Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
W32/Adware.LPZX-0671 also known as Adware ( 004ba7c21 ), Generic.8ED.
Malware Analysis of W32/Adware.LPZX-0671 – CHROMIUM-INSTALLER-SHARP_DOTNET4.EXE
Created files:
%SYSTEMDRIVE%\ADWCLEANER\ADWCLEANER[S0].TXT
%LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012017032220170323\CONTAINER.DAT
%TEMP%\F9626892-7A78-3199-ABD2-97BBCE96297B\CHROMIUM-INSTALLER-SHARP_DOTNET4.EXE
%TEMP%\TMP75C9.TMP
%TEMP%\TMPF108.TMP
Autostart registry keys:
HKLM\SOFTWARE\CLASSES\IQAHTM.5H2QR4GU3NYWVL3TJ6VO2JWGTI\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\IQA\APPLICATION\CHROME.EXE” — “%1″”
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IQA.5H2QR4GU3NYWVL3TJ6VO2JWGTI\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\IQA\APPLICATION\CHROME.EXE””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI\DisplayName: “Adobe Flash Player 19 PPAPI”
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE FLASH PLAYER PPAPI\UNINSTALLSTRING: “%SYSDIR%\MACROMED\FLASH\FLASHUTIL32_19_0_0_226_PEPPER.EXE -MAINTAIN PEPPERPLUGIN”
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ADOBEFLASHPLAYERUPDATESVC\IMAGEPATH: “%SYSDIR%\MACROMED\FLASH\FLASHPLAYERUPDATESERVICE.EXE”
HKLM\System\CurrentControlSet\services\AdobeFlashPlayerUpdateSvc\DisplayName: “Adobe Flash Player Update Service”
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DESKBAR: “%LOCAL APPDATA%\IQA\APPLICATION\UNINSTALL\DESKBAR.EXE -SEARCH_DOMAIN=SEARCH.IQASEARCH.COM”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InternetQuickAccess\DisplayName: “IQA”
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNETQUICKACCESS\UNINSTALLSTRING: “%LOCAL APPDATA%\IQA\APPLICATION\UNINSTALL\UNINSTALL.EXE -UNINSTALL”
HKCU\SOFTWARE\INTERNETQUICKACCESS\UNINSTALLSTRING: “%LOCAL APPDATA%\IQA\APPLICATION\48.0.2554.0\INSTALLER\SETUP.EXE”
Detected by UnHackMe:
CHROMIUM-INSTALLER-SHARP_DOTNET4.EXE
DEFAULT LOCATION: %TEMP%\F9626892-7A78-3199-ABD2-97BBCE96297B\CHROMIUM-INSTALLER-SHARP_DOTNET4.EXE
Dropper hash(md5): 7a861a3426a18709e363abdd97e0d4c8
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.