PSW.ILSpy

PSW.ILSpy also known as Gen:Variant.Barys.7488 (B), MSIL:Bladabindi-A [Trj], W32/MSIL_Troj.AP.gen!Eldorado. Malware Analysis of PSW.ILSpy – YAHOO MESENGER.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016061720160618\CONTAINER.DAT %LOCAL APPDATA%\MICROSOFT\WINDOWS\WER\REPORTARCHIVE\KERNEL_0_0_CAB_095CD0FC\REPORT.WER %TEMP%\YAHOO MESENGER.EXE %TEMP%\YAHOO MESENGER.EXE.TMP %STARTUP%-\09FE2B66FA61CF510CD157F5FAB34C41.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\09FE2B66FA61CF510CD157F5FAB34C41: “”%TEMP%\YAHOO MESENGER.EXE” ..” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\09FE2B66FA61CF510CD157F5FAB34C41: “”%TEMP%\YAHOO MESENGER.EXE” ..” Detected by UnHackMe: YAHOO MESENGER.EXE DEFAULT LOCATION: %TEMP%\YAHOO MESENGER.EXE Dropper hash(md5): b9b0028040b8342f5521a66eb9eabb28 Share This: UnHackMe removes malware…

Continue reading

PUP.Optional.Elex

PUP.Optional.Elex also known as AdPlugin.OGN. Malware Analysis of PUP.Optional.Elex – FEDARYQEULESERVERSRV.EXE Created files: %Common Appdata%\SecurityUtility\install.log %Common Appdata%\SecurityUtility\NSISHelper.dll %Program Files%\Fedaryqeule\FedaryqeuleServerSrv.exe %Program Files%\Fedaryqeule\FedaryqeuleServerTsk.exe %Program Files%\Fedaryqeule\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678} Detected by UnHackMe: FEDARYQEULESERVERSRV.EXE Default location: %PROGRAM FILES%\FEDARYQEULE\FEDARYQEULESERVERSRV.EXE Dropper hash(md5): 281757c174a9b4f08c50205677aec622 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

PUP.Optional.YesSearches

PUP.Optional.YesSearches also known as HEUR/QVM10.1.Malware.Gen. Malware Analysis of PUP.Optional.YesSearches – SHORTCCCBOOST.EXE Created files: %Program Files%\SpeedSearchesbnd\CCeuter.exe %Program Files%\SpeedSearchesbnd\FFeuter.exe %Program Files%\SpeedSearchesbnd\ShortCccBoost.exe %Program Files%\SpeedSearchesbnd\Uninst.exe %Program Files%\SpeedSearchesbnd\WinSvces.exe Autostart registry keys: HKLM\System\CurrentControlSet\Services\BugreportW\ImagePath: “”%Program Files%\SpeedSearchesbnd\Bugreportauclt.exe” {154DFF63-3402-4815-941A-AAD63AE8B428}” HKLM\System\CurrentControlSet\Services\BugreportW\DisplayName: “BugreportW” HKLM\System\CurrentControlSet\Services\WinSvces\ImagePath: “”%Program Files%\WinSvces\WinSvces\WinSvces.exe” {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678}” HKLM\System\CurrentControlSet\Services\WinSvces\DisplayName: “WinSvces” Detected by UnHackMe: SHORTCCCBOOST.EXE Default location: %PROGRAM FILES%\SPEEDSEARCHESBND\SHORTCCCBOOST.EXE Dropper hash(md5): bfe54774fb30798673232714d694cf73 Share This: UnHackMe removes malware…

Continue reading

Multiplug-FUX

Multiplug-FUX also known as Gen:Variant.Mikey.11576, Trojan.Exception.gen.101. Malware Analysis of Multiplug-FUX – CDRCGL3NFYAVFU.EXE Created files: %Program Files%\bestadblocker\cDRcGl3nfyaVfu.dat %Program Files%\bestadblocker\cDRcGl3nfyaVfu.dll %Program Files%\bestadblocker\cDRcGl3nfyaVfu.exe %Program Files%\bestadblocker\cDRcGl3nfyaVfu.tlb %Program Files%\PriceMinus\hKhiUjgidwnN3x.dat Autostart registry keys: HKLM\Software\Classes\CLSID\{B05F2877-D6B2-46E5-80AF-75A657AE0663}\InprocServer32\: “%Program Files%\PriceMinus\hKhiUjgidwnN3x.dll” HKLM\Software\Classes\CLSID\{EC53FB14-0DF2-41D8-9710-6F7B9BA3F40B}\InprocServer32\: “%Program Files%\bestadblocker\cDRcGl3nfyaVfu.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}\DisplayName: “PriceMinus” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}\UninstallString: “”%Program Files%\PriceMinus\hKhiUjgidwnN3x.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f9c5f880}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\RELAYD~1\RELAYD~1.DLL”,_uninstall /un” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f9c5f880}\DisplayName: “LibraryFunc” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\DisplayName: “bestadblocker” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\UninstallString: “”%Program Files%\bestadblocker\cDRcGl3nfyaVfu.exe” /s /n…

Continue reading

Multiplug-FYP

Multiplug-FYP also known as Gen:Variant.Application.Graftor.184894, HW32.Packed.9D00, Gen:Variant.Application.Graftor.184894. Malware Analysis of Multiplug-FYP – RELAYDOUBLE.DLL Created files: %Program Files%\PRiceMinuus\PRiceMinuus.dat %Program Files%\PRiceMinuus\PRiceMinuus.exe %Program Files%\RelayDouble\RelayDouble.dll %Program Files%\Turntable fm Extended\Turntable fm Extended.dat %Program Files%\Turntable fm Extended\Turntable fm Extended.exe Autostart registry keys: HKLM\Software\Classes\CLSID\{B05F2877-D6B2-46E5-80AF-75A657AE0663}\InprocServer32\: “%Program Files%\PriceMinus\hKhiUjgidwnN3x.dll” HKLM\Software\Classes\CLSID\{EC53FB14-0DF2-41D8-9710-6F7B9BA3F40B}\InprocServer32\: “%Program Files%\bestadblocker\cDRcGl3nfyaVfu.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}\DisplayName: “PriceMinus” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}\UninstallString: “”%Program Files%\PriceMinus\hKhiUjgidwnN3x.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f9c5f880}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\RELAYD~1\RELAYD~1.DLL”,_uninstall /un”…

Continue reading

PUP.Optional.Bershnet

PUP.Optional.Bershnet also known as Trojan.Win32.DownLoader12.dowcfo, W32/Dlhelper.A.gen!Eldorado, PE:Malware.Agent!6.1CD7. Malware Analysis of PUP.Optional.Bershnet – 270315062329224.EXE Created files: %Temp%\2B33F78E-9917-4F9A-BFD5-CA44AF71EAD6.exe %Temp%\42345D30-A587-44A2-AF3F-A6B0ED692B5E.exe %Temp%\Downloader\270315062329224.exe %Temp%\mailruupdater_tmp.exe %Temp%\ZaxarSetup.4.001.33.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ZaxarLoader: “”%Program Files%\Zaxar\ZaxarLoader.exe” /verysilent” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Timestasks: “”C:\ProgramData\TimeTasks\TimeTasksSetup.exe” /adv= /S” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmartSearch\DisplayName: “SmartSearch” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmartSearch\UninstallString: “”%Appdata%\SmartSearch\SmartSearch.exe” /uninstall” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZaxarGameBrowser\DisplayName: “Zaxar Games Browser” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZaxarGameBrowser\UninstallString: “”%Program Files%\Zaxar\uninstall.exe”” Detected by UnHackMe: 270315062329224.EXE Default location: %TEMP%\DOWNLOADER\270315062329224.EXE Dropper hash(md5): e1428c75d6237982858544cafe1674a2 Share This:…

Continue reading

FraudTool.YAC

FraudTool.YAC also known as TR/Elex.2336080.8, Riskware/Elex, Artemis!BC024F533F63. Malware Analysis of FraudTool.YAC – ISAFEDOWNLOADER.EXE Created files: %Appdata%\eCyber\log\isafedownloader.log %Temp%\nsl2.tmp\BasicDlg.dll %Temp%\nsl2.tmp\System.dll %Temp%\~3\data %Temp%\~3\iSafeDownloader.exe Detected by UnHackMe: ISAFEDOWNLOADER.EXE Default location: %TEMP%\~3\ISAFEDOWNLOADER.EXE Dropper hash(md5): 5c3423fc24bc697b5fecbbb790d972d3 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

HEUR/QVM41.1.Malware.Gen

HEUR/QVM41.1.Malware.Gen also known as OptimizerPro, Adware ( 004a9c571 ), Artemis!46ACA093F842. Malware Analysis of HEUR/QVM41.1.Malware.Gen – OPPROSETUP.EXE Created files: %Temp%\BB0a5a991d7\temp\EzDownloader_setup.exe %Temp%\BB0a5a991d7\temp\hpds_setup.exe %Temp%\BB0a5a991d7\temp\OpProSetup.exe %Temp%\BB0a5a991d7\temp\putfu.exe %Temp%\BB0a5a991d7\temp\setupbc.exe Autostart registry keys: HKLM\Software\Classes\CLSID\{6960dfdc-e345-4b2d-967e-f15d16374e72}\InprocServer32\: “%Program Files%\YoutubeAdBlocke\Ni7A8JtTUau6US.dll” HKLM\Software\Classes\CLSID\{9861045a-10e8-4fea-9f2c-452d5ea98a47}\InprocServer32\: “%Program Files%\GoSave\mW9YTjlxUc3WVT.dll” HKLM\Software\Classes\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}\InprocServer32\: “%Program Files%\LiveSupport\LiveSupport_deskband_x32.dll” HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\DisplayName: “WebSearch” HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\DisplayName: “Local Group Policy” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\DisplayName: “LiveSupport” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\UninstallString: “”%Program Files%\LiveSupport\unins000.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\DisplayName: “Optimizer Pro v3.2” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\UninstallString:…

Continue reading

Win32.Trojan.Deshacop.Pdmf

Win32.Trojan.Deshacop.Pdmf also known as Trojan.Deshacop!, Uds.Dangerousobject.Multi!c, Trojan/Win32.ShadowDeleter.R174467. Malware Analysis of Win32.Trojan.Deshacop.Pdmf – JWABO.EXE Created files: %APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\SITESECURITYSERVICESTATE.TXT.MP3 %APPDATA%\MOZILLA\FIREFOX\PROFILES\RECOVERY+YQPYN.PNG %PROFILE%\DOCUMENTS\JWABO.EXE %PROFILE%\DOCUMENTS\RECOVER_FILE_TPRQEQCQF.TXT %SYSTEMDRIVE%\USERS\RECOVERY+YQPYN.HTML Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\12_23-DST: “%WINDIR%\YHWRMBSDARYV.EXE” Detected by UnHackMe: JWABO.EXE DEFAULT LOCATION: %PROFILE%\DOCUMENTS\JWABO.EXE Dropper hash(md5): d7f25ad7ffdca8585c1ff260ddf0f78e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Virus.Win32.Induc.A

Virus.Win32.Induc.A also known as W32.eHeur.Malware09, Win32.Induc.b.820224, Virus.Win32.Induc.a (v). Malware Analysis of Virus.Win32.Induc.A – IPODPCTRANSFER.EXE Created files: %PUBLIC%\DESKTOP\IPOD PC TRANSFER.LNK %Program Files%\iPod PC Transfer\const.idx %Program Files%\iPod PC Transfer\IpodPcTransfer.exe %Program Files%\iPod PC Transfer\ipodpthlp.chm %Program Files%\iPod PC Transfer\unins000.dat Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\DisplayName: “iPod PC Transfer 4.2” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\UninstallString: “”%Program Files%\iPod PC Transfer\unins000.exe”” Detected by UnHackMe:…

Continue reading

Trojan.Win32.Agent.5632.AQ[h]

Trojan.Win32.Agent.5632.AQ[h] also known as Trojan.ShadowDeleter, Trojan.ShadowDelete.A, TROJ_DESHACOP.SM. Malware Analysis of Trojan.Win32.Agent.5632.AQ[h] – JWABO.EXE Created files: %APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\SITESECURITYSERVICESTATE.TXT.MP3 %APPDATA%\MOZILLA\FIREFOX\PROFILES\RECOVERY+YQPYN.PNG %PROFILE%\DOCUMENTS\JWABO.EXE %PROFILE%\DOCUMENTS\RECOVER_FILE_TPRQEQCQF.TXT %SYSTEMDRIVE%\USERS\RECOVERY+YQPYN.HTML Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\12_23-DST: “%WINDIR%\YHWRMBSDARYV.EXE” Detected by UnHackMe: JWABO.EXE DEFAULT LOCATION: %PROFILE%\DOCUMENTS\JWABO.EXE Dropper hash(md5): d7f25ad7ffdca8585c1ff260ddf0f78e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Application.Win32.Agent.hkhpm

Application.Win32.Agent.hkhpm also known as PUP.Optional.Reimage. Malware Analysis of Application.Win32.Agent.hkhpm – REIMAGEREMINDER.EXE Created files: %Program Files%\Reimage\Reimage Repair\Reimage.exe %Program Files%\Reimage\Reimage Repair\Reimageicon.ico %Program Files%\Reimage\Reimage Repair\ReimageReminder.exe %Program Files%\Reimage\Reimage Repair\ReimageRepair.exe %Program Files%\Reimage\Reimage Repair\ReimageSafeMode.exe Autostart registry keys: HKLM\Software\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\InprocServer32\: “%Program Files%\Reimage\Reimage Repair\REI_Axcontrol.dll” HKLM\Software\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}\InprocServer32\: “%Program Files%\Reimage\Reimage Repair\REI_Axcontrol.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair\DisplayName: “Reimage Repair” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair\UninstallString: “%Program Files%\Reimage\Reimage Repair\uninst.exe” HKLM\System\CurrentControlSet\services\ReimageRealTimeProtector\ImagePath: “%Program Files%\Reimage\Reimage Protector\ReiGuard.exe” HKLM\System\CurrentControlSet\services\ReimageRealTimeProtector\DisplayName: “Reimage Real…

Continue reading

Win32.Induc

Win32.Induc also known as W32/Induc.A, W32.eHeur.Malware09, Win32.Induc.b.820224. Malware Analysis of Win32.Induc – IPODPCTRANSFER.EXE Created files: %PUBLIC%\DESKTOP\IPOD PC TRANSFER.LNK %Program Files%\iPod PC Transfer\const.idx %Program Files%\iPod PC Transfer\IpodPcTransfer.exe %Program Files%\iPod PC Transfer\ipodpthlp.chm %Program Files%\iPod PC Transfer\unins000.dat Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\DisplayName: “iPod PC Transfer 4.2” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\UninstallString: “”%Program Files%\iPod PC Transfer\unins000.exe”” Detected by UnHackMe: IPODPCTRANSFER.EXE…

Continue reading

Trojan ( 004de6f91 )

Trojan ( 004de6f91 ) also known as Generic_r.HJK, Trojan.ShadowDelete.A (B), Win32.Trojan.WisdomEyes.16070401.9500.9867. Malware Analysis of Trojan ( 004de6f91 ) – JWABO.EXE Created files: %APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\SITESECURITYSERVICESTATE.TXT.MP3 %APPDATA%\MOZILLA\FIREFOX\PROFILES\RECOVERY+YQPYN.PNG %PROFILE%\DOCUMENTS\JWABO.EXE %PROFILE%\DOCUMENTS\RECOVER_FILE_TPRQEQCQF.TXT %SYSTEMDRIVE%\USERS\RECOVERY+YQPYN.HTML Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\12_23-DST: “%WINDIR%\YHWRMBSDARYV.EXE” Detected by UnHackMe: JWABO.EXE DEFAULT LOCATION: %PROFILE%\DOCUMENTS\JWABO.EXE Dropper hash(md5): d7f25ad7ffdca8585c1ff260ddf0f78e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with…

Continue reading

Ransom.Tescrypt!8.3AF-NGka8Np2Ox (cloud)

Ransom.Tescrypt!8.3AF-NGka8Np2Ox (cloud) also known as Trojan.ShadowDelete.A, Trojan.Win32.Generic!BT, TROJ_DESHACOP.SM. Malware Analysis of Ransom.Tescrypt!8.3AF-NGka8Np2Ox (cloud) – JWABO.EXE Created files: %APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\SITESECURITYSERVICESTATE.TXT.MP3 %APPDATA%\MOZILLA\FIREFOX\PROFILES\RECOVERY+YQPYN.PNG %PROFILE%\DOCUMENTS\JWABO.EXE %PROFILE%\DOCUMENTS\RECOVER_FILE_TPRQEQCQF.TXT %SYSTEMDRIVE%\USERS\RECOVERY+YQPYN.HTML Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\12_23-DST: “%WINDIR%\YHWRMBSDARYV.EXE” Detected by UnHackMe: JWABO.EXE DEFAULT LOCATION: %PROFILE%\DOCUMENTS\JWABO.EXE Dropper hash(md5): d7f25ad7ffdca8585c1ff260ddf0f78e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

W32/Induc.A

W32/Induc.A also known as PE_INDUC.A, Virus/Win32.Induc.b, W32.eHeur.Malware09. Malware Analysis of W32/Induc.A – IPODPCTRANSFER.EXE Created files: %PUBLIC%\DESKTOP\IPOD PC TRANSFER.LNK %Program Files%\iPod PC Transfer\const.idx %Program Files%\iPod PC Transfer\IpodPcTransfer.exe %Program Files%\iPod PC Transfer\ipodpthlp.chm %Program Files%\iPod PC Transfer\unins000.dat Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\DisplayName: “iPod PC Transfer 4.2” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\UninstallString: “”%Program Files%\iPod PC Transfer\unins000.exe”” Detected by UnHackMe: IPODPCTRANSFER.EXE…

Continue reading

Trojan.Agent.BQLR

Trojan.Agent.BQLR also known as Packed.Win32.Tpyn, FileCryptor.HBF, Trojan.Win32.Generic!BT. Malware Analysis of Trojan.Agent.BQLR – YHWRMBSDARYV.EXE Created files: %SYSTEMDRIVE%\USERS\RECOVERY+YQPYN.PNG %SYSTEMDRIVE%\USERS\RECOVERY+YQPYN.TXT %WINDIR%\YHWRMBSDARYV.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\12_23-DST: “%WINDIR%\YHWRMBSDARYV.EXE” Detected by UnHackMe: YHWRMBSDARYV.EXE Default location: %WinDir%\YHWRMBSDARYV.EXE Dropper hash(md5): d7f25ad7ffdca8585c1ff260ddf0f78e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Malware.Generic!c7HuIl66yW@5 (thunder)

Malware.Generic!c7HuIl66yW@5 (thunder) also known as PUP/Win32.Systweak.R191022, Unwanted-Program ( 004ff2ab1 ). Malware Analysis of Malware.Generic!c7HuIl66yW@5 (thunder) – SECUREPCTUNEUP.EXE Created files: %Program Files%\SecurePCTuneup\russian_pcp_ru.ini %Program Files%\SecurePCTuneup\russian_uninst_ru.ini %Program Files%\SecurePCTuneup\SecurePCTuneup.exe %Program Files%\SecurePCTuneup\Spanish_pcp.ini %Program Files%\SecurePCTuneup\spanish_uninst.ini Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SecurePCTuneup_is1\DisplayName: “SecurePCTuneup” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SecurePCTuneup_is1\UninstallString: “”%Program Files%\SecurePCTuneup\unins000.exe” /silent” HKLM\SOFTWARE\CLASSES\CLSID\{CC5BBEC3-DB4A-4BED-828D-08D78EE3E1ED}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{F414C261-6AC0-11CF-B6D1-00AA00BBBB58}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{F414C262-6AC0-11CF-B6D1-00AA00BBBB58}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” Detected by UnHackMe: SECUREPCTUNEUP.EXE Default location: %PROGRAM FILES%\SECUREPCTUNEUP\SECUREPCTUNEUP.EXE Dropper…

Continue reading

Riskware.Win32.DomaIQ.dcqadb

Riskware.Win32.DomaIQ.dcqadb also known as Trojan.Win32.Generic!BT, Trojan.Win32.Generic!BT, BehavesLike.Win32.Dropper.lm. Malware Analysis of Riskware.Win32.DomaIQ.dcqadb – TVSLIABUMVEEFMZ.EXE Created files: %TEMP%\A4A9BFE2-47AC-4ACE-99E5-F0AA9A22AF740\PARENT.TXT %TEMP%\PARENT.TXT %TEMP%\TVSLIABUMVEEFMZ.EXE %TEMP%\TVSLIABUMVEEFMZ.EXE.CONFIG Detected by UnHackMe: TVSLIABUMVEEFMZ.EXE DEFAULT LOCATION: %TEMP%\TVSLIABUMVEEFMZ.EXE Dropper hash(md5): f1d796a69e61e5d5c98f3526eb03f693 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

a variant of Win32/SuperTuneup.B potentially unwanted

a variant of Win32/SuperTuneup.B potentially unwanted also known as Malware.Generic!c7HuIl66yW@5 (thunder), PUA/Systweak.Gen4. Malware Analysis of a variant of Win32/SuperTuneup.B potentially unwanted – SECUREPCTUNEUP.EXE Created files: %Program Files%\SecurePCTuneup\russian_pcp_ru.ini %Program Files%\SecurePCTuneup\russian_uninst_ru.ini %Program Files%\SecurePCTuneup\SecurePCTuneup.exe %Program Files%\SecurePCTuneup\Spanish_pcp.ini %Program Files%\SecurePCTuneup\spanish_uninst.ini Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SecurePCTuneup_is1\DisplayName: “SecurePCTuneup” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SecurePCTuneup_is1\UninstallString: “”%Program Files%\SecurePCTuneup\unins000.exe” /silent” HKLM\SOFTWARE\CLASSES\CLSID\{CC5BBEC3-DB4A-4BED-828D-08D78EE3E1ED}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{F414C261-6AC0-11CF-B6D1-00AA00BBBB58}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{F414C262-6AC0-11CF-B6D1-00AA00BBBB58}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” Detected by UnHackMe:…

Continue reading

Win32.Induc.A

Win32.Induc.A also known as Virus.Win32.Induc, Virus/Win32.Induc.b, W32/Induc.A. Malware Analysis of Win32.Induc.A – IPODPCTRANSFER.EXE Created files: %PUBLIC%\DESKTOP\IPOD PC TRANSFER.LNK %Program Files%\iPod PC Transfer\const.idx %Program Files%\iPod PC Transfer\IpodPcTransfer.exe %Program Files%\iPod PC Transfer\ipodpthlp.chm %Program Files%\iPod PC Transfer\unins000.dat Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\DisplayName: “iPod PC Transfer 4.2” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\UninstallString: “”%Program Files%\iPod PC Transfer\unins000.exe”” Detected by UnHackMe: IPODPCTRANSFER.EXE…

Continue reading

Win32/Induc

Win32/Induc also known as BehavesLike.Win32.Dropper.th, Virus ( f10009011 ), W32/Induc.A. Malware Analysis of Win32/Induc – IPODPCTRANSFER.EXE Created files: %PUBLIC%\DESKTOP\IPOD PC TRANSFER.LNK %Program Files%\iPod PC Transfer\const.idx %Program Files%\iPod PC Transfer\IpodPcTransfer.exe %Program Files%\iPod PC Transfer\ipodpthlp.chm %Program Files%\iPod PC Transfer\unins000.dat Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\DisplayName: “iPod PC Transfer 4.2” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\UninstallString: “”%Program Files%\iPod PC Transfer\unins000.exe”” Detected…

Continue reading

Trojan.Win32.Deshacop

Trojan.Win32.Deshacop also known as TROJ_DESHACOP.SM, Trojan.Win32.Generic!BT, Ransom:Win32/Tescrypt.J. Malware Analysis of Trojan.Win32.Deshacop – JWABO.EXE Created files: %APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\SITESECURITYSERVICESTATE.TXT.MP3 %APPDATA%\MOZILLA\FIREFOX\PROFILES\RECOVERY+YQPYN.PNG %PROFILE%\DOCUMENTS\JWABO.EXE %PROFILE%\DOCUMENTS\RECOVER_FILE_TPRQEQCQF.TXT %SYSTEMDRIVE%\USERS\RECOVERY+YQPYN.HTML Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\12_23-DST: “%WINDIR%\YHWRMBSDARYV.EXE” Detected by UnHackMe: JWABO.EXE DEFAULT LOCATION: %PROFILE%\DOCUMENTS\JWABO.EXE Dropper hash(md5): d7f25ad7ffdca8585c1ff260ddf0f78e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

BehavesLike.Win32.Skintrim.jc

BehavesLike.Win32.Skintrim.jc also known as Win32.Trojan.Filecoder.Wuqs, Win32.Trojan.Filecoder.k. Malware Analysis of BehavesLike.Win32.Skintrim.jc – YHWRMBSDARYV.EXE Created files: %SYSTEMDRIVE%\USERS\RECOVERY+YQPYN.PNG %SYSTEMDRIVE%\USERS\RECOVERY+YQPYN.TXT %WINDIR%\YHWRMBSDARYV.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\12_23-DST: “%WINDIR%\YHWRMBSDARYV.EXE” Detected by UnHackMe: YHWRMBSDARYV.EXE Default location: %WinDir%\YHWRMBSDARYV.EXE Dropper hash(md5): d7f25ad7ffdca8585c1ff260ddf0f78e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

BehavesLike.Win32.Dropper.lm

BehavesLike.Win32.Dropper.lm also known as TROJ_GEN.R0CBC0EAE14, Trojan/Win32.Blocker, PUA.MSIL.DomaIQ. Malware Analysis of BehavesLike.Win32.Dropper.lm – TVSLIABUMVEEFMZ.EXE Created files: %TEMP%\A4A9BFE2-47AC-4ACE-99E5-F0AA9A22AF740\PARENT.TXT %TEMP%\PARENT.TXT %TEMP%\TVSLIABUMVEEFMZ.EXE %TEMP%\TVSLIABUMVEEFMZ.EXE.CONFIG Detected by UnHackMe: TVSLIABUMVEEFMZ.EXE DEFAULT LOCATION: %TEMP%\TVSLIABUMVEEFMZ.EXE Dropper hash(md5): f1d796a69e61e5d5c98f3526eb03f693 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

Trojan.Filecoder.Win32.1977

Trojan.Filecoder.Win32.1977 also known as Trojan.Filecoder!ruAhSjQ0894, W32/TeslaCrypt.YXHI-2418, Ransom.TeslaCrypt. Malware Analysis of Trojan.Filecoder.Win32.1977 – YHWRMBSDARYV.EXE Created files: %SYSTEMDRIVE%\USERS\RECOVERY+YQPYN.PNG %SYSTEMDRIVE%\USERS\RECOVERY+YQPYN.TXT %WINDIR%\YHWRMBSDARYV.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\12_23-DST: “%WINDIR%\YHWRMBSDARYV.EXE” Detected by UnHackMe: YHWRMBSDARYV.EXE Default location: %WinDir%\YHWRMBSDARYV.EXE Dropper hash(md5): d7f25ad7ffdca8585c1ff260ddf0f78e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Scan Failed…

Scan Failed… also known as Trojan.MSIL.Vittalia.D, PUP.Optional.BrowserProtect.A. Malware Analysis of Scan Failed… – SRVBROWSERPROTECT.EXE Created files: %Program Files%\BrowserProtect\proxy\zlibwapi.dll %Program Files%\BrowserProtect\search-with-eazelbar.xml %Program Files%\BrowserProtect\srvBrowserProtect.exe %Program Files%\BrowserProtect\translations.xml %Program Files%\BrowserProtect\uninstall.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowserProtect\DisplayName: “BrowserProtect” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowserProtect\UninstallString: “%Program Files%\BrowserProtect\uninstall.exe” HKLM\System\CurrentControlSet\services\srvBrowserProtect\ImagePath: “%Program Files%\BrowserProtect\srvBrowserProtect.exe” HKLM\System\CurrentControlSet\services\srvBrowserProtect\DisplayName: “Browser Protect” HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4158BD8D-2CDA-4BFC-8B7D-B6BFD1345CED}\DisplayName: “EazelBar Search” Detected by UnHackMe: SRVBROWSERPROTECT.EXE Default location: %PROGRAM FILES%\BROWSERPROTECT\SRVBROWSERPROTECT.EXE Dropper hash(md5): dde5f3a113ed70631a59a2fbc8a4cd05…

Continue reading

Trojan.MSIL.Vittalia.D

Trojan.MSIL.Vittalia.D also known as Trojan.MSIL.Agent!O, Scan Failed… . Malware Analysis of Trojan.MSIL.Vittalia.D – SRVBROWSERPROTECT.EXE Created files: %Program Files%\BrowserProtect\proxy\zlibwapi.dll %Program Files%\BrowserProtect\search-with-eazelbar.xml %Program Files%\BrowserProtect\srvBrowserProtect.exe %Program Files%\BrowserProtect\translations.xml %Program Files%\BrowserProtect\uninstall.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowserProtect\DisplayName: “BrowserProtect” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowserProtect\UninstallString: “%Program Files%\BrowserProtect\uninstall.exe” HKLM\System\CurrentControlSet\services\srvBrowserProtect\ImagePath: “%Program Files%\BrowserProtect\srvBrowserProtect.exe” HKLM\System\CurrentControlSet\services\srvBrowserProtect\DisplayName: “Browser Protect” HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4158BD8D-2CDA-4BFC-8B7D-B6BFD1345CED}\DisplayName: “EazelBar Search” Detected by UnHackMe: SRVBROWSERPROTECT.EXE Default location: %PROGRAM FILES%\BROWSERPROTECT\SRVBROWSERPROTECT.EXE Dropper hash(md5): dde5f3a113ed70631a59a2fbc8a4cd05…

Continue reading

Artemis!27B5E4D4FE80

Artemis!27B5E4D4FE80 also known as GrayWare[AdWare:not-a-virus,HEUR]/MSIL.DomaIQ, PUA.MSIL.DomaIQ, Win32.Troj.Undef.(kcloud). Malware Analysis of Artemis!27B5E4D4FE80 – TVSLIABUMVEEFMZ.EXE Created files: %TEMP%\A4A9BFE2-47AC-4ACE-99E5-F0AA9A22AF740\PARENT.TXT %TEMP%\PARENT.TXT %TEMP%\TVSLIABUMVEEFMZ.EXE %TEMP%\TVSLIABUMVEEFMZ.EXE.CONFIG Detected by UnHackMe: TVSLIABUMVEEFMZ.EXE DEFAULT LOCATION: %TEMP%\TVSLIABUMVEEFMZ.EXE Dropper hash(md5): f1d796a69e61e5d5c98f3526eb03f693 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

Trojan.Generic-5K7s8wdcVbF (cloud)

Trojan.Generic-5K7s8wdcVbF (cloud) also known as TrojWare.Win32.Kryptik.FRV, trojan.win32.dorv.b!rfn, PWS-Zbot. Malware Analysis of Trojan.Generic-5K7s8wdcVbF (cloud) – FUOWKA.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS MAIL\TMP.EDB %TEMP%\PPCRLUI_2460_2 %APPDATA%\IDAS\FUOWKA.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FUOWKA: “%APPDATA%\IDAS\FUOWKA.EXE” Detected by UnHackMe: FUOWKA.EXE DEFAULT LOCATION: %APPDATA%\IDAS\FUOWKA.EXE Dropper hash(md5): e7ace17990a53c799ef9365c621686d4 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Virus.Win32.Induc

Virus.Win32.Induc also known as Virus.Induc!1.9B53 (classic), Virus.Win32.Induct.1!O, Virus.Win32.Induc.c. Malware Analysis of Virus.Win32.Induc – IPODPCTRANSFER.EXE Created files: %PUBLIC%\DESKTOP\IPOD PC TRANSFER.LNK %Program Files%\iPod PC Transfer\const.idx %Program Files%\iPod PC Transfer\IpodPcTransfer.exe %Program Files%\iPod PC Transfer\ipodpthlp.chm %Program Files%\iPod PC Transfer\unins000.dat Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\DisplayName: “iPod PC Transfer 4.2” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\UninstallString: “”%Program Files%\iPod PC Transfer\unins000.exe”” Detected by UnHackMe:…

Continue reading

Win.Trojan.Agent-1380832

Win.Trojan.Agent-1380832 also known as Trojan.Agent.BQLR, HEUR/QVM07.1.Malware.Gen, Trojan.Win32.Encoder.eaieyo. Malware Analysis of Win.Trojan.Agent-1380832 – YHWRMBSDARYV.EXE Created files: %SYSTEMDRIVE%\USERS\RECOVERY+YQPYN.PNG %SYSTEMDRIVE%\USERS\RECOVERY+YQPYN.TXT %WINDIR%\YHWRMBSDARYV.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\12_23-DST: “%WINDIR%\YHWRMBSDARYV.EXE” Detected by UnHackMe: YHWRMBSDARYV.EXE Default location: %WinDir%\YHWRMBSDARYV.EXE Dropper hash(md5): d7f25ad7ffdca8585c1ff260ddf0f78e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Virus ( f10009011 )

Virus ( f10009011 ) also known as Win32.Induc.A, W32/Induc.A. Malware Analysis of Virus ( f10009011 ) – IPODPCTRANSFER.EXE Created files: %PUBLIC%\DESKTOP\IPOD PC TRANSFER.LNK %Program Files%\iPod PC Transfer\const.idx %Program Files%\iPod PC Transfer\IpodPcTransfer.exe %Program Files%\iPod PC Transfer\ipodpthlp.chm %Program Files%\iPod PC Transfer\unins000.dat Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\DisplayName: “iPod PC Transfer 4.2” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\UninstallString: “”%Program Files%\iPod PC…

Continue reading

Virus.Induc!1.9B53 (classic)

Virus.Induc!1.9B53 (classic) also known as Win.Virus.Induc-2, W32.Induc.A, Win32/Induc.a. Malware Analysis of Virus.Induc!1.9B53 (classic) – IPODPCTRANSFER.EXE Created files: %PUBLIC%\DESKTOP\IPOD PC TRANSFER.LNK %Program Files%\iPod PC Transfer\const.idx %Program Files%\iPod PC Transfer\IpodPcTransfer.exe %Program Files%\iPod PC Transfer\ipodpthlp.chm %Program Files%\iPod PC Transfer\unins000.dat Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\DisplayName: “iPod PC Transfer 4.2” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\UninstallString: “”%Program Files%\iPod PC Transfer\unins000.exe”” Detected by…

Continue reading

Generic.46B

Generic.46B also known as PUP/Win32.Systweak.R191022, PUA/Systweak.Gen4, Unwanted-Program ( 004ff2ab1 ). Malware Analysis of Generic.46B – SECUREPCTUNEUP.EXE Created files: %Program Files%\SecurePCTuneup\russian_pcp_ru.ini %Program Files%\SecurePCTuneup\russian_uninst_ru.ini %Program Files%\SecurePCTuneup\SecurePCTuneup.exe %Program Files%\SecurePCTuneup\Spanish_pcp.ini %Program Files%\SecurePCTuneup\spanish_uninst.ini Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SecurePCTuneup_is1\DisplayName: “SecurePCTuneup” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SecurePCTuneup_is1\UninstallString: “”%Program Files%\SecurePCTuneup\unins000.exe” /silent” HKLM\SOFTWARE\CLASSES\CLSID\{CC5BBEC3-DB4A-4BED-828D-08D78EE3E1ED}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{F414C261-6AC0-11CF-B6D1-00AA00BBBB58}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{F414C262-6AC0-11CF-B6D1-00AA00BBBB58}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” Detected by UnHackMe: SECUREPCTUNEUP.EXE Default location: %PROGRAM FILES%\SECUREPCTUNEUP\SECUREPCTUNEUP.EXE Dropper hash(md5):…

Continue reading

W32/Induc

W32/Induc also known as Win32/Induc, Virus:Win32/Induc.A, Virus.Win32.Induc. Malware Analysis of W32/Induc – IPODPCTRANSFER.EXE Created files: %PUBLIC%\DESKTOP\IPOD PC TRANSFER.LNK %Program Files%\iPod PC Transfer\const.idx %Program Files%\iPod PC Transfer\IpodPcTransfer.exe %Program Files%\iPod PC Transfer\ipodpthlp.chm %Program Files%\iPod PC Transfer\unins000.dat Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\DisplayName: “iPod PC Transfer 4.2” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iPod PC Transfer_is1\UninstallString: “”%Program Files%\iPod PC Transfer\unins000.exe”” Detected by UnHackMe: IPODPCTRANSFER.EXE…

Continue reading

Trojan.Win32.Katusha.cqkwwd

Trojan.Win32.Katusha.cqkwwd also known as Packed.Win32.Katusha.aa, TROJ_KRYPTK.SMN5, Trojan.VIZ.Gen.1. Malware Analysis of Trojan.Win32.Katusha.cqkwwd – FUOWKA.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS MAIL\TMP.EDB %TEMP%\PPCRLUI_2460_2 %APPDATA%\IDAS\FUOWKA.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FUOWKA: “%APPDATA%\IDAS\FUOWKA.EXE” Detected by UnHackMe: FUOWKA.EXE DEFAULT LOCATION: %APPDATA%\IDAS\FUOWKA.EXE Dropper hash(md5): e7ace17990a53c799ef9365c621686d4 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Trojan/Win32.Deshacop

Trojan/Win32.Deshacop also known as TrojWare.Win32.Deshacop.AA, Trojan/Win32.ShadowDeleter.R174467, Ransom.Tescrypt!8.3AF-NGka8Np2Ox (cloud). Malware Analysis of Trojan/Win32.Deshacop – JWABO.EXE Created files: %APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\SITESECURITYSERVICESTATE.TXT.MP3 %APPDATA%\MOZILLA\FIREFOX\PROFILES\RECOVERY+YQPYN.PNG %PROFILE%\DOCUMENTS\JWABO.EXE %PROFILE%\DOCUMENTS\RECOVER_FILE_TPRQEQCQF.TXT %SYSTEMDRIVE%\USERS\RECOVERY+YQPYN.HTML Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\12_23-DST: “%WINDIR%\YHWRMBSDARYV.EXE” Detected by UnHackMe: JWABO.EXE DEFAULT LOCATION: %PROFILE%\DOCUMENTS\JWABO.EXE Dropper hash(md5): d7f25ad7ffdca8585c1ff260ddf0f78e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera