not-a-virus:Downloader.NSIS also known as ADW_DOWNWARE, PUP-FXQ, OutBrowse Revenyou (PUA). Malware Analysis of not-a-virus:Downloader.NSIS – F.EXE Created files: %TEMP%\F.EXE %TEMP%\NSFCB40.TMP\CONVERT.DLL %TEMP%\WER3341.TMP.WERINTERNALMETADATA.XML %TEMP%\WER3B9F.TMP.APPCOMPAT.TXT %TEMP%\WER4072.TMP.MDMP Detected by UnHackMe: F.EXE DEFAULT LOCATION: %TEMP%\F.EXE Dropper hash(md5): 061190930f35d7041d942862b2018974 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

Downloader.BVI also known as Win.Adware.OutBrowse-1, Riskware.Win32.OutBrowse.dtmevz, OutBrowse Revenyou (PUA). Malware Analysis of Downloader.BVI – F.EXE Created files: %TEMP%\F.EXE %TEMP%\NSFCB40.TMP\CONVERT.DLL %TEMP%\WER3341.TMP.WERINTERNALMETADATA.XML %TEMP%\WER3B9F.TMP.APPCOMPAT.TXT %TEMP%\WER4072.TMP.MDMP Detected by UnHackMe: F.EXE DEFAULT LOCATION: %TEMP%\F.EXE Dropper hash(md5): 061190930f35d7041d942862b2018974 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

W32.Downloader.Gen also known as Uds.Dangerousobject.Multi!c, malicious (high confidence). Malware Analysis of W32.Downloader.Gen – WINDASDALOGON.EXE Created files: %SYSTEMDRIVE%\WINDASDALOGON.EXE Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\JKLMNO QRSTUVWX ABC\IMAGEPATH: “%SYSTEMDRIVE%\WINDASDALOGON.EXE -K DKIGIQ” HKLM\System\CurrentControlSet\services\Jklmno Qrstuvwx Abc\DisplayName: “Jklmno Qrstuvwx Abcdefgh Jklm” Detected by UnHackMe: WINDASDALOGON.EXE DEFAULT LOCATION: %SYSTEMDRIVE%\WINDASDALOGON.EXE Dropper hash(md5): 440bce4bb7fbea8f630223c09cf6c986 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading →

Downloader.AgentCRTD.Win32.5253 also known as Adware.ChinAd, Trojan.IGENERIC, Adware.Generic.D4603C3. Malware Analysis of Downloader.AgentCRTD.Win32.5253 – LANY_Y_907453_FEITIAN.EXE Created files: %TEMP%\NSP245D.TMP\KINST_168_206.EXE %TEMP%\NSP245D.TMP\KUWO_JM634.EXE %TEMP%\NSP245D.TMP\LANY_Y_907453_FEITIAN.EXE %TEMP%\NSP245D.TMP\QBDOWNLOAD_10024040.EXE %TEMP%\NSP245D.TMP\RAV3490022.EXE Autostart registry keys: HKLM\SOFTWARE\CLASSES\BAIDUCLIENT.DEFAULT\.EXE\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\BAIDU\ILJ\3.1.200.2978\BAIDU.EXE” %*” HKLM\SOFTWARE\CLASSES\BAIDUCLIENTBROWSERHTML\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\BAIDU\ILJ\3.1.200.2978\BAIDU.EXE” — “%1″ –MAIN-FRAME 3” HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\BAIDU.EXE\SHELL\OPEN\COMMAND\: “%LOCAL APPDATA%\BAIDU\ILJ\3.1.200.2978\BAIDU.EXE –MAIN-FRAME 1” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BAIDUSERVICE.EXE\IMAGEPATH: “%LOCAL APPDATA%\BAIDU\ILJ\3.1.200.2978\BAIDUSERVICE.EXE” HKLM\System\CurrentControlSet\services\BaiduService.exe\DisplayName: “BaiduService.exe” HKLM\System\CurrentControlSet\services\bbnetdriver\ImagePath: “\SystemRoot\system32\drivers\bbnetdriver.sys” HKLM\System\CurrentControlSet\services\bbnetdriver\DisplayName: “bbnetdriver” HKLM\System\CurrentControlSet\services\bbnetservice\ImagePath: “%SystemRoot%\system32\svchost.exe -k bbnetservice” HKLM\System\CurrentControlSet\services\bbnetservice\DisplayName: “bbnetservice” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BAIDUCLIENT:…

Continue reading →

Downloader.Agent.Win32.149004 also known as TrojanDownloader.Agent.bqgr, Artemis!A8BD9C0264CC, Trojan/W32.Agent.274432.CC. Malware Analysis of Downloader.Agent.Win32.149004 – THEAPPRENTICELOSANGELES.EXE Created files: %Program Files%\The Apprentice Los Angeles\ReflexiveArcade\unins000.dat %Program Files%\The Apprentice Los Angeles\ReflexiveArcade\unins000.exe %Program Files%\The Apprentice Los Angeles\TheApprenticeLosAngeles.exe %Program Files%\The Apprentice Los Angeles\TheApprenticeLosAngeles.RWG %COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\THE APPRENTICE LOS ANGELES\OTHER GAMES.LNK Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Apprentice Los Angeles_is1\DisplayName: “The Apprentice Los Angeles” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Apprentice…

Continue reading →

Downloader.Agent.Win32.302110 also known as BehavesLike.Win32.CryptInno.bc, Malware-Cryptor.InstallCore.gen, Adware.InstallCore!1.A30C (classic) . Malware Analysis of Downloader.Agent.Win32.302110 – 272868F07448C49FB6E00F0AC0803DF0.EXE Created files: %TEMP%\272868F07448C49FB6E00F0AC0803DF0.EXE %TEMP%\BFC9062F1A31A28DE4E10F1DF8AA9738 Detected by UnHackMe: 272868F07448C49FB6E00F0AC0803DF0.EXE DEFAULT LOCATION: %TEMP%\272868F07448C49FB6E00F0AC0803DF0.EXE Dropper hash(md5): dfb533dbef776271ef5bdc1f90246b62 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Application.Downloader (A) also known as Generic.Downloader.A8, Downloader.Agent.Win32.302110, PUP.Optional.InstallCore. Malware Analysis of Application.Downloader (A) – 272868F07448C49FB6E00F0AC0803DF0.EXE Created files: %TEMP%\272868F07448C49FB6E00F0AC0803DF0.EXE %TEMP%\BFC9062F1A31A28DE4E10F1DF8AA9738 Detected by UnHackMe: 272868F07448C49FB6E00F0AC0803DF0.EXE DEFAULT LOCATION: %TEMP%\272868F07448C49FB6E00F0AC0803DF0.EXE Dropper hash(md5): dfb533dbef776271ef5bdc1f90246b62 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Downloader.CZS also known as Trojan.Gen.2, Win32/OutBrowse.BQ potentially unwanted, PUP.Optional.OutBrowse. Malware Analysis of Downloader.CZS – AAL.DLL Created files: %TEMP%\WER5B13.TMP.MDMP %TEMP%\BCDACABECBDH.EXE %TEMP%\NSRDBDA.TMP\AAL.DLL %TEMP%\NSRDBDA.TMP\NSISUNZ.DLL %TEMP%\WER21FA.TMP.WERINTERNALMETADATA.XML Detected by UnHackMe: AAL.DLL DEFAULT LOCATION: %TEMP%\NSRDBDA.TMP\AAL.DLL Dropper hash(md5): d48c4c533c2e4d49f5a034cdfc255b5d Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

Downloader.Genome!8.142-mlzvgUJJbbH (cloud) also known as TROJ_GEN.R02SH07LQ16, Trojan.Gen.8, Trojan.Win32.Generic!BT. Malware Analysis of Downloader.Genome!8.142-mlzvgUJJbbH (cloud) – IQINSTALLER.EXE Created files: %Program Files%\IMSIQ3\IQInstaller.exe %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\_IQDIAG2 %TEMP%\_IQDIAG3 Detected by UnHackMe: IQINSTALLER.EXE Default location: %PROGRAM FILES%\IMSIQ3\IQINSTALLER.EXE Dropper hash(md5): 0195107f968615f53fd389fafc67febd Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Downloader.Genome.Win32.65479 also known as Trojan.Win32.Generic!BT, Win32:Malware-gen. Malware Analysis of Downloader.Genome.Win32.65479 – IQINSTALLER.EXE Created files: %Program Files%\IMSIQ3\IQInstaller.exe %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\_IQDIAG2 %TEMP%\_IQDIAG3 Detected by UnHackMe: IQINSTALLER.EXE Default location: %PROGRAM FILES%\IMSIQ3\IQINSTALLER.EXE Dropper hash(md5): 0195107f968615f53fd389fafc67febd Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

Downloader.MSIL.BUVT also known as Trojan.DL.Agent!3m84EDHiDQY, TR/Dldr.Agent.undrk, Trojan.Win32.Generic!BT. Malware Analysis of Downloader.MSIL.BUVT – SSBDN.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %LOCAL APPDATA%\ECXHMDMTPQ\MSTRUST.EXE %APPDATA%\SSBDN.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\SSBDN: “%APPDATA%\SSBDN.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\TLWTJHHKUM: “%LOCAL APPDATA%\ECXHMD~1\MSTRUST.EXE” Detected by UnHackMe: SSBDN.EXE DEFAULT LOCATION: %APPDATA%\SSBDN.EXE Dropper hash(md5): 9300bdc4712b6a7e85a0b9b710fc1f13 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading →

Downloader.CZR also known as a variant of Win32/OutBrowse.BQ potentially unwanted, Riskware/OutBrowse, PUA.OutBrowse!. Malware Analysis of Downloader.CZR – ZZP.DLL Created files: %TEMP%\BCCICABECBCAG.EXE %TEMP%\NSDD2C2.TMP\NSISUNZ.DLL %TEMP%\NSDD2C2.TMP\ZZP.DLL %TEMP%\WER32CA.TMP.APPCOMPAT.TXT %TEMP%\WER4634.TMP.MDMP Detected by UnHackMe: ZZP.DLL DEFAULT LOCATION: %TEMP%\NSDD2C2.TMP\ZZP.DLL Dropper hash(md5): 5fd7d62eb9c2a8e6965b243de4be565e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Downloader.Agent!8.B23-w9atVVzxcGO (cloud) also known as Trojan.Win32.Z.Agent.627200.Y[h], Trojan.Inject2.40023, Trojan.Generic.D3E5920. Malware Analysis of Downloader.Agent!8.B23-w9atVVzxcGO (cloud) – SSBDN.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %LOCAL APPDATA%\ECXHMDMTPQ\MSTRUST.EXE %APPDATA%\SSBDN.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\SSBDN: “%APPDATA%\SSBDN.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\TLWTJHHKUM: “%LOCAL APPDATA%\ECXHMD~1\MSTRUST.EXE” Detected by UnHackMe: SSBDN.EXE DEFAULT LOCATION: %APPDATA%\SSBDN.EXE Dropper hash(md5): 9300bdc4712b6a7e85a0b9b710fc1f13 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software.…

Continue reading →

Downloader.Solimba.o also known as Signed-Downware.Morstar.AppsInstallerSL, W32.HfsAdware.A362. Malware Analysis of Downloader.Solimba.o – 51938065-E47C-4B97-BFDA-2A105BC06F2F.EXE Created files: %TEMP%\NSND17B.TMP\51938065-E47C-4B97-BFDA-2A105BC06F2F.EXE Detected by UnHackMe: 51938065-E47C-4B97-BFDA-2A105BC06F2F.EXE DEFAULT LOCATION: %TEMP%\NSND17B.TMP\51938065-E47C-4B97-BFDA-2A105BC06F2F.EXE Dropper hash(md5): fd76a6713d7b7b1898462742c87f1c7f Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

Downloader.FVE also known as Adware ( 004b8ce81 ), Trojan.Win32.OutBrowse.dqxkmd, Trojan.Win32.Generic!BT. Malware Analysis of Downloader.FVE – JZYMZ.DLL Created files: %TEMP%\ECCCABFBDFBBI.EXE %TEMP%\ECCCABFBDFBBI.ZIP %TEMP%\NSRE9C4.TMP\JZYMZ.DLL %TEMP%\NSRE9C4.TMP\NSISUNZ.DLL %TEMP%\WER964.TMP.MDMP Detected by UnHackMe: JZYMZ.DLL DEFAULT LOCATION: %TEMP%\NSRE9C4.TMP\JZYMZ.DLL Dropper hash(md5): ff9d29018ba5cabf0551b771f79aad1e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Downloader.AgentCRTD.Win32.5813 also known as Riskware/Agent, Win32/Virus.Downloader.4be, PUP/Win32.Spigot.C1629528. Malware Analysis of Downloader.AgentCRTD.Win32.5813 – PROGRAMMANAGER.EXE Created files: %WINDIR%\TEMP\VUZETOOLBAR.EXE %SYSTEMDRIVE%\CONFIG.MSI\3B2EF.RBF %Program Files Common%\ProgramManager\ProgramManager.exe %Program Files Common%\Spigot\Preferences Manager\config.ini %Program Files Common%\Spigot\Preferences Manager\Lang\res1031.ini Autostart registry keys: HKLM\Software\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\InprocServer32\: “%Program Files%\Vuze Remote Toolbar\IE\26.7\vuzeToolbarIE.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\09A904EFFACCFA94082A67CA9C6E8FFC\InstallProperties\UninstallString: “MsiExec.exe /X{FE409A90-CCAF-49AF-80A2-76ACC9E6F8CF}” HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\09A904EFFACCFA94082A67CA9C6E8FFC\InstallProperties\DisplayName: “Vuze Remote Toolbar v26.7” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: “” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SearchSettings: “”%Program Files Common%\Spigot\Preferences Manager\PreferencesManager.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FE409A90-CCAF-49AF-80A2-76ACC9E6F8CF}\UninstallString: “MsiExec.exe /X{FE409A90-CCAF-49AF-80A2-76ACC9E6F8CF}” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FE409A90-CCAF-49AF-80A2-76ACC9E6F8CF}\DisplayName:…

Continue reading →

Win32/Virus.Downloader.4be also known as Generic.D63, PUP/Multitoolbar, Downloader.AgentCRTD.Win32.5813. Malware Analysis of Win32/Virus.Downloader.4be – PROGRAMMANAGER.EXE Created files: %WINDIR%\TEMP\VUZETOOLBAR.EXE %SYSTEMDRIVE%\CONFIG.MSI\3B2EF.RBF %Program Files Common%\ProgramManager\ProgramManager.exe %Program Files Common%\Spigot\Preferences Manager\config.ini %Program Files Common%\Spigot\Preferences Manager\Lang\res1031.ini Autostart registry keys: HKLM\Software\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\InprocServer32\: “%Program Files%\Vuze Remote Toolbar\IE\26.7\vuzeToolbarIE.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\09A904EFFACCFA94082A67CA9C6E8FFC\InstallProperties\UninstallString: “MsiExec.exe /X{FE409A90-CCAF-49AF-80A2-76ACC9E6F8CF}” HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\09A904EFFACCFA94082A67CA9C6E8FFC\InstallProperties\DisplayName: “Vuze Remote Toolbar v26.7” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: “” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SearchSettings: “”%Program Files Common%\Spigot\Preferences Manager\PreferencesManager.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FE409A90-CCAF-49AF-80A2-76ACC9E6F8CF}\UninstallString: “MsiExec.exe /X{FE409A90-CCAF-49AF-80A2-76ACC9E6F8CF}” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FE409A90-CCAF-49AF-80A2-76ACC9E6F8CF}\DisplayName:…

Continue reading →

Downloader.Wajam.aei also known as Gen:Variant.Midie.34548, malicious_confidence_100% (D), Adware-Wajam. Malware Analysis of Downloader.Wajam.aei – SEUDWDBK.DLL Created files: %Program Files%\ead994d441755105547fa39c89024cfd\58b5529c7d303214662127caf2f07fcf.exe %Program Files%\ead994d441755105547fa39c89024cfd\7a563f31b0713ec816c2b11d40b1ebeb %Program Files%\ead994d441755105547fa39c89024cfd\afd6bbf78291c98d24db7481bec9726f\seudwdbk.dll %Program Files%\ead994d441755105547fa39c89024cfd\dc12bff029c9911e663de42d3c59ab56.exe %COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WIEN\SETTINGS.LNK Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ead994d441755105547fa39c89024cfd\DisplayName: “Wajam” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\EAD994D441755105547FA39C89024CFD\UNINSTALLSTRING: “%WINDIR%\58B5529C7D303214662127CAF2F07FCF.EXE” HKLM\System\CurrentControlSet\services\37ab3ddf332091fdca1a0350e0e82c6e\ImagePath: “”%Program Files%\ead994d441755105547fa39c89024cfd\115634103eb284b7e79db6a97b6c185a.exe”” HKLM\System\CurrentControlSet\services\37ab3ddf332091fdca1a0350e0e82c6e\DisplayName: “37ab3ddf332091fdca1a0350e0e82c6e” Detected by UnHackMe: SEUDWDBK.DLL Default location: %PROGRAM FILES%\EAD994D441755105547FA39C89024CFD\AFD6BBF78291C98D24DB7481BEC9726F\SEUDWDBK.DLL Dropper hash(md5): d36c8732382a537d452e38d1277c037d Share This: UnHackMe removes malware…

Continue reading →

RiskWare[Downloader]/Win32.Wajam also known as virus.win32.sality.at, BehavesLike.Win32.Downloader.th, W32/S-8471b9ed!Eldorado. Malware Analysis of RiskWare[Downloader]/Win32.Wajam – SEUDWDBK.DLL Created files: %Program Files%\ead994d441755105547fa39c89024cfd\58b5529c7d303214662127caf2f07fcf.exe %Program Files%\ead994d441755105547fa39c89024cfd\7a563f31b0713ec816c2b11d40b1ebeb %Program Files%\ead994d441755105547fa39c89024cfd\afd6bbf78291c98d24db7481bec9726f\seudwdbk.dll %Program Files%\ead994d441755105547fa39c89024cfd\dc12bff029c9911e663de42d3c59ab56.exe %COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WIEN\SETTINGS.LNK Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ead994d441755105547fa39c89024cfd\DisplayName: “Wajam” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\EAD994D441755105547FA39C89024CFD\UNINSTALLSTRING: “%WINDIR%\58B5529C7D303214662127CAF2F07FCF.EXE” HKLM\System\CurrentControlSet\services\37ab3ddf332091fdca1a0350e0e82c6e\ImagePath: “”%Program Files%\ead994d441755105547fa39c89024cfd\115634103eb284b7e79db6a97b6c185a.exe”” HKLM\System\CurrentControlSet\services\37ab3ddf332091fdca1a0350e0e82c6e\DisplayName: “37ab3ddf332091fdca1a0350e0e82c6e” Detected by UnHackMe: SEUDWDBK.DLL Default location: %PROGRAM FILES%\EAD994D441755105547FA39C89024CFD\AFD6BBF78291C98D24DB7481BEC9726F\SEUDWDBK.DLL Dropper hash(md5): d36c8732382a537d452e38d1277c037d Share This: UnHackMe removes malware invisible…

Continue reading →

not-a-virus:HEUR:Downloader.Win32.Agent.gen also known as virtool.win32.hlubea.a, Win32/Virus.Downloader.4be, Adware.Spigot.103. Malware Analysis of not-a-virus:HEUR:Downloader.Win32.Agent.gen – PROGRAMMANAGER.EXE Created files: %WINDIR%\TEMP\VUZETOOLBAR.EXE %SYSTEMDRIVE%\CONFIG.MSI\3B2EF.RBF %Program Files Common%\ProgramManager\ProgramManager.exe %Program Files Common%\Spigot\Preferences Manager\config.ini %Program Files Common%\Spigot\Preferences Manager\Lang\res1031.ini Autostart registry keys: HKLM\Software\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\InprocServer32\: “%Program Files%\Vuze Remote Toolbar\IE\26.7\vuzeToolbarIE.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\09A904EFFACCFA94082A67CA9C6E8FFC\InstallProperties\UninstallString: “MsiExec.exe /X{FE409A90-CCAF-49AF-80A2-76ACC9E6F8CF}” HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\09A904EFFACCFA94082A67CA9C6E8FFC\InstallProperties\DisplayName: “Vuze Remote Toolbar v26.7” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: “” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SearchSettings: “”%Program Files Common%\Spigot\Preferences Manager\PreferencesManager.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FE409A90-CCAF-49AF-80A2-76ACC9E6F8CF}\UninstallString: “MsiExec.exe /X{FE409A90-CCAF-49AF-80A2-76ACC9E6F8CF}” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FE409A90-CCAF-49AF-80A2-76ACC9E6F8CF}\DisplayName:…

Continue reading →

Downloader.Agent.asn also known as Riskware ( 0040eff71 ), TR/Dldr.Agent.mqfvs, Trojan-Downloader.Agent. Malware Analysis of Downloader.Agent.asn – PROGRAMMANAGER.EXE Created files: %WINDIR%\TEMP\VUZETOOLBAR.EXE %SYSTEMDRIVE%\CONFIG.MSI\3B2EF.RBF %Program Files Common%\ProgramManager\ProgramManager.exe %Program Files Common%\Spigot\Preferences Manager\config.ini %Program Files Common%\Spigot\Preferences Manager\Lang\res1031.ini Autostart registry keys: HKLM\Software\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\InprocServer32\: “%Program Files%\Vuze Remote Toolbar\IE\26.7\vuzeToolbarIE.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\09A904EFFACCFA94082A67CA9C6E8FFC\InstallProperties\UninstallString: “MsiExec.exe /X{FE409A90-CCAF-49AF-80A2-76ACC9E6F8CF}” HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\09A904EFFACCFA94082A67CA9C6E8FFC\InstallProperties\DisplayName: “Vuze Remote Toolbar v26.7” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: “” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SearchSettings: “”%Program Files Common%\Spigot\Preferences Manager\PreferencesManager.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FE409A90-CCAF-49AF-80A2-76ACC9E6F8CF}\UninstallString:…

Continue reading →

Downloader.CPA also known as Trojan ( 004b1bd81 ), PUA.Win32.OutBrowse.BBK, Trojan ( 050000001 ). Malware Analysis of Downloader.CPA – HHF.DLL Created files: %TEMP%\6A298489B7562C9E2C0163A571C4DD81.JSON %TEMP%\BCICABECFCDA.EXE %TEMP%\NSFD756.TMP\HHF.DLL %TEMP%\NSFD756.TMP\NSISUNZ.DLL %TEMP%\WER2E03.TMP.APPCOMPAT.TXT Detected by UnHackMe: HHF.DLL DEFAULT LOCATION: %TEMP%\NSFD756.TMP\HHF.DLL Dropper hash(md5): e650fbfbf2921e6bea123c815aa32c08 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Downloader.MSIL.BSQO also known as Trojan.Win32.Pabin.dx, Trojan.GenericKD.3778171. Malware Analysis of Downloader.MSIL.BSQO – ANF.EXE Created files: %TEMP%\ANF.EXE %TEMP%\D40YB2I1EO6FIUTLEKHSXE1KP7Y508JHPH6OLDLC3MF1B5K0KL9AAMJYTEFES0I0YMLAAEAAYY2M5AI2HLKYAJGDUO.TXT %STARTUP%\BD547A459185CFC55DEF03058A2D610F.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BD547A459185CFC55DEF03058A2D610F: “”%TEMP%\ANF.EXE” ..” Detected by UnHackMe: ANF.EXE DEFAULT LOCATION: %TEMP%\ANF.EXE Dropper hash(md5): ec358ad9ad655e8ef5f3d47463327a72 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Downloader.Solimba.f also known as W32.HfsAdware.A362, DownloadMR (fs), Trj/OCJ.E. Malware Analysis of Downloader.Solimba.f – 50D1D9D5-CF90-407C-820A-35E05BC06F2F.EXE Created files: %TEMP%\NSEFD1D.TMP %TEMP%\NSUFD2E.TMP\50D1D9D5-CF90-407C-820A-35E05BC06F2F.EXE %TEMP%\NSUFD2E.TMP\INSTALL.EXE %TEMP%\NSUFD2E.TMP\NSEXEC.DLL %TEMP%\NSUFD2E.TMP\NSFDCB.TMP Detected by UnHackMe: 50D1D9D5-CF90-407C-820A-35E05BC06F2F.EXE DEFAULT LOCATION: %TEMP%\NSUFD2E.TMP\50D1D9D5-CF90-407C-820A-35E05BC06F2F.EXE Dropper hash(md5): 156b7bc86e72c6c5b1d702098e4940a9 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Downloader.SolimbaCRTD.Win32.444 also known as Trj/OCJ.E, a variant of MSIL/Solimba.I potentially unwanted, DownloadMR (fs). Malware Analysis of Downloader.SolimbaCRTD.Win32.444 – 50D1D9D5-CF90-407C-820A-35E05BC06F2F.EXE Created files: %TEMP%\NSEFD1D.TMP %TEMP%\NSUFD2E.TMP\50D1D9D5-CF90-407C-820A-35E05BC06F2F.EXE %TEMP%\NSUFD2E.TMP\INSTALL.EXE %TEMP%\NSUFD2E.TMP\NSEXEC.DLL %TEMP%\NSUFD2E.TMP\NSFDCB.TMP Detected by UnHackMe: 50D1D9D5-CF90-407C-820A-35E05BC06F2F.EXE DEFAULT LOCATION: %TEMP%\NSUFD2E.TMP\50D1D9D5-CF90-407C-820A-35E05BC06F2F.EXE Dropper hash(md5): 156b7bc86e72c6c5b1d702098e4940a9 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Downloader.AFAG also known as Unwanted-Program ( 004d2a1c1 ), PUA/Outbrowse.Gen. Malware Analysis of Downloader.AFAG – BEFCBCIFDD.EXE Created files: %TEMP%\BEFCBCIFDD.EXE %TEMP%\WER2D99.TMP.WERINTERNALMETADATA.XML %TEMP%\WER57CD.TMP.APPCOMPAT.TXT %TEMP%\WERBA50.TMP.MDMP Detected by UnHackMe: BEFCBCIFDD.EXE DEFAULT LOCATION: %TEMP%\BEFCBCIFDD.EXE Dropper hash(md5): 89d4a99978be25ae8d6a84b59cdee85d Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Downloader.Adload.Win32.213 also known as PUA.Downloader, PE:Trojan.Outbrowse!1.A1E2 [F], BehavesLike.Win32.Downloader.ch. Malware Analysis of Downloader.Adload.Win32.213 – AJAWVPY.DLL Created files: %TEMP%\BEEHEGCJBJ.JBJCG %TEMP%\JBJCG.ZIP %TEMP%\NSIE0CB.TMP\AJAWVPY.DLL %TEMP%\NSIE0CB.TMP\ZIPDLL.DLL %TEMP%\WER6373.TMP.WERINTERNALMETADATA.XML Detected by UnHackMe: AJAWVPY.DLL DEFAULT LOCATION: %TEMP%\NSIE0CB.TMP\AJAWVPY.DLL Dropper hash(md5): e7d8a74eb25a7eb1c3b54beb2ef14842 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Downloader.UMX also known as W32/Adware.ODQK-0527, PUP/Win32.OutBrowse, Riskware/OutBrowse. Malware Analysis of Downloader.UMX – AJAWVPY.DLL Created files: %TEMP%\BEEHEGCJBJ.JBJCG %TEMP%\JBJCG.ZIP %TEMP%\NSIE0CB.TMP\AJAWVPY.DLL %TEMP%\NSIE0CB.TMP\ZIPDLL.DLL %TEMP%\WER6373.TMP.WERINTERNALMETADATA.XML Detected by UnHackMe: AJAWVPY.DLL DEFAULT LOCATION: %TEMP%\NSIE0CB.TMP\AJAWVPY.DLL Dropper hash(md5): e7d8a74eb25a7eb1c3b54beb2ef14842 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

RiskWare[Downloader]/Win32.Agent also known as Win32.Adware.Generic.bb, Generic6.BDKY, BehavesLike.Win32.MultiPlug.dh. Malware Analysis of RiskWare[Downloader]/Win32.Agent – VIRUSSHARE_5ADED3D43E91E260EEB6F155453589F8.EXE Created files: %WINDIR%\TASKS\BIDAILY SYNCHRONIZE TASK[973B].JOB %COMMON APPDATA%\{266E55FA-C12C-D4A2-266E-E55FAC1257EB}\VIRUSSHARE_5ADED3D43E91E260EEB6F155453589F8.DAT %COMMON APPDATA%\{266E55FA-C12C-D4A2-266E-E55FAC1257EB}\VIRUSSHARE_5ADED3D43E91E260EEB6F155453589F8.EXE %TEMP%\ICACHE-04044202.TMP %TEMP%\ILIST-00000000.TMP Detected by UnHackMe: VIRUSSHARE_5ADED3D43E91E260EEB6F155453589F8.EXE DEFAULT LOCATION: %COMMON APPDATA%\{266E55FA-C12C-D4A2-266E-E55FAC1257EB}\VIRUSSHARE_5ADED3D43E91E260EEB6F155453589F8.EXE Dropper hash(md5): 5aded3d43e91e260eeb6f155453589f8 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Downloader.GDY also known as Artemis!0EDDB8A05F77, Riskware/OutBrowse, PUA.OutBrowse!. Malware Analysis of Downloader.GDY – FVRDE.DLL Created files: %TEMP%\1430881315.EXE %TEMP%\1430881315.FGCABFBBFBFH %TEMP%\FGCABFBBFBFH.ZIP %TEMP%\NSB1B44.TMP\FVRDE.DLL %TEMP%\NSB1B44.TMP\NSISUNZ.DLL Detected by UnHackMe: FVRDE.DLL DEFAULT LOCATION: %TEMP%\NSB1B44.TMP\FVRDE.DLL Dropper hash(md5): d5947092990e293a2b19f641ef5f4a85 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →