program Files%\bestadblocker\cDRcGl3nfyaVfu.tlb %Program Files%\PriceMinus\hKhiUjgidwnN3x.dat Autostart registry keys: HKLM\Software\Classes\CLSID\{B05F2877-D6B2-46E5-80AF-75A657AE0663}\InprocServer32\: “%Program Files%\PriceMinus\hKhiUjgidwnN3x.dll” HKLM\Software\Classes\CLSID\{EC53FB14-0DF2-41D8-9710-6F7B9BA3F40B}\InprocServer32\: “%Program Files%\bestadblocker\cDRcGl3nfyaVfu.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}\DisplayName: “PriceMinus” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}\UninstallString: “”%Program Files%\PriceMinus\hKhiUjgidwnN3x.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f9c5f880}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\RELAYD~1\RELAYD~1.DLL”,_uninstall /un” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f9c5f880}\DisplayName: “LibraryFunc” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\DisplayName: “bestadblocker” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\UninstallString: “”%Program Files%\bestadblocker\cDRcGl3nfyaVfu.exe” /s /n…

Continue reading

Multiplug-FYP

Multiplug-FYP also known as Gen:Variant.Application.Graftor.184894, HW32.Packed.9D00, Gen:Variant.Application.Graftor.184894. Malware Analysis of Multiplug-FYP – RELAYDOUBLE.DLL Created files: %Program Files%\PRiceMinuus\PRiceMinuus.dat %Program Files%\PRiceMinuus\PRiceMinuus.exe %Program Files%\RelayDouble\RelayDouble.dll %Program Files%\Turntable fm Extended\Turntable fm Extended.dat %Program Files%\Turntable fm Extended\Turntable fm Extended.exe Autostart registry keys: HKLM\Software\Classes\CLSID\{B05F2877-D6B2-46E5-80AF-75A657AE0663}\InprocServer32\: “%Program Files%\PriceMinus\hKhiUjgidwnN3x.dll” HKLM\Software\Classes\CLSID\{EC53FB14-0DF2-41D8-9710-6F7B9BA3F40B}\InprocServer32\: “%Program Files%\bestadblocker\cDRcGl3nfyaVfu.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}\DisplayName: “PriceMinus” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}\UninstallString: “”%Program Files%\PriceMinus\hKhiUjgidwnN3x.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f9c5f880}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\RELAYD~1\RELAYD~1.DLL”,_uninstall /un”…

Continue reading

PUP.Optional.Bershnet

PUP.Optional.Bershnet also known as Trojan.Win32.DownLoader12.dowcfo, W32/Dlhelper.A.gen!Eldorado, PE:Malware.Agent!6.1CD7. Malware Analysis of PUP.Optional.Bershnet – 270315062329224.EXE Created files: %Temp%\2B33F78E-9917-4F9A-BFD5-CA44AF71EAD6.exe %Temp%\42345D30-A587-44A2-AF3F-A6B0ED692B5E.exe %Temp%\Downloader\270315062329224.exe %Temp%\mailruupdater_tmp.exe %Temp%\ZaxarSetup.4.001.33.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ZaxarLoader: “”%Program Files%\Zaxar\ZaxarLoader.exe” /verysilent” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Timestasks: “”C:\ProgramData\TimeTasks\TimeTasksSetup.exe” /adv= /S” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmartSearch\DisplayName: “SmartSearch” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmartSearch\UninstallString: “”%Appdata%\SmartSearch\SmartSearch.exe” /uninstall” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZaxarGameBrowser\DisplayName: “Zaxar Games Browser” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZaxarGameBrowser\UninstallString: “”%Program Files%\Zaxar\uninstall.exe”” Detected by UnHackMe: 270315062329224.EXE Default location: %TEMP%\DOWNLOADER\270315062329224.EXE Dropper hash(md5): e1428c75d6237982858544cafe1674a2 Share This:…

Continue reading

FraudTool.YAC

FraudTool.YAC also known as TR/Elex.2336080.8, Riskware/Elex, Artemis!BC024F533F63. Malware Analysis of FraudTool.YAC – ISAFEDOWNLOADER.EXE Created files: %Appdata%\eCyber\log\isafedownloader.log %Temp%\nsl2.tmp\BasicDlg.dll %Temp%\nsl2.tmp\System.dll %Temp%\~3\data %Temp%\~3\iSafeDownloader.exe Detected by UnHackMe: ISAFEDOWNLOADER.EXE Default location: %TEMP%\~3\ISAFEDOWNLOADER.EXE Dropper hash(md5): 5c3423fc24bc697b5fecbbb790d972d3 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

HEUR/QVM41.1.Malware.Gen

HEUR/QVM41.1.Malware.Gen also known as OptimizerPro, Adware ( 004a9c571 ), Artemis!46ACA093F842. Malware Analysis of HEUR/QVM41.1.Malware.Gen – OPPROSETUP.EXE Created files: %Temp%\BB0a5a991d7\temp\EzDownloader_setup.exe %Temp%\BB0a5a991d7\temp\hpds_setup.exe %Temp%\BB0a5a991d7\temp\OpProSetup.exe %Temp%\BB0a5a991d7\temp\putfu.exe %Temp%\BB0a5a991d7\temp\setupbc.exe Autostart registry keys: HKLM\Software\Classes\CLSID\{6960dfdc-e345-4b2d-967e-f15d16374e72}\InprocServer32\: “%Program Files%\YoutubeAdBlocke\Ni7A8JtTUau6US.dll” HKLM\Software\Classes\CLSID\{9861045a-10e8-4fea-9f2c-452d5ea98a47}\InprocServer32\: “%Program Files%\GoSave\mW9YTjlxUc3WVT.dll” HKLM\Software\Classes\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}\InprocServer32\: “%Program Files%\LiveSupport\LiveSupport_deskband_x32.dll” HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\DisplayName: “WebSearch” HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\DisplayName: “Local Group Policy” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\DisplayName: “LiveSupport” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\UninstallString: “”%Program Files%\LiveSupport\unins000.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\DisplayName: “Optimizer Pro v3.2” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\UninstallString:…

Continue reading

AdWare.Generic.vvg

AdWare.Generic.vvg also known as a variant of Win32/Adware.MultiPlug.NX, malicious_confidence_100% (D), not-a-virus:HEUR:AdWare.Win32.Generic. Malware Analysis of AdWare.Generic.vvg – 075268762163D0289E874E2BEC076C22.EXE Created files: %WINDIR%\TASKS\EASYSTORAGE.JOB %COMMON APPDATA%\{1E675AD6-C4FB-3C5C-1E67-75AD6C4F6B5B}\075268762163D0289E874E2BEC076C22.DAT %COMMON APPDATA%\{1E675AD6-C4FB-3C5C-1E67-75AD6C4F6B5B}\075268762163D0289E874E2BEC076C22.EXE %COMMON APPDATA%\{1E675AD6-C4FB-3C5C-1E67-75AD6C4F6B5B}\72F8E35614D81DFA %COMMON APPDATA%\{1E675AD6-C4FB-3C5C-1E67-75AD6C4F6B5B}\BF054503330CFA2E Detected by UnHackMe: 075268762163D0289E874E2BEC076C22.EXE DEFAULT LOCATION: %COMMON APPDATA%\{1E675AD6-C4FB-3C5C-1E67-75AD6C4F6B5B}\075268762163D0289E874E2BEC076C22.EXE Dropper hash(md5): 075268762163d0289e874e2bec076c22 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software.…

Continue reading

Artemis!874FBB12CAAC

Artemis!874FBB12CAAC also known as not-a-virus:HEUR:AdWare.Win32.OutBrowse.heur, Win32/Virus.Adware.ec4, Riskware ( 0040eff71 ). Malware Analysis of Artemis!874FBB12CAAC – BEFACGHGBC_P.EXE Created files: %TEMP%\BEFACGHGBC_P.EXE %TEMP%\WER974B.TMP.WERINTERNALMETADATA.XML %TEMP%\WERBC7D.TMP.APPCOMPAT.TXT %TEMP%\WERBFBA.TMP.MDMP %WINDIR%\TEMP\TMP00000001CADB6B3EBBEF516B Detected by UnHackMe: BEFACGHGBC_P.EXE DEFAULT LOCATION: %TEMP%\BEFACGHGBC_P.EXE Dropper hash(md5): f3e6c1ffda6e8c39b4287b405eb847c9 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

TrojanDownloader.Kuluoz.aae

TrojanDownloader.Kuluoz.aae also known as Trojan ( 004f14ea1 ), Trj/Genetic.gen, Trojan.Win32.Generic!BT. Malware Analysis of TrojanDownloader.Kuluoz.aae – IVOVMXCV.EXE Created files: %PROFILE%\IVOVMXCV.EXE %SYSDIR%\IVOVMXCV.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\IVOVMXCV: “%SYSDIR%\IVOVMXCV.EXE” Detected by UnHackMe: IVOVMXCV.EXE DEFAULT LOCATION: %PROFILE%\IVOVMXCV.EXE Dropper hash(md5): fa4f22af5a95e90d7a9c8de178b873f6 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

HW32.Packed.6804

HW32.Packed.6804 also known as Application.Win32.MultiPlug.HD, AdLoad, Gen:Variant.Razy.17818. Malware Analysis of HW32.Packed.6804 – FA002F981C7446B420502E843A989FB7.EXE Created files: %COMMON APPDATA%\{13D83075-96BE-9726-13D8-8307596BC1D6}\C80E9A893098DF74 %COMMON APPDATA%\{13D83075-96BE-9726-13D8-8307596BC1D6}\FA002F981C7446B420502E843A989FB7.DAT %COMMON APPDATA%\{13D83075-96BE-9726-13D8-8307596BC1D6}\FA002F981C7446B420502E843A989FB7.EXE %SYSDIR%\TASKS\TEENFIX %WINDIR%\TASKS\TEENFIX.JOB Detected by UnHackMe: FA002F981C7446B420502E843A989FB7.EXE DEFAULT LOCATION: %COMMON APPDATA%\{13D83075-96BE-9726-13D8-8307596BC1D6}\FA002F981C7446B420502E843A989FB7.EXE Dropper hash(md5): fa002f981c7446b420502e843a989fb7 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Riskware.Win32.MultiPlug.dwqmvs

Riskware.Win32.MultiPlug.dwqmvs also known as Gen:Variant.Razy.6245, SScope.Adware.Multiplug, Gen:Variant.Razy.6245. Malware Analysis of Riskware.Win32.MultiPlug.dwqmvs – F5FA4436E0915014FA64B2440469D3ED.EXE Created files: %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\99FB2754B56FE161 %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\F5FA4436E0915014FA64B2440469D3ED.DAT %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\F5FA4436E0915014FA64B2440469D3ED.EXE %SYSDIR%\TASKS\PREMIUMSCANNER %WINDIR%\TASKS\PREMIUMSCANNER.JOB Detected by UnHackMe: F5FA4436E0915014FA64B2440469D3ED.EXE DEFAULT LOCATION: %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\F5FA4436E0915014FA64B2440469D3ED.EXE Dropper hash(md5): f5fa4436e0915014fa64b2440469d3ed Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

PSW.Banker6.ASZN

PSW.Banker6.ASZN also known as Trj/Genetic.gen, Downloader-FKA!040CEA3A49ED. Malware Analysis of PSW.Banker6.ASZN – PLUGUINFACEBOOK8.EXE Created files: %COMMON APPDATA%\PLUGUINFACEBOOK8.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\B124E09A-D7E2-41A0-914A-E1C8D82A0519 Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MICROSOFT UPDATE 2.5: “”%COMMON APPDATA%\PLUGUINFACEBOOK8.EXE”” Detected by UnHackMe: PLUGUINFACEBOOK8.EXE DEFAULT LOCATION: %COMMON APPDATA%\PLUGUINFACEBOOK8.EXE Dropper hash(md5): 040cea3a49ed128b0d27a2ce7796452e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading

AdWare.OutBrowse.goa

AdWare.OutBrowse.goa also known as Win32.Adware.DownloadAdmin.I, Adware ( 004ce05d1 ), Adware.OutBrowse.Win32.84710. Malware Analysis of AdWare.OutBrowse.goa – BEFBBEFHDG.EXE Created files: %TEMP%\BEFBBEFHDG.EXE %TEMP%\ICACHE-04044202.TMP %TEMP%\ILIST-00000000.TMP %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\25C93CE1-4E11-43E8-BDBB-2E2BD78F0FB0 Detected by UnHackMe: BEFBBEFHDG.EXE DEFAULT LOCATION: %TEMP%\BEFBBEFHDG.EXE Dropper hash(md5): 024da8a60ed9c585cc7778eaad031e3e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

Trojan.Win32.Siggen5.cymexh

Trojan.Win32.Siggen5.cymexh also known as TR/Dldr.Banload.aci.1370, TROJ_SPNR.28CP13, W32/Trojan.MQMR-6614. Malware Analysis of Trojan.Win32.Siggen5.cymexh – PLUGUINFACEBOOK8.EXE Created files: %COMMON APPDATA%\PLUGUINFACEBOOK8.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\B124E09A-D7E2-41A0-914A-E1C8D82A0519 Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MICROSOFT UPDATE 2.5: “”%COMMON APPDATA%\PLUGUINFACEBOOK8.EXE”” Detected by UnHackMe: PLUGUINFACEBOOK8.EXE DEFAULT LOCATION: %COMMON APPDATA%\PLUGUINFACEBOOK8.EXE Dropper hash(md5): 040cea3a49ed128b0d27a2ce7796452e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

PSW.Banker6.ASYK

PSW.Banker6.ASYK also known as Trojan.Generic.KDZ.11272, Trj/Genetic.gen, Troj/Banker-FTI. Malware Analysis of PSW.Banker6.ASYK – PLUGUINFACEBOOK7.EXE Created files: %COMMON APPDATA%\PLUGUINFACEBOOK7.EXE Detected by UnHackMe: PLUGUINFACEBOOK7.EXE DEFAULT LOCATION: %COMMON APPDATA%\PLUGUINFACEBOOK7.EXE Dropper hash(md5): f5921558a2c6684cec03e60ab04da9e1 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

TrojanDownloader.Agent.eytl

TrojanDownloader.Agent.eytl also known as TR/Crypt.ZPACK.Gen8, Adware.MultiPlugGen.Win32.26, Crypt4.BGVH. Malware Analysis of TrojanDownloader.Agent.eytl – F5FA4436E0915014FA64B2440469D3ED.EXE Created files: %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\99FB2754B56FE161 %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\F5FA4436E0915014FA64B2440469D3ED.DAT %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\F5FA4436E0915014FA64B2440469D3ED.EXE %SYSDIR%\TASKS\PREMIUMSCANNER %WINDIR%\TASKS\PREMIUMSCANNER.JOB Detected by UnHackMe: F5FA4436E0915014FA64B2440469D3ED.EXE DEFAULT LOCATION: %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\F5FA4436E0915014FA64B2440469D3ED.EXE Dropper hash(md5): f5fa4436e0915014fa64b2440469d3ed Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Trojan.Generic.D323F84

Trojan.Generic.D323F84 also known as Trojan.Proxy2.337, Trojan.Win32.Generic!BT, W32/Kuluoz.EZGW!tr.dldr. Malware Analysis of Trojan.Generic.D323F84 – IVOVMXCV.EXE Created files: %PROFILE%\IVOVMXCV.EXE %SYSDIR%\IVOVMXCV.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\IVOVMXCV: “%SYSDIR%\IVOVMXCV.EXE” Detected by UnHackMe: IVOVMXCV.EXE DEFAULT LOCATION: %PROFILE%\IVOVMXCV.EXE Dropper hash(md5): fa4f22af5a95e90d7a9c8de178b873f6 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

TrojanDownloader:Win32/Banload.ACI

TrojanDownloader:Win32/Banload.ACI also known as Gen:Variant.Zusy.185563, Gen:Variant.Zusy.185563, Suspicious.Cloud.9. Malware Analysis of TrojanDownloader:Win32/Banload.ACI – PLUGUINFACEBOOK8.EXE Created files: %COMMON APPDATA%\PLUGUINFACEBOOK8.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\B124E09A-D7E2-41A0-914A-E1C8D82A0519 Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MICROSOFT UPDATE 2.5: “”%COMMON APPDATA%\PLUGUINFACEBOOK8.EXE”” Detected by UnHackMe: PLUGUINFACEBOOK8.EXE DEFAULT LOCATION: %COMMON APPDATA%\PLUGUINFACEBOOK8.EXE Dropper hash(md5): 040cea3a49ed128b0d27a2ce7796452e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

a variant of Win32/Spy.Banker.ZGK

a variant of Win32/Spy.Banker.ZGK also known as Trojan.Win32.Generic!BT, Trojan.Generic.KDZ.11272, Trojan.Generic.KDZ.11272. Malware Analysis of a variant of Win32/Spy.Banker.ZGK – PLUGUINFACEBOOK7.EXE Created files: %COMMON APPDATA%\PLUGUINFACEBOOK7.EXE Detected by UnHackMe: PLUGUINFACEBOOK7.EXE DEFAULT LOCATION: %COMMON APPDATA%\PLUGUINFACEBOOK7.EXE Dropper hash(md5): f5921558a2c6684cec03e60ab04da9e1 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Generic6.AEVJ

Generic6.AEVJ also known as a variant of Win32/Adware.MultiPlug.IO, Trojan.Win32.Qudamah.Gen.4, Gen:Variant.Adware.Mplug.36. Malware Analysis of Generic6.AEVJ – F70144B5C8450BFA2D69467AB1A355BB.EXE Created files: %COMMON APPDATA%\{6A8B2848-9F21-276A-6A8B-B28489F2A122}\F70144B5C8450BFA2D69467AB1A355BB.DAT %COMMON APPDATA%\{6A8B2848-9F21-276A-6A8B-B28489F2A122}\F70144B5C8450BFA2D69467AB1A355BB.EXE %STARTUP%\F70144B5C8450BFA2D69467AB1A355BB.LNK Detected by UnHackMe: F70144B5C8450BFA2D69467AB1A355BB.EXE DEFAULT LOCATION: %COMMON APPDATA%\{6A8B2848-9F21-276A-6A8B-B28489F2A122}\F70144B5C8450BFA2D69467AB1A355BB.EXE Dropper hash(md5): f70144b5c8450bfa2d69467ab1a355bb Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Downloader.Kuluoz!8.83A-Cfu2huSw2xU (Cloud)

Downloader.Kuluoz!8.83A-Cfu2huSw2xU (Cloud) also known as Mal/Generic-S, Trojan.GenericKD.3293060, Trojan.GenericKD.3293060. Malware Analysis of Downloader.Kuluoz!8.83A-Cfu2huSw2xU (Cloud) – IVOVMXCV.EXE Created files: %PROFILE%\IVOVMXCV.EXE %SYSDIR%\IVOVMXCV.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\IVOVMXCV: “%SYSDIR%\IVOVMXCV.EXE” Detected by UnHackMe: IVOVMXCV.EXE DEFAULT LOCATION: %PROFILE%\IVOVMXCV.EXE Dropper hash(md5): fa4f22af5a95e90d7a9c8de178b873f6 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Trojan.Siggen5.10340

Trojan.Siggen5.10340 also known as Gen:Variant.Zusy.185563, Trojan.Win32.Siggen5.cymexh, Downloader-FKA!040CEA3A49ED. Malware Analysis of Trojan.Siggen5.10340 – PLUGUINFACEBOOK8.EXE Created files: %COMMON APPDATA%\PLUGUINFACEBOOK8.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\B124E09A-D7E2-41A0-914A-E1C8D82A0519 Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MICROSOFT UPDATE 2.5: “”%COMMON APPDATA%\PLUGUINFACEBOOK8.EXE”” Detected by UnHackMe: PLUGUINFACEBOOK8.EXE DEFAULT LOCATION: %COMMON APPDATA%\PLUGUINFACEBOOK8.EXE Dropper hash(md5): 040cea3a49ed128b0d27a2ce7796452e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Trojan.Generic.KDZ.11272

Trojan.Generic.KDZ.11272 also known as PSW.Banker6.ASYK, Artemis!F5921558A2C6, Troj/Banker-FTI. Malware Analysis of Trojan.Generic.KDZ.11272 – PLUGUINFACEBOOK7.EXE Created files: %COMMON APPDATA%\PLUGUINFACEBOOK7.EXE Detected by UnHackMe: PLUGUINFACEBOOK7.EXE DEFAULT LOCATION: %COMMON APPDATA%\PLUGUINFACEBOOK7.EXE Dropper hash(md5): f5921558a2c6684cec03e60ab04da9e1 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

Dialer.Adialer.C4

Dialer.Adialer.C4 also known as Malware.Generic!PdCKCG7YlLH@5 (Thunder), Unwanted-Program ( 004ae5ba1 ), Dialer-RAS.v.gen. Malware Analysis of Dialer.Adialer.C4 – 05766E03846718D1F6C6DBCF88E39FC3.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\6AD18715-3EAA-4406-8DF1-76C378B74A5D %WINDIR%\TEMP\MT\05766E03846718D1F6C6DBCF88E39FC3.EXE Detected by UnHackMe: 05766E03846718D1F6C6DBCF88E39FC3.EXE Default location: %WinDir%\TEMP\MT\05766E03846718D1F6C6DBCF88E39FC3.EXE Dropper hash(md5): 05766e03846718d1f6c6dbcf88e39fc3 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading

Crypt4.BGVH

Crypt4.BGVH also known as Generic Suspicious, SScope.Adware.Multiplug, Gen:Variant.Razy.6245. Malware Analysis of Crypt4.BGVH – F5FA4436E0915014FA64B2440469D3ED.EXE Created files: %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\99FB2754B56FE161 %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\F5FA4436E0915014FA64B2440469D3ED.DAT %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\F5FA4436E0915014FA64B2440469D3ED.EXE %SYSDIR%\TASKS\PREMIUMSCANNER %WINDIR%\TASKS\PREMIUMSCANNER.JOB Detected by UnHackMe: F5FA4436E0915014FA64B2440469D3ED.EXE DEFAULT LOCATION: %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\F5FA4436E0915014FA64B2440469D3ED.EXE Dropper hash(md5): f5fa4436e0915014fa64b2440469d3ed Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

TrojanDownloader:Win32/Banload.ACI

TrojanDownloader:Win32/Banload.ACI also known as Trojan.Win32.Generic!BT, a variant of Win32/Spy.Banker.ZGK, Trojan.Generic.KDZ.11272. Malware Analysis of TrojanDownloader:Win32/Banload.ACI – PLUGUINFACEBOOK7.EXE Created files: %COMMON APPDATA%\PLUGUINFACEBOOK7.EXE Detected by UnHackMe: PLUGUINFACEBOOK7.EXE DEFAULT LOCATION: %COMMON APPDATA%\PLUGUINFACEBOOK7.EXE Dropper hash(md5): f5921558a2c6684cec03e60ab04da9e1 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading

Malware.Generic!VDu4tyFxJ4@5 (Thunder)

Malware.Generic!VDu4tyFxJ4@5 (Thunder) also known as Win32.Adware.Generic.bb, W32/Generic.AC.1AC122!tr, Generic Suspicious. Malware Analysis of Malware.Generic!VDu4tyFxJ4@5 (Thunder) – F5FA4436E0915014FA64B2440469D3ED.EXE Created files: %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\99FB2754B56FE161 %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\F5FA4436E0915014FA64B2440469D3ED.DAT %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\F5FA4436E0915014FA64B2440469D3ED.EXE %SYSDIR%\TASKS\PREMIUMSCANNER %WINDIR%\TASKS\PREMIUMSCANNER.JOB Detected by UnHackMe: F5FA4436E0915014FA64B2440469D3ED.EXE DEFAULT LOCATION: %COMMON APPDATA%\{A55677FD-C5B6-9EDA-A556-677FDC5BDFF7}\F5FA4436E0915014FA64B2440469D3ED.EXE Dropper hash(md5): f5fa4436e0915014fa64b2440469d3ed Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Adware.OutBrowseCRTD.Win32.449

Adware.OutBrowseCRTD.Win32.449 also known as Riskware ( 0040eff71 ), PUA.OutBrowse!, Riskware ( 0040eff71 ). Malware Analysis of Adware.OutBrowseCRTD.Win32.449 – BEFACGHGBC_P.EXE Created files: %TEMP%\BEFACGHGBC_P.EXE %TEMP%\WER974B.TMP.WERINTERNALMETADATA.XML %TEMP%\WERBC7D.TMP.APPCOMPAT.TXT %TEMP%\WERBFBA.TMP.MDMP %WINDIR%\TEMP\TMP00000001CADB6B3EBBEF516B Detected by UnHackMe: BEFACGHGBC_P.EXE DEFAULT LOCATION: %TEMP%\BEFACGHGBC_P.EXE Dropper hash(md5): f3e6c1ffda6e8c39b4287b405eb847c9 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading

TR/Dldr.Banload.aci.1366

TR/Dldr.Banload.aci.1366 also known as Trojan.Generic.KDZ.11272, Trojan-PWS.Banker6, TROJ_GEN.R47CDCL. Malware Analysis of TR/Dldr.Banload.aci.1366 – PLUGUINFACEBOOK7.EXE Created files: %COMMON APPDATA%\PLUGUINFACEBOOK7.EXE Detected by UnHackMe: PLUGUINFACEBOOK7.EXE DEFAULT LOCATION: %COMMON APPDATA%\PLUGUINFACEBOOK7.EXE Dropper hash(md5): f5921558a2c6684cec03e60ab04da9e1 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

Trojan/Dialer.Agent.ao

Trojan/Dialer.Agent.ao also known as Porn-Dialer.Win32.CapreDeam!O, a variant of Win32/Dialer.CDDial, Generic.Dial.Carpediem.9A73EC57. Malware Analysis of Trojan/Dialer.Agent.ao – 05766E03846718D1F6C6DBCF88E39FC3.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\6AD18715-3EAA-4406-8DF1-76C378B74A5D %WINDIR%\TEMP\MT\05766E03846718D1F6C6DBCF88E39FC3.EXE Detected by UnHackMe: 05766E03846718D1F6C6DBCF88E39FC3.EXE Default location: %WinDir%\TEMP\MT\05766E03846718D1F6C6DBCF88E39FC3.EXE Dropper hash(md5): 05766e03846718d1f6c6dbcf88e39fc3 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Generic6.GHO

Generic6.GHO also known as W32/S-05ee4373!Eldorado, Unwanted-Program ( 0040f9d31 ), not-a-virus:AdWare.Win32.MultiPlug.bwof. Malware Analysis of Generic6.GHO – F517D518FD660DAAD0B94A001642CDBF.EXE Created files: %TEMP%\8BE9908462C\IMAGES\LOADER.GIF %TEMP%\8BE9908462C\IMAGES\PROGRESSBAR.GIF %TEMP%\8BE9908462C\TEMP\BG.CA %TEMP%\8BE9908462C\TEMP\F517D518FD660DAAD0B94A001642CDBF.EXE Detected by UnHackMe: F517D518FD660DAAD0B94A001642CDBF.EXE DEFAULT LOCATION: %TEMP%\8BE9908462C\TEMP\F517D518FD660DAAD0B94A001642CDBF.EXE Dropper hash(md5): f517d518fd660daad0b94a001642cdbf Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

Dialer.CDDial.Gen

Dialer.CDDial.Gen also known as not-a-virus:Porn-Dialer.Win32.CapreDeam, Generic.Dial.Carpediem.9A73EC57, Trojan.AdDialer. Malware Analysis of Dialer.CDDial.Gen – 05766E03846718D1F6C6DBCF88E39FC3.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\6AD18715-3EAA-4406-8DF1-76C378B74A5D %WINDIR%\TEMP\MT\05766E03846718D1F6C6DBCF88E39FC3.EXE Detected by UnHackMe: 05766E03846718D1F6C6DBCF88E39FC3.EXE Default location: %WinDir%\TEMP\MT\05766E03846718D1F6C6DBCF88E39FC3.EXE Dropper hash(md5): 05766e03846718d1f6c6dbcf88e39fc3 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading

Win32.Trojan-Dropper.Addrop.c

Win32.Trojan-Dropper.Addrop.c also known as Application.Bundler.Outbrowse.CV, a variant of Win32/TrojanDropper.Addrop.T. Malware Analysis of Win32.Trojan-Dropper.Addrop.c – BEFACGHGBC_P.EXE Created files: %TEMP%\BEFACGHGBC_P.EXE %TEMP%\WER974B.TMP.WERINTERNALMETADATA.XML %TEMP%\WERBC7D.TMP.APPCOMPAT.TXT %TEMP%\WERBFBA.TMP.MDMP %WINDIR%\TEMP\TMP00000001CADB6B3EBBEF516B Detected by UnHackMe: BEFACGHGBC_P.EXE DEFAULT LOCATION: %TEMP%\BEFACGHGBC_P.EXE Dropper hash(md5): f3e6c1ffda6e8c39b4287b405eb847c9 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

TROJ_GEN.R047C0EGU16

TROJ_GEN.R047C0EGU16 also known as GrayWare[AdWare:not-a-virus,HEUR]/Win32.OutBrowse, Win32:OutBrowse-UR [PUP], Artemis!874FBB12CAAC. Malware Analysis of TROJ_GEN.R047C0EGU16 – BEFACGHGBC_P.EXE Created files: %TEMP%\BEFACGHGBC_P.EXE %TEMP%\WER974B.TMP.WERINTERNALMETADATA.XML %TEMP%\WERBC7D.TMP.APPCOMPAT.TXT %TEMP%\WERBFBA.TMP.MDMP %WINDIR%\TEMP\TMP00000001CADB6B3EBBEF516B Detected by UnHackMe: BEFACGHGBC_P.EXE DEFAULT LOCATION: %TEMP%\BEFACGHGBC_P.EXE Dropper hash(md5): f3e6c1ffda6e8c39b4287b405eb847c9 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading

Win.Adware.Agent-1319321

Win.Adware.Agent-1319321 also known as ADWARE/MultiPlug.Gen7, MultiPlug (PUA), Unwanted-Program ( 004c93fb1 ). Malware Analysis of Win.Adware.Agent-1319321 – 0CAA5A0BBADFFDCADAD1C95A73FDDCFF.EXE Created files: %COMMON APPDATA%\{04258CF4-140A-ADBF-0425-58CF414033D0}\0CAA5A0BBADFFDCADAD1C95A73FDDCFF.DAT %COMMON APPDATA%\{04258CF4-140A-ADBF-0425-58CF414033D0}\0CAA5A0BBADFFDCADAD1C95A73FDDCFF.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\0CCCC242-E077-4D96-9733-FD8A0120E6CA %SYSDIR%\TASKS\MILECALC %WINDIR%\TASKS\MILECALC.JOB Detected by UnHackMe: 0CAA5A0BBADFFDCADAD1C95A73FDDCFF.EXE DEFAULT LOCATION: %COMMON APPDATA%\{04258CF4-140A-ADBF-0425-58CF414033D0}\0CAA5A0BBADFFDCADAD1C95A73FDDCFF.EXE Dropper hash(md5): 0caa5a0bbadffdcadad1c95a73fddcff Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Application.Win32.AdWare.PornDialer.~E

Application.Win32.AdWare.PornDialer.~E also known as W32/PornDialer.H.gen!Eldorado, Generic.Dial.Carpediem.9A73EC57, W32.HfsAdware.E854. Malware Analysis of Application.Win32.AdWare.PornDialer.~E – 05766E03846718D1F6C6DBCF88E39FC3.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\6AD18715-3EAA-4406-8DF1-76C378B74A5D %WINDIR%\TEMP\MT\05766E03846718D1F6C6DBCF88E39FC3.EXE Detected by UnHackMe: 05766E03846718D1F6C6DBCF88E39FC3.EXE Default location: %WinDir%\TEMP\MT\05766E03846718D1F6C6DBCF88E39FC3.EXE Dropper hash(md5): 05766e03846718d1f6c6dbcf88e39fc3 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera