W32/Adware.LPZX-0671

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

W32/Adware.LPZX-0671 also known as Adware ( 004ba7c21 ), Generic.8ED.

Malware Analysis of W32/Adware.LPZX-0671 – CHROMIUM-INSTALLER-SHARP_DOTNET4.EXE

Created files:

%SYSTEMDRIVE%\ADWCLEANER\ADWCLEANER[S0].TXT
%LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012017032220170323\CONTAINER.DAT
%TEMP%\F9626892-7A78-3199-ABD2-97BBCE96297B\CHROMIUM-INSTALLER-SHARP_DOTNET4.EXE
%TEMP%\TMP75C9.TMP
%TEMP%\TMPF108.TMP

Autostart registry keys:

HKLM\SOFTWARE\CLASSES\IQAHTM.5H2QR4GU3NYWVL3TJ6VO2JWGTI\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\IQA\APPLICATION\CHROME.EXE” — “%1″”
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IQA.5H2QR4GU3NYWVL3TJ6VO2JWGTI\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\IQA\APPLICATION\CHROME.EXE””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI\DisplayName: “Adobe Flash Player 19 PPAPI”
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE FLASH PLAYER PPAPI\UNINSTALLSTRING: “%SYSDIR%\MACROMED\FLASH\FLASHUTIL32_19_0_0_226_PEPPER.EXE -MAINTAIN PEPPERPLUGIN”
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ADOBEFLASHPLAYERUPDATESVC\IMAGEPATH: “%SYSDIR%\MACROMED\FLASH\FLASHPLAYERUPDATESERVICE.EXE”
HKLM\System\CurrentControlSet\services\AdobeFlashPlayerUpdateSvc\DisplayName: “Adobe Flash Player Update Service”
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DESKBAR: “%LOCAL APPDATA%\IQA\APPLICATION\UNINSTALL\DESKBAR.EXE -SEARCH_DOMAIN=SEARCH.IQASEARCH.COM”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InternetQuickAccess\DisplayName: “IQA”
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTERNETQUICKACCESS\UNINSTALLSTRING: “%LOCAL APPDATA%\IQA\APPLICATION\UNINSTALL\UNINSTALL.EXE -UNINSTALL”
HKCU\SOFTWARE\INTERNETQUICKACCESS\UNINSTALLSTRING: “%LOCAL APPDATA%\IQA\APPLICATION\48.0.2554.0\INSTALLER\SETUP.EXE”

Detected by UnHackMe:

CHROMIUM-INSTALLER-SHARP_DOTNET4.EXE
DEFAULT LOCATION: %TEMP%\F9626892-7A78-3199-ABD2-97BBCE96297B\CHROMIUM-INSTALLER-SHARP_DOTNET4.EXE

Dropper hash(md5): 7a861a3426a18709e363abdd97e0d4c8

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

4
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera