Adware.MultiPlug.JA also known as Riskware/MultiPlug, Generic6.ADUU, Application.Win32.MultiPlug.VD. MALWARE ANALYSIS OF ADWARE.MULTIPLUG.JA – 064F610F472020D6BF007948AECF2F23.EXE Created files: %STARTUP%\064F610F472020D6BF007948AECF2F23.LNK %COMMON APPDATA%\{F2EB96AC-6697-F1A0-F2EB-B96AC6695AB1}\064F610F472020D6BF007948AECF2F23.DAT %COMMON APPDATA%\{F2EB96AC-6697-F1A0-F2EB-B96AC6695AB1}\064F610F472020D6BF007948AECF2F23.EXE %TEMP%\WER4ED.TMP.APPCOMPAT.TXT %TEMP%\WER56B.TMP.MDMP Detected by UnHackMe: 064F610F472020D6BF007948AECF2F23.EXE DEFAULT LOCATION: %COMMON APPDATA%\{F2EB96AC-6697-F1A0-F2EB-B96AC6695AB1}\064F610F472020D6BF007948AECF2F23.EXE Dropper hash(md5): 064f610f472020d6bf007948aecf2f23 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Adware.MultiPlug.JA (B) also known as suspected of Heur.Malware-Cryptor.Multiplug, Adware.MultiPlug.JA, Application.Win32.MultiPlug.VD. MALWARE ANALYSIS OF ADWARE.MULTIPLUG.JA (B) – 064F610F472020D6BF007948AECF2F23.EXE Created files: %STARTUP%\064F610F472020D6BF007948AECF2F23.LNK %COMMON APPDATA%\{F2EB96AC-6697-F1A0-F2EB-B96AC6695AB1}\064F610F472020D6BF007948AECF2F23.DAT %COMMON APPDATA%\{F2EB96AC-6697-F1A0-F2EB-B96AC6695AB1}\064F610F472020D6BF007948AECF2F23.EXE %TEMP%\WER4ED.TMP.APPCOMPAT.TXT %TEMP%\WER56B.TMP.MDMP Detected by UnHackMe: 064F610F472020D6BF007948AECF2F23.EXE DEFAULT LOCATION: %COMMON APPDATA%\{F2EB96AC-6697-F1A0-F2EB-B96AC6695AB1}\064F610F472020D6BF007948AECF2F23.EXE Dropper hash(md5): 064f610f472020d6bf007948aecf2f23 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

W32.HfsAdware.C106 also known as AdWare/MultiPlug.ednb, W32/S-1f722880!Eldorado, Unwanted-Program ( 0040f9be1 ). MALWARE ANALYSIS OF W32.HFSADWARE.C106 – 04B89D8FC0E7EDB4D999E5597D9986B3.EXE Created files: %TEMP%\2980\IMAGES\LOADER.GIF %TEMP%\2980\IMAGES\PROGRESSBAR.GIF %TEMP%\2980\TEMP\1.INI.TMP %TEMP%\2980\TEMP\BG.CA %TEMP%\2980\TEMP\04B89D8FC0E7EDB4D999E5597D9986B3.EXE Detected by UnHackMe: 04B89D8FC0E7EDB4D999E5597D9986B3.EXE DEFAULT LOCATION: %TEMP%\2980\TEMP\04B89D8FC0E7EDB4D999E5597D9986B3.EXE Dropper hash(md5): 04b89d8fc0e7edb4d999e5597d9986b3 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

AdWare/MultiPlug.ednb also known as not-a-virus:AdWare.Win32.MultiPlug.bwof, Trojan.Crossrider1.22268, PUA/Multiplug.aoa. MALWARE ANALYSIS OF ADWARE/MULTIPLUG.EDNB – 04B89D8FC0E7EDB4D999E5597D9986B3.EXE Created files: %TEMP%\2980\IMAGES\LOADER.GIF %TEMP%\2980\IMAGES\PROGRESSBAR.GIF %TEMP%\2980\TEMP\1.INI.TMP %TEMP%\2980\TEMP\BG.CA %TEMP%\2980\TEMP\04B89D8FC0E7EDB4D999E5597D9986B3.EXE Detected by UnHackMe: 04B89D8FC0E7EDB4D999E5597D9986B3.EXE DEFAULT LOCATION: %TEMP%\2980\TEMP\04B89D8FC0E7EDB4D999E5597D9986B3.EXE Dropper hash(md5): 04b89d8fc0e7edb4d999e5597d9986b3 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

W32.HfsAdware.5E15 also known as not-a-virus:AdWare.Win32.MultiPlug.bwof, suspected of Heur.Malware-Cryptor.Multiplug, a variant of Win32/Adware.MultiPlug.ES. MALWARE ANALYSIS OF W32.HFSADWARE.5E15 – 009A2F0499DB42A22AA194CBD6076C7B.EXE Created files: %TEMP%\F2E8F\IMAGES\LOADER.GIF %TEMP%\F2E8F\IMAGES\PROGRESSBAR.GIF %TEMP%\F2E8F\TEMP\BG.CA %TEMP%\F2E8F\TEMP\009A2F0499DB42A22AA194CBD6076C7B.EXE Detected by UnHackMe: 009A2F0499DB42A22AA194CBD6076C7B.EXE DEFAULT LOCATION: %TEMP%\F2E8F\TEMP\009A2F0499DB42A22AA194CBD6076C7B.EXE Dropper hash(md5): 009a2f0499db42a22aa194cbd6076c7b UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

ADWARE/NetFilter.hinwj also known as Tool.NetFilter.Win32.8114, AdWare.NetFilter, Riskware ( 0040eff71 ). Malware Analysis of ADWARE/NetFilter.hinwj – 77C393E26258A0A7F0BF3FADE908F92F.SYS Created files: %APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\WEBAPPSSTORE.SQLITE-SHM %APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\WEBAPPSSTORE.SQLITE-WAL %SYSDIR%\DRIVERS\77C393E26258A0A7F0BF3FADE908F92F.SYS %SYSDIR%\SSL\CERT.DB %SYSDIR%\SSL\D74E62A41E998FD2.CER Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\7268bb3b6510402b655e42bf789abbb6\DisplayName: “Social2Search” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\7268BB3B6510402B655E42BF789ABBB6\UNINSTALLSTRING: “%WINDIR%\20451995DFA37CBEF8C6500A099C09FA.EXE” HKLM\System\CurrentControlSet\services\7268bb3b6510402b655e42bf789abbb6\ImagePath: “”%Program Files%\7268bb3b6510402b655e42bf789abbb6\87cf1028ea29c6e0d1f4286541ae4c54.exe”” HKLM\System\CurrentControlSet\services\7268bb3b6510402b655e42bf789abbb6\DisplayName: “7268bb3b6510402b655e42bf789abbb6” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\77C393E26258A0A7F0BF3FADE908F92F\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\77C393E26258A0A7F0BF3FADE908F92F.SYS” HKLM\System\CurrentControlSet\services\77c393e26258a0a7f0bf3fade908f92f\DisplayName: “77c393e26258a0a7f0bf3fade908f92f” Detected by UnHackMe: 77C393E26258A0A7F0BF3FADE908F92F.SYS Default location: %SYSDIR%\DRIVERS\77C393E26258A0A7F0BF3FADE908F92F.SYS Dropper hash(md5): 3ecaf674d30ff9ff3e6a39ce6d2303e6 UnHackMe removes malware invisible for your…

Continue reading →

Adware.Win32.DomaIQ.Auhk also known as Obfuscated.gen!r, Win32/Virus.Adware.253. Malware Analysis of Adware.Win32.DomaIQ.Auhk – COWNWELHZKLNQYV.EXE Created files: %TEMP%\BFC113B8-1B8A-4578-9E58-D8BDE37B87E30\CONFIG.DMC %TEMP%\BFC113B8-1B8A-4578-9E58-D8BDE37B87E30\PARENT.TXT %TEMP%\COWNWELHZKLNQYV.EXE %TEMP%\COWNWELHZKLNQYV.EXE.CONFIG %TEMP%\PARENT.TXT Detected by UnHackMe: COWNWELHZKLNQYV.EXE DEFAULT LOCATION: %TEMP%\COWNWELHZKLNQYV.EXE Dropper hash(md5): 3ae57697c12d8979635619a191186c1e UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

Adware.Eorezo.Win32.18259 also known as Trojan.Win32.Agent.dzchtg, Trojan.Win32.Snojan.mbp, Gen:Variant.Zusy.210837. Malware Analysis of Adware.Eorezo.Win32.18259 – ZXGVK5CA7MMDWGX.EXE Created files: %COMMON APPDATA%\CHROME\ZXGVK5CA7MMDWGX.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\V4TKNODPPEBHQTHSR1L: “%COMMON APPDATA%\CHROME\ZXGVK5CA7MMDWGX.EXE” Detected by UnHackMe: ZXGVK5CA7MMDWGX.EXE DEFAULT LOCATION: %COMMON APPDATA%\CHROME\ZXGVK5CA7MMDWGX.EXE Dropper hash(md5): 0f2adf0f40127ab9f3bb6d8cba9bc791 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

Adware.Wajam.318 also known as Trj/CI.A, TROJ_GEN.R00JH0ECO17, ADWARE/NetFilter.hinwj. Malware Analysis of Adware.Wajam.318 – 77C393E26258A0A7F0BF3FADE908F92F.SYS Created files: %APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\WEBAPPSSTORE.SQLITE-SHM %APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\WEBAPPSSTORE.SQLITE-WAL %SYSDIR%\DRIVERS\77C393E26258A0A7F0BF3FADE908F92F.SYS %SYSDIR%\SSL\CERT.DB %SYSDIR%\SSL\D74E62A41E998FD2.CER Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\7268bb3b6510402b655e42bf789abbb6\DisplayName: “Social2Search” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\7268BB3B6510402B655E42BF789ABBB6\UNINSTALLSTRING: “%WINDIR%\20451995DFA37CBEF8C6500A099C09FA.EXE” HKLM\System\CurrentControlSet\services\7268bb3b6510402b655e42bf789abbb6\ImagePath: “”%Program Files%\7268bb3b6510402b655e42bf789abbb6\87cf1028ea29c6e0d1f4286541ae4c54.exe”” HKLM\System\CurrentControlSet\services\7268bb3b6510402b655e42bf789abbb6\DisplayName: “7268bb3b6510402b655e42bf789abbb6” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\77C393E26258A0A7F0BF3FADE908F92F\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\77C393E26258A0A7F0BF3FADE908F92F.SYS” HKLM\System\CurrentControlSet\services\77c393e26258a0a7f0bf3fade908f92f\DisplayName: “77c393e26258a0a7f0bf3fade908f92f” Detected by UnHackMe: 77C393E26258A0A7F0BF3FADE908F92F.SYS Default location: %SYSDIR%\DRIVERS\77C393E26258A0A7F0BF3FADE908F92F.SYS Dropper hash(md5): 3ecaf674d30ff9ff3e6a39ce6d2303e6 UnHackMe removes malware invisible for your antivirus! UnHackMe is…

Continue reading →

AdWare/Generic.kur also known as PUP/Win32.MultiPlug.R162150, Application.Win32.MultiPlug.HE, Win32:Xpaj-gen. MALWARE ANALYSIS OF ADWARE/GENERIC.KUR – 2E201E9E4504C1A9AFCDB863E944B6B2.EXE Created files: %COMMON APPDATA%\{824F1FA6-CE6D-0495-824F-F1FA6CE67E9B}\92E1448C33310117 %COMMON APPDATA%\{824F1FA6-CE6D-0495-824F-F1FA6CE67E9B}\2E201E9E4504C1A9AFCDB863E944B6B2.DAT %COMMON APPDATA%\{824F1FA6-CE6D-0495-824F-F1FA6CE67E9B}\2E201E9E4504C1A9AFCDB863E944B6B2.EXE %SYSDIR%\TASKS\HDPROTECT %WINDIR%\TASKS\HDPROTECT.JOB Detected by UnHackMe: 2E201E9E4504C1A9AFCDB863E944B6B2.EXE DEFAULT LOCATION: %COMMON APPDATA%\{824F1FA6-CE6D-0495-824F-F1FA6CE67E9B}\2E201E9E4504C1A9AFCDB863E944B6B2.EXE Dropper hash(md5): 2e201e9e4504c1a9afcdb863e944b6b2 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

W32.HfsAdware.BA11 also known as a variant of Win32/Adware.MultiPlug.ES, not-a-virus:AdWare.Win32.MultiPlug.bwof, Gen:Variant.Adware.Mikey.7658. MALWARE ANALYSIS OF W32.HFSADWARE.BA11 – 6B0D8EF028A0776DA5DF91CBEFF8B3E1.EXE Created files: %TEMP%\C80085\IMAGES\LOADER.GIF %TEMP%\C80085\IMAGES\PROGRESSBAR.GIF %TEMP%\C80085\TEMP\BG.CA %TEMP%\C80085\TEMP\6B0D8EF028A0776DA5DF91CBEFF8B3E1.EXE Detected by UnHackMe: 6B0D8EF028A0776DA5DF91CBEFF8B3E1.EXE DEFAULT LOCATION: %TEMP%\C80085\TEMP\6B0D8EF028A0776DA5DF91CBEFF8B3E1.EXE Dropper hash(md5): 6b0d8ef028a0776da5df91cbeff8b3e1 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

Adware.Win32.InstallCore.OT also known as W32/A-c374b561!Eldorado, PUA/InstallCore.Gen, BehavesLike.Win32.CryptInno.bc. MALWARE ANALYSIS OF ADWARE.WIN32.INSTALLCORE.OT – ICREINSTALL_0CEB7C14BDB741A09934968EF3648E8F.EXE Created files: %TEMP%\ISH63468\IMAGES\SPONSORED.PNG %TEMP%\ISH63468\LOCALE\PT.LOCALE %TEMP%\ICREINSTALL_0CEB7C14BDB741A09934968EF3648E8F.EXE %TEMP%\IS1827796962\89663_STP.DAT %TEMP%\IS1827796962\89663_STP.DAT.PART Detected by UnHackMe: ICREINSTALL_0CEB7C14BDB741A09934968EF3648E8F.EXE DEFAULT LOCATION: %TEMP%\ICREINSTALL_0CEB7C14BDB741A09934968EF3648E8F.EXE Dropper hash(md5): 0ceb7c14bdb741a09934968ef3648e8f UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Win.Adware.Installcore-501 also known as W32/A-c374b561!Eldorado, CryptInno, Trojan-Clicker/W32.InstallCore.726608. MALWARE ANALYSIS OF WIN.ADWARE.INSTALLCORE-501 – ICREINSTALL_0CEB7C14BDB741A09934968EF3648E8F.EXE Created files: %TEMP%\ISH63468\IMAGES\SPONSORED.PNG %TEMP%\ISH63468\LOCALE\PT.LOCALE %TEMP%\ICREINSTALL_0CEB7C14BDB741A09934968EF3648E8F.EXE %TEMP%\IS1827796962\89663_STP.DAT %TEMP%\IS1827796962\89663_STP.DAT.PART Detected by UnHackMe: ICREINSTALL_0CEB7C14BDB741A09934968EF3648E8F.EXE DEFAULT LOCATION: %TEMP%\ICREINSTALL_0CEB7C14BDB741A09934968EF3648E8F.EXE Dropper hash(md5): 0ceb7c14bdb741a09934968ef3648e8f UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

AdWare/Generic.cgr also known as Gen:Variant.Razy.14008, Trojan.Win32.Crossrider1.dvlvex, MultiPlug. MALWARE ANALYSIS OF ADWARE/GENERIC.CGR – 3C863D9EB64691E1C92E16729D280D5D.EXE Created files: %COMMON APPDATA%\{6A7C4BE2-D64E-A596-6A7C-C4BE2D642F8B}\D9A528567ED6D0A4 %COMMON APPDATA%\{6A7C4BE2-D64E-A596-6A7C-C4BE2D642F8B}\3C863D9EB64691E1C92E16729D280D5D.DAT %COMMON APPDATA%\{6A7C4BE2-D64E-A596-6A7C-C4BE2D642F8B}\3C863D9EB64691E1C92E16729D280D5D.EXE %SYSDIR%\TASKS\SYNCEXIST %WINDIR%\TASKS\SYNCEXIST.JOB Detected by UnHackMe: 3C863D9EB64691E1C92E16729D280D5D.EXE DEFAULT LOCATION: %COMMON APPDATA%\{6A7C4BE2-D64E-A596-6A7C-C4BE2D642F8B}\3C863D9EB64691E1C92E16729D280D5D.EXE Dropper hash(md5): 3c863d9eb64691e1c92e16729d280d5d UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

Win.Adware.Multiplug-59777 also known as Gen:Variant.Razy.14008, Win32.Adware.Generic.bb, Adware.MultiPlugGen.Win32.51. MALWARE ANALYSIS OF WIN.ADWARE.MULTIPLUG-59777 – 3C863D9EB64691E1C92E16729D280D5D.EXE Created files: %COMMON APPDATA%\{6A7C4BE2-D64E-A596-6A7C-C4BE2D642F8B}\D9A528567ED6D0A4 %COMMON APPDATA%\{6A7C4BE2-D64E-A596-6A7C-C4BE2D642F8B}\3C863D9EB64691E1C92E16729D280D5D.DAT %COMMON APPDATA%\{6A7C4BE2-D64E-A596-6A7C-C4BE2D642F8B}\3C863D9EB64691E1C92E16729D280D5D.EXE %SYSDIR%\TASKS\SYNCEXIST %WINDIR%\TASKS\SYNCEXIST.JOB Detected by UnHackMe: 3C863D9EB64691E1C92E16729D280D5D.EXE DEFAULT LOCATION: %COMMON APPDATA%\{6A7C4BE2-D64E-A596-6A7C-C4BE2D642F8B}\3C863D9EB64691E1C92E16729D280D5D.EXE Dropper hash(md5): 3c863d9eb64691e1c92e16729d280d5d UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

AdWare.Generic.ijv also known as GrayWare[AdWare]/Win32.MultiPlug.nx, not-a-virus:HEUR:AdWare.Win32.Generic, Gen:Variant.Razy.14008. MALWARE ANALYSIS OF ADWARE.GENERIC.IJV – 2B5478E4149FE3E8F4D3E7A02652275A.EXE Created files: %COMMON APPDATA%\{7F7F29D7-0E04-9A78-7F7F-F29D70E0A75C}\F7EFDA3BCBB245A %COMMON APPDATA%\{7F7F29D7-0E04-9A78-7F7F-F29D70E0A75C}\2B5478E4149FE3E8F4D3E7A02652275A.DAT %COMMON APPDATA%\{7F7F29D7-0E04-9A78-7F7F-F29D70E0A75C}\2B5478E4149FE3E8F4D3E7A02652275A.EXE %SYSDIR%\TASKS\INFOBROWSER %WINDIR%\TASKS\INFOBROWSER.JOB Detected by UnHackMe: 2B5478E4149FE3E8F4D3E7A02652275A.EXE DEFAULT LOCATION: %COMMON APPDATA%\{7F7F29D7-0E04-9A78-7F7F-F29D70E0A75C}\2B5478E4149FE3E8F4D3E7A02652275A.EXE Dropper hash(md5): 2b5478e4149fe3e8f4d3e7a02652275a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

Adware.Softcnapp.1644064[h] also known as Adware.GenericKDCRTD.Win32.6052, Adware ( 004dd5ca1 ), W32/Adware.PKMY-1478. Malware Analysis of Adware.Softcnapp.1644064[h] – SCMINI.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\:…

Continue reading →

W32/Adware.LPZX-0671 also known as Adware ( 004ba7c21 ), Generic.8ED. Malware Analysis of W32/Adware.LPZX-0671 – CHROMIUM-INSTALLER-SHARP_DOTNET4.EXE Created files: %SYSTEMDRIVE%\ADWCLEANER\ADWCLEANER[S0].TXT %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012017032220170323\CONTAINER.DAT %TEMP%\F9626892-7A78-3199-ABD2-97BBCE96297B\CHROMIUM-INSTALLER-SHARP_DOTNET4.EXE %TEMP%\TMP75C9.TMP %TEMP%\TMPF108.TMP Autostart registry keys: HKLM\SOFTWARE\CLASSES\IQAHTM.5H2QR4GU3NYWVL3TJ6VO2JWGTI\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\IQA\APPLICATION\CHROME.EXE” — “%1″” HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IQA.5H2QR4GU3NYWVL3TJ6VO2JWGTI\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\IQA\APPLICATION\CHROME.EXE”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI\DisplayName: “Adobe Flash Player 19 PPAPI” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE FLASH PLAYER PPAPI\UNINSTALLSTRING: “%SYSDIR%\MACROMED\FLASH\FLASHUTIL32_19_0_0_226_PEPPER.EXE -MAINTAIN PEPPERPLUGIN” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ADOBEFLASHPLAYERUPDATESVC\IMAGEPATH: “%SYSDIR%\MACROMED\FLASH\FLASHPLAYERUPDATESERVICE.EXE” HKLM\System\CurrentControlSet\services\AdobeFlashPlayerUpdateSvc\DisplayName: “Adobe Flash…

Continue reading →

Win32/Virus.Adware.604 also known as Artemis, not-a-virus:HEUR:AdWare.Win32.Imali.gen. Malware Analysis of Win32/Virus.Adware.604 – CHROMIUM-INSTALLER-SHARP_DOTNET4.EXE Created files: %SYSTEMDRIVE%\ADWCLEANER\ADWCLEANER[S0].TXT %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012017032220170323\CONTAINER.DAT %TEMP%\F9626892-7A78-3199-ABD2-97BBCE96297B\CHROMIUM-INSTALLER-SHARP_DOTNET4.EXE %TEMP%\TMP75C9.TMP %TEMP%\TMPF108.TMP Autostart registry keys: HKLM\SOFTWARE\CLASSES\IQAHTM.5H2QR4GU3NYWVL3TJ6VO2JWGTI\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\IQA\APPLICATION\CHROME.EXE” — “%1″” HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IQA.5H2QR4GU3NYWVL3TJ6VO2JWGTI\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\IQA\APPLICATION\CHROME.EXE”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI\DisplayName: “Adobe Flash Player 19 PPAPI” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE FLASH PLAYER PPAPI\UNINSTALLSTRING: “%SYSDIR%\MACROMED\FLASH\FLASHUTIL32_19_0_0_226_PEPPER.EXE -MAINTAIN PEPPERPLUGIN” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ADOBEFLASHPLAYERUPDATESVC\IMAGEPATH: “%SYSDIR%\MACROMED\FLASH\FLASHPLAYERUPDATESERVICE.EXE” HKLM\System\CurrentControlSet\services\AdobeFlashPlayerUpdateSvc\DisplayName: “Adobe Flash Player Update Service”…

Continue reading →

Adware ( 004dd5ca1 ) also known as Adware.Softcnapp.23, Trojan.Win32.Generic!BT. Malware Analysis of Adware ( 004dd5ca1 ) – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe…

Continue reading →

Adware.GenericKDCRTD.Win32.6052 also known as generic.ml, Adware ( 004dd5ca1 ), Trojan.Win32.Generic!BT. Malware Analysis of Adware.GenericKDCRTD.Win32.6052 – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\:…

Continue reading →

Adware.Softcnapp.23 also known as W32.HfsAdware.2312, Adware.GenericKD.4588278. Malware Analysis of Adware.Softcnapp.23 – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program…

Continue reading →

AdWare.Generic.dhot also known as Adware.GenericKD.4148094, Application.OptInstall (A), Program.Unwanted.1806. Malware Analysis of AdWare.Generic.dhot – PERFORMANCEMONITOR.EXE Created files: %APPDATA%\SUPER PC CLEANER\LANGUAGES\TMPPARAM.JSON %SYSDIR%\TASKS\SUPER PC CLEANER MONITOR %Program Files%\SuperPCCleaner\PerformanceMonitor.exe %Program Files%\SuperPCCleaner\SuperPCCleaner.exe %Program Files%\SuperPCCleaner\Uninstaller.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SuperPCCleaner\DisplayName: “Super PC Cleaner” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SuperPCCleaner\UninstallString: “%Program Files%\SuperPCCleaner\Uninstaller.exe” Detected by UnHackMe: PERFORMANCEMONITOR.EXE Default location: %PROGRAM FILES%\SUPERPCCLEANER\PERFORMANCEMONITOR.EXE Dropper hash(md5): 1bd41f9c484058e416b4aca43f763a84 UnHackMe removes malware invisible for…

Continue reading →

Adware ( 004e10411 ) also known as Trojan.Win32.Crypted.dxxrkh, PUA.Softcnapp. Malware Analysis of Adware ( 004e10411 ) – SETUP_ZNYKB050.EXE Created files: %APPDATA%\KP_25204.EXE %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE %APPDATA%\SETUP_ZNYKB050.EXE %APPDATA%\YX_YXS_AB.EXE %APPDATA%\?A?E?A.ICO Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading →

Adware.Generic.D4602F6 also known as Adware.GenericKD.4588278, Adware.GenericKD.4588278, Adware.GenericKD.4588278. Malware Analysis of Adware.Generic.D4602F6 – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading →

Adware.Softcnapp.701984.A[h] also known as PUP/Multitoolbar, Adware.GenericKD.4588278, Generic PUA NI (PUA). Malware Analysis of Adware.Softcnapp.701984.A[h] – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\:…

Continue reading →

ADWARE/Agent.zcpbk also known as Riskware ( 0040eff71 ), Adware.Generic.D3F4B7E, not-a-virus:HEUR:AdWare.Win32.Generic. Malware Analysis of ADWARE/Agent.zcpbk – PERFORMANCEMONITOR.EXE Created files: %APPDATA%\SUPER PC CLEANER\LANGUAGES\TMPPARAM.JSON %SYSDIR%\TASKS\SUPER PC CLEANER MONITOR %Program Files%\SuperPCCleaner\PerformanceMonitor.exe %Program Files%\SuperPCCleaner\SuperPCCleaner.exe %Program Files%\SuperPCCleaner\Uninstaller.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SuperPCCleaner\DisplayName: “Super PC Cleaner” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SuperPCCleaner\UninstallString: “%Program Files%\SuperPCCleaner\Uninstaller.exe” Detected by UnHackMe: PERFORMANCEMONITOR.EXE Default location: %PROGRAM FILES%\SUPERPCCLEANER\PERFORMANCEMONITOR.EXE Dropper hash(md5): 1bd41f9c484058e416b4aca43f763a84 UnHackMe removes malware…

Continue reading →

Win32.Adware.Generic.Ahye also known as Trj/CI.A, Adware.W32.Generic!c, Application.OptInstall (A). Malware Analysis of Win32.Adware.Generic.Ahye – PERFORMANCEMONITOR.EXE Created files: %APPDATA%\SUPER PC CLEANER\LANGUAGES\TMPPARAM.JSON %SYSDIR%\TASKS\SUPER PC CLEANER MONITOR %Program Files%\SuperPCCleaner\PerformanceMonitor.exe %Program Files%\SuperPCCleaner\SuperPCCleaner.exe %Program Files%\SuperPCCleaner\Uninstaller.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SuperPCCleaner\DisplayName: “Super PC Cleaner” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SuperPCCleaner\UninstallString: “%Program Files%\SuperPCCleaner\Uninstaller.exe” Detected by UnHackMe: PERFORMANCEMONITOR.EXE Default location: %PROGRAM FILES%\SUPERPCCLEANER\PERFORMANCEMONITOR.EXE Dropper hash(md5): 1bd41f9c484058e416b4aca43f763a84 UnHackMe removes malware invisible for…

Continue reading →

W32/Adware.ZYLP-2826 also known as trojandownloader.win32.tugspay.a, Trj/CI.A. Malware Analysis of W32/Adware.ZYLP-2826 – PERFORMANCEMONITOR.EXE Created files: %APPDATA%\SUPER PC CLEANER\LANGUAGES\TMPPARAM.JSON %SYSDIR%\TASKS\SUPER PC CLEANER MONITOR %Program Files%\SuperPCCleaner\PerformanceMonitor.exe %Program Files%\SuperPCCleaner\SuperPCCleaner.exe %Program Files%\SuperPCCleaner\Uninstaller.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SuperPCCleaner\DisplayName: “Super PC Cleaner” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SuperPCCleaner\UninstallString: “%Program Files%\SuperPCCleaner\Uninstaller.exe” Detected by UnHackMe: PERFORMANCEMONITOR.EXE Default location: %PROGRAM FILES%\SUPERPCCLEANER\PERFORMANCEMONITOR.EXE Dropper hash(md5): 1bd41f9c484058e416b4aca43f763a84 UnHackMe removes malware invisible for your antivirus!…

Continue reading →

W32.Adware.Gen also known as Adware.GenericKD.4588278, Trojan.Win32.Generic!BT, Adware ( 004dd5ca1 ). Malware Analysis of W32.Adware.Gen – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\:…

Continue reading →