Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
Malware Analysis of Backdoor.Ramnit.Win32.1598 – XUL.DLL
Created files:
%SYSTEMDRIVE%\PROGRAMDATA\BLUESTACKSGAMEMANAGER\XULRUNNER-SDK\SOFTOKN3.DLL
%SYSTEMDRIVE%\PROGRAMDATA\BLUESTACKSGAMEMANAGER\XULRUNNER-SDK\UPDATER.EXE
%SYSTEMDRIVE%\PROGRAMDATA\BLUESTACKSGAMEMANAGER\XULRUNNER-SDK\XUL.DLL
%SYSTEMDRIVE%\PROGRAMDATA\BLUESTACKSGAMEMANAGER\XULRUNNER-SDK\XULRUNNER-STUB.EXE
%SYSTEMDRIVE%\PROGRAMDATA\BLUESTACKSGAMEMANAGER\XULRUNNER-SDK\XULRUNNER.EXE
Autostart registry keys:
HKLM\Software\Classes\CLSID\{04F03400-3463-4673-B8F7-EB271BC08E3C}\LocalServer32\: “”%Program Files%\BlueStacks\BstkSVC.exe””
HKLM\Software\Classes\CLSID\{3723D2E7-B1A0-472C-8B2D-740B05BD7332}\InprocServer32\: “%Program Files%\BlueStacks\BstkC.dll”
HKLM\Software\Classes\CLSID\{44CE68DE-0174-4C70-90F4-0F90E8A18AA1}\InprocServer32\: “%Program Files%\BlueStacks\BstkC.dll”
HKLM\Software\Classes\bluestacks\shell\open\command\: “%Program Files%\BlueStacks\HD-RunApp.exe %1”
HKLM\Software\Classes\BlueStacks.Apk\shell\open\command\: “%Program Files%\BlueStacks\HD-ApkHandler.exe -apk “%1″”
HKLM\Software\Classes\BlueStacks.bluestacks\shell\open\command\: “%Program Files%\BlueStacks\HD-RunApp.exe “%1″”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\663556AA323DD404AAB9DA65C2EAD10D\InstallProperties\UninstallString: “MsiExec.exe /X{AA655366-D323-404D-AA9B-AD562CAE1DD0}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\663556AA323DD404AAB9DA65C2EAD10D\InstallProperties\DisplayName: “BlueStacks App Player”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AA655366-D323-404D-AA9B-AD562CAE1DD0}\UninstallString: “MsiExec.exe /X{AA655366-D323-404D-AA9B-AD562CAE1DD0}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AA655366-D323-404D-AA9B-AD562CAE1DD0}\DisplayName: “BlueStacks App Player”
HKLM\System\CurrentControlSet\services\BstHdAndroidSvc\ImagePath: “”%Program Files%\BlueStacks\HD-Service.exe” BstHdAndroidSvc Android”
HKLM\System\CurrentControlSet\services\BstHdAndroidSvc\DisplayName: “BlueStacks Android Service”
HKLM\System\CurrentControlSet\services\BstHdDrv\ImagePath: “\??\%Program Files%\BlueStacks\HD-Hypervisor-x86.sys”
HKLM\System\CurrentControlSet\services\BstHdDrv\DisplayName: “BlueStacks Hypervisor”
HKLM\System\CurrentControlSet\services\BstHdLogRotatorSvc\ImagePath: “%Program Files%\BlueStacks\HD-LogRotatorService.exe”
HKLM\System\CurrentControlSet\services\BstHdLogRotatorSvc\DisplayName: “BlueStacks Log Rotator Service”
HKLM\System\CurrentControlSet\services\BstHdPlusAndroidSvc\ImagePath: “”%Program Files%\BlueStacks\HD-Plus-Service.exe” BstHdPlusAndroidSvc Android”
HKLM\System\CurrentControlSet\services\BstHdPlusAndroidSvc\DisplayName: “BlueStacks Plus Android Service”
HKLM\System\CurrentControlSet\services\BstHdUpdaterSvc\ImagePath: “%Program Files%\BlueStacks\HD-UpdaterService.exe”
HKLM\System\CurrentControlSet\services\BstHdUpdaterSvc\DisplayName: “BlueStacks Updater Service”
HKLM\System\CurrentControlSet\services\BstkDrv\ImagePath: “\??\%Program Files%\BlueStacks\BstkDrv.sys”
HKLM\System\CurrentControlSet\services\BstkDrv\DisplayName: “BlueStacks Plus Hypervisor”
Detected by UnHackMe:
XUL.DLL
DEFAULT LOCATION: %COMMON APPDATA%\BLUESTACKSGAMEMANAGER\XULRUNNER-SDK\XUL.DLL
Dropper hash(md5): d13fca22a47acc3c0a7cb6889bd606e4
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.