Spyware ( 0000b1001 ) also known as TROJ_LYDRA.SMA, TrojanSpy.Lydra.kp. Malware Analysis of Spyware ( 0000b1001 ) – WSERVICES.EXE Created files: %WinDir%\msrpc.exe %WinDir%\regedit2.exe %WinDir%\wservices.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\msrpc: “c:\windows\msrpc.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\wservices: “c:\windows\wservices.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\wservices: “c:\windows\wservices.exe” HKLM\System\CurrentControlSet\Services\wservices\DisplayName: “Windows Font Cache” HKLM\System\CurrentControlSet\Services\wservices\ImagePath: “c:\windows\wservices.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wservices: “c:\windows\wservices.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lsassv: “c:\windows\lsassv.exe” Detected by UnHackMe: WSERVICES.EXE Default location: %WinDir%\WSERVICES.EXE Dropper hash(md5): c6b9e79b53195ade08d8ac7599797790 UnHackMe removes malware…

Continue reading →

BehavesLike.Win32.SpywareLyndra.ch also known as Trojan-Spy.Win32.Lydra.aamt, TR/Lydra.A. Malware Analysis of BehavesLike.Win32.SpywareLyndra.ch – WSERVICES.EXE Created files: %WinDir%\msrpc.exe %WinDir%\regedit2.exe %WinDir%\wservices.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\msrpc: “c:\windows\msrpc.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\wservices: “c:\windows\wservices.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\wservices: “c:\windows\wservices.exe” HKLM\System\CurrentControlSet\Services\wservices\DisplayName: “Windows Font Cache” HKLM\System\CurrentControlSet\Services\wservices\ImagePath: “c:\windows\wservices.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wservices: “c:\windows\wservices.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lsassv: “c:\windows\lsassv.exe” Detected by UnHackMe: WSERVICES.EXE Default location: %WinDir%\WSERVICES.EXE Dropper hash(md5): c6b9e79b53195ade08d8ac7599797790 UnHackMe removes malware invisible for your antivirus! UnHackMe is…

Continue reading →

Spyware.Zbot.USBV also known as Trojan.Win32.Generic!BT, Gen:Heur.ManBat.1, Trojan/W32.Agent.141566. Malware Analysis of Spyware.Zbot.USBV – SAMIA.EXE Created files: %Appdata%\Microsoft\Crypto\RSA\S-1-5-21-1659004503-1708537768-1801674531-500\88603cb2913a7df3fbd16b5f958e6447_e17ef422-72d0-4843-9f36-93d1c74df894 C:\Documents and Settings\LOULOUCINE\Desktop\New Folder\h.jpg C:\Documents and Settings\LOULOUCINE\Desktop\New Folder\samia.exe %Program Files%\Bifrost\server.exe Autostart registry keys: HKLM\Software\Microsoft\Active Setup\Installed Components\{9D71D88C-C598-4935-C5D1-43AA4DB90836}\stubpath: “%Program Files%\Bifrost\server.exe s” Detected by UnHackMe: SAMIA.EXE Default location: C:\DOCUMENTS AND SETTINGS\LOULOUCINE\DESKTOP\NEW FOLDER\SAMIA.EXE Dropper hash(md5): c5e6f4ff99ac50e3bfe3b33c41875af6 UnHackMe removes malware invisible for your antivirus!…

Continue reading →

Spyware ( 0048c72d1 ) also known as TrojWare.Win32.Small.NAF, a variant of Win32/Spy.CardSpy.NAF, Trojan.Win32.Generic!BT. Malware Analysis of Spyware ( 0048c72d1 ) – VUVEQ.EXE Created files: %Temp%\golfinfo.ini %Temp%\vuveq.exe %SysDir%\loher.exe Autostart registry keys: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run: “%SysDir%\loher.exe” Detected by UnHackMe: VUVEQ.EXE Default location: %TEMP%\VUVEQ.EXE Dropper hash(md5): c5e99b42b6e1e7ac90b833f5249f9690 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most…

Continue reading →

W32/Spyware.AWM also known as not-a-virus:Monitor.Win32.Ardamax.x, W32/Ardamax.KN!tr, Trojan.Win32.Generic.1257F184. Malware Analysis of W32/Spyware.AWM – OKBY.EXE Created files: %SysDir%\28463\OKBY.006 %SysDir%\28463\OKBY.007 %SysDir%\28463\OKBY.exe %SysDir%\internetexplorer.exe C:\exec1.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SlideShow32: “c:\windows\system32\internetexplorer.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\OKBY Agent: “%SysDir%\28463\OKBY.exe” Detected by UnHackMe: OKBY.EXE Default location: %SYSDIR%\28463\OKBY.EXE Dropper hash(md5): c0e76a9fb3b4051f5f495bb2aba935f0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Spyware/Win32.Delf also known as Dropped:Generic.Keylogger.1939C1D5, BehavesLike.Win32.Malware.wsc (mx-v). Malware Analysis of Spyware/Win32.Delf – C5C946631B976AA8DA287548BF8BA140.EXE Created files: %WinDir%\c5c946631b976aa8da287548bf8ba140.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Anonymous: “C:\Windows\c5c946631b976aa8da287548bf8ba140.exe” Detected by UnHackMe: C5C946631B976AA8DA287548BF8BA140.EXE Default location: %WinDir%\C5C946631B976AA8DA287548BF8BA140.EXE Dropper hash(md5): c5c946631b976aa8da287548bf8ba140 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Spyware/Win32.Delf also known as Dropped:Generic.Keylogger.1939C1D5, BehavesLike.Win32.Malware.wsc (mx-v). Malware Analysis of Spyware/Win32.Delf – C5C946631B976AA8DA287548BF8BA140.EXE Created files: %WinDir%\c5c946631b976aa8da287548bf8ba140.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Anonymous: “C:\Windows\c5c946631b976aa8da287548bf8ba140.exe” Detected by UnHackMe: C5C946631B976AA8DA287548BF8BA140.EXE Default location: %WinDir%\C5C946631B976AA8DA287548BF8BA140.EXE Dropper hash(md5): c5c946631b976aa8da287548bf8ba140 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Spyware ( 0000eb491 ) also known as HEUR:Trojan.Win32.Generic, Trj/CI.A, Trojan.Win32.KeyLogger.NDW. Malware Analysis of Spyware ( 0000eb491 ) – C5C946631B976AA8DA287548BF8BA140.EXE Created files: %WinDir%\c5c946631b976aa8da287548bf8ba140.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Anonymous: “C:\Windows\c5c946631b976aa8da287548bf8ba140.exe” Detected by UnHackMe: C5C946631B976AA8DA287548BF8BA140.EXE Default location: %WinDir%\C5C946631B976AA8DA287548BF8BA140.EXE Dropper hash(md5): c5c946631b976aa8da287548bf8ba140 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Spyware ( 0000eb491 ) also known as HEUR:Trojan.Win32.Generic, Trj/CI.A, Trojan.Win32.KeyLogger.NDW. Malware Analysis of Spyware ( 0000eb491 ) – C5C946631B976AA8DA287548BF8BA140.EXE Created files: %WinDir%\c5c946631b976aa8da287548bf8ba140.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Anonymous: “C:\Windows\c5c946631b976aa8da287548bf8ba140.exe” Detected by UnHackMe: C5C946631B976AA8DA287548BF8BA140.EXE Default location: %WinDir%\C5C946631B976AA8DA287548BF8BA140.EXE Dropper hash(md5): c5c946631b976aa8da287548bf8ba140 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Spyware.Ardamax.GP also known as Win32:Ardamax-KB [Spy], Keylogger.Ardamax. Malware Analysis of Spyware.Ardamax.GP – BOYL.EXE Created files: %Temp%\@3.tmp %SysDir%\28463\BOYL.001 %SysDir%\28463\BOYL.006 %SysDir%\28463\BOYL.007 %SysDir%\28463\BOYL.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\BOYL Agent: “%SysDir%\28463\BOYL.exe” Detected by UnHackMe: BOYL.EXE Default location: %SYSDIR%\28463\BOYL.EXE Dropper hash(md5): 6b189408b36bec7165f7eeff9565b412 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

Spyware ( 004ce5411 ) also known as Trojan-Spy.Agent, Trojan.Win32.FakeAV.jok (v). Malware Analysis of Spyware ( 004ce5411 ) – ZUDAH.EXE Created files: %Temp%\golfinfo.ini %Temp%\zudah.exe %SysDir%\siupo.exe Autostart registry keys: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run: “%SysDir%\siupo.exe” Detected by UnHackMe: ZUDAH.EXE Default location: %TEMP%\ZUDAH.EXE Dropper hash(md5): ce3cb5d6f2b23b555366d05cf3d22168 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading →

Spyware.Ardamax.GP (B) also known as Generic.Win32.97d8ad45f4!CMCRadar, PE:Malware.Generic/QRS!1.9E2D [F], Spyware.Ardamax.GP. Malware Analysis of Spyware.Ardamax.GP (B) – BOYL.EXE Created files: %Temp%\@3.tmp %SysDir%\28463\BOYL.001 %SysDir%\28463\BOYL.006 %SysDir%\28463\BOYL.007 %SysDir%\28463\BOYL.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\BOYL Agent: “%SysDir%\28463\BOYL.exe” Detected by UnHackMe: BOYL.EXE Default location: %SYSDIR%\28463\BOYL.EXE Dropper hash(md5): 6b189408b36bec7165f7eeff9565b412 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading →

RogueAntiSpyware.SecurityToolFraud!rem also known as W32/Trojan2.LBYX, Trojan.Win32.FakeAV.aow, Trojan. Malware Analysis of RogueAntiSpyware.SecurityToolFraud!rem – 42511215.EXE Created files: %Common Appdata%\42511215\42511215.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\42511215: “C:\DOCUME~1\ALLUSE~1\APPLIC~1\42511215\42511215.exe” Detected by UnHackMe: 42511215.EXE Default location: %COMMON APPDATA%\42511215\42511215.EXE Dropper hash(md5): c0bbb1b5b10a811611eb25c86fb15b48 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Spyware.PasswordStealer.XGen also known as Win32/Spy.Shiz.NCD, Gen:Variant.Kazy.40809 (B), W32/SuspPack.DZ.gen!Eldorado. Malware Analysis of Spyware.PasswordStealer.XGen – QVEDRPX.EXE Created files: %Temp%\2.tmp %WinDir%\AppPatch\qvedrpx.exe Detected by UnHackMe: QVEDRPX.EXE Default location: %WinDir%\APPPATCH\QVEDRPX.EXE Dropper hash(md5): 6abd888151baa7c9980856ecce268986 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

Spyware.PasswordStealer.XGen also known as Win32/Spy.Shiz.NCD, Gen:Variant.Kazy.40809 (B), W32/SuspPack.DZ.gen!Eldorado. Malware Analysis of Spyware.PasswordStealer.XGen – QVEDRPX.EXE Created files: %Temp%\2.tmp %WinDir%\AppPatch\qvedrpx.exe Detected by UnHackMe: QVEDRPX.EXE Default location: %WinDir%\APPPATCH\QVEDRPX.EXE Dropper hash(md5): 6abd888151baa7c9980856ecce268986 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

PE:Spyware.Dialer!1.6615 [F] also known as Trojan.Generic.5947725, Trojan.Win32.Dialer!O, Dialer.CarpeDiem. Malware Analysis of PE:Spyware.Dialer!1.6615 [F] – 6A85856719D862CFF971C8B550998FDC.EXE Created files: %Program Files%\Montorgueil\14.05088 %Program Files%\Montorgueil\6a85856719d862cff971c8b550998fdc\6a85856719d862cff971c8b550998fdc.exe %Program Files%\Montorgueil\6a85856719d862cff971c8b550998fdc\6a85856719d862cff971c8b550998fdc.ico %WinDir%\Temp\MT\6a85856719d862cff971c8b550998fdc.exe Detected by UnHackMe: 6A85856719D862CFF971C8B550998FDC.EXE Default location: %PROGRAM FILES%\MONTORGUEIL\6A85856719D862CFF971C8B550998FDC\6A85856719D862CFF971C8B550998FDC.EXE Dropper hash(md5): 6a85856719d862cff971c8b550998fdc UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

PE:Spyware.Dialer!1.6615 [F] also known as Trojan.Generic.5947725, Trojan.Win32.Dialer!O, Dialer.CarpeDiem. Malware Analysis of PE:Spyware.Dialer!1.6615 [F] – 6A85856719D862CFF971C8B550998FDC.EXE Created files: %Program Files%\Montorgueil\14.05088 %Program Files%\Montorgueil\6a85856719d862cff971c8b550998fdc\6a85856719d862cff971c8b550998fdc.exe %Program Files%\Montorgueil\6a85856719d862cff971c8b550998fdc\6a85856719d862cff971c8b550998fdc.ico %WinDir%\Temp\MT\6a85856719d862cff971c8b550998fdc.exe Detected by UnHackMe: 6A85856719D862CFF971C8B550998FDC.EXE Default location: %PROGRAM FILES%\MONTORGUEIL\6A85856719D862CFF971C8B550998FDC\6A85856719D862CFF971C8B550998FDC.EXE Dropper hash(md5): 6a85856719d862cff971c8b550998fdc UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

PE:Spyware.CardSpy!1.A1A8 [F] also known as Trj/Genetic.gen, Gen:Variant.Zusy.69788, Trojan.Zusy.D1109C. Malware Analysis of PE:Spyware.CardSpy!1.A1A8 [F] – QUVUQ.EXE Created files: %Temp%\golfinfo.ini %Temp%\quvuq.exe %SysDir%\zynus.exe Autostart registry keys: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run: “%SysDir%\zynus.exe” Detected by UnHackMe: QUVUQ.EXE Default location: %TEMP%\QUVUQ.EXE Dropper hash(md5): 6b1ff4e602aecd10c0a028f7ab209391 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

PE:Spyware.CardSpy!1.A1A8 [F] also known as Trj/Genetic.gen, Gen:Variant.Zusy.69788, Trojan.Zusy.D1109C. Malware Analysis of PE:Spyware.CardSpy!1.A1A8 [F] – QUVUQ.EXE Created files: %Temp%\golfinfo.ini %Temp%\quvuq.exe %SysDir%\zynus.exe Autostart registry keys: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run: “%SysDir%\zynus.exe” Detected by UnHackMe: QUVUQ.EXE Default location: %TEMP%\QUVUQ.EXE Dropper hash(md5): 6b1ff4e602aecd10c0a028f7ab209391 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

Spyware ( 004ce5411 ) also known as Trojan.Win32.FakeAV.jok (v), Gen:Variant.Zusy.69788, a variant of Win32/Spy.CardSpy.NAF. Malware Analysis of Spyware ( 004ce5411 ) – QUVUQ.EXE Created files: %Temp%\golfinfo.ini %Temp%\quvuq.exe %SysDir%\zynus.exe Autostart registry keys: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run: “%SysDir%\zynus.exe” Detected by UnHackMe: QUVUQ.EXE Default location: %TEMP%\QUVUQ.EXE Dropper hash(md5): 6b1ff4e602aecd10c0a028f7ab209391 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with…

Continue reading →

Spyware ( 004ce5411 ) also known as Trojan.Win32.FakeAV.jok (v), Gen:Variant.Zusy.69788, a variant of Win32/Spy.CardSpy.NAF. Malware Analysis of Spyware ( 004ce5411 ) – QUVUQ.EXE Created files: %Temp%\golfinfo.ini %Temp%\quvuq.exe %SysDir%\zynus.exe Autostart registry keys: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run: “%SysDir%\zynus.exe” Detected by UnHackMe: QUVUQ.EXE Default location: %TEMP%\QUVUQ.EXE Dropper hash(md5): 6b1ff4e602aecd10c0a028f7ab209391 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with…

Continue reading →

Spyware.Zbot.SI also known as Trojan/W32.Agent.130560.BZ, Trojan.Fraudpack-4746, Backdoor.Tidserv!gen10. Malware Analysis of Spyware.Zbot.SI – KUOC1S.DLL Created files: C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\RV9REGRK\desktop.ini C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\V4EF480L\desktop.ini %SysDir%\spool\prtprocs\w32x86\KUOC1s.dll %WinDir%\Temp\QGMY7c3.sys Detected by UnHackMe: KUOC1S.DLL Default location: %SYSDIR%\SPOOL\PRTPROCS\W32X86\KUOC1S.DLL Dropper hash(md5): 6a607d3dc61d740ae3c40dc38a5046f0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading →

Spyware[Porn-Dialer:not-a-virus]/Win32.CapreDeam also known as Trojan/Dialer.CapreDeam.k, Trojan.AdDialer, PE:Hack.PornDialer.b!334382 [F]. Malware Analysis of Spyware[Porn-Dialer:not-a-virus]/Win32.CapreDeam – 6B0EB56ADC2F870E24B073EADE646367.EXE Created files: %Program Files%\Montorgueil\14.05068 %Program Files%\Montorgueil\6b0eb56adc2f870e24b073eade646367\6b0eb56adc2f870e24b073eade646367.exe %Program Files%\Montorgueil\6b0eb56adc2f870e24b073eade646367\6b0eb56adc2f870e24b073eade646367.ico %WinDir%\Temp\MT\6b0eb56adc2f870e24b073eade646367.exe Detected by UnHackMe: 6B0EB56ADC2F870E24B073EADE646367.EXE Default location: %PROGRAM FILES%\MONTORGUEIL\6B0EB56ADC2F870E24B073EADE646367\6B0EB56ADC2F870E24B073EADE646367.EXE Dropper hash(md5): 6b0eb56adc2f870e24b073eade646367 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

Spyware ( 0000ac651 ) also known as Infostealer.Bancos!gen, TrojanSpy:Win32/Bancos.gen!A, TrojWare.Win32.Spy.Banker.Gen. Malware Analysis of Spyware ( 0000ac651 ) – SYSTEMINI.EXE Created files: %Program Files%\Google\Chrome\Application\46.0.2490.86\widevinecdmadapter.dll %Program Files%\Google\Chrome\Application\46.0.2490.86\xinput1_3.dll %SysDir%\systemIni.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WindowsSystemLocal: “%SysDir%\systemIni.exe” HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe:…

Continue reading →

Win32:Spyware-gen [Spy] also known as Generic.Ranky.C4F5A53A, Win-Trojan/Ranky.46017.B, Trojan-Proxy.Win32.Ranky.gen. Malware Analysis of Win32:Spyware-gen [Spy] – MSLL32.EXE Created files: %SysDir%\MSLL32.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\msll: “%SysDir%\MSLL32.exe” Detected by UnHackMe: MSLL32.EXE Default location: %SYSDIR%\MSLL32.EXE Dropper hash(md5): 6a949d587820218eca62aa635ad227d9 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Spyware ( 003c66c71 ) also known as Trojan[Dropper]/Win32.Injector, TrojanDropper.Injector, Gen:Variant.Graftor.106695. Malware Analysis of Spyware ( 003c66c71 ) – WTMPS.EXE Created files: %Temp%\tmp4.tmp %Temp%\tmp6.tmp %Temp%\wtmps.exe %Program Files%\Google\Chrome\Application\46.0.2490.86\46.0.2490.86.manifest %Program Files%\Google\Chrome\Application\46.0.2490.86\chrome.dll Autostart registry keys: HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe:…

Continue reading →

Spyware.Ardamax.484864[h] also known as PE:Trojan.Win32.Generic.12828CF1!310545649, Program.Ardamax, TROJ_GEN.R0CBC0EA215. Malware Analysis of Spyware.Ardamax.484864[h] – VECS.EXE Created files: %SysDir%\28463\VECS.009.tmp %SysDir%\28463\VECS.chm %SysDir%\28463\VECS.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VECS Agent: “%SysDir%\28463\VECS.exe” HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe: VECS.EXE Default location: %SYSDIR%\28463\VECS.EXE Dropper hash(md5): 6a762deb162375245b6792f8638299b0…

Continue reading →

Spyware ( 0000ac651 ) also known as Infostealer.Bancos!gen, TrojanSpy:Win32/Bancos.gen!A, TrojWare.Win32.Spy.Banker.Gen. Malware Analysis of Spyware ( 0000ac651 ) – SYSTEMINI.EXE Created files: %Program Files%\Google\Chrome\Application\46.0.2490.86\widevinecdmadapter.dll %Program Files%\Google\Chrome\Application\46.0.2490.86\xinput1_3.dll %SysDir%\systemIni.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WindowsSystemLocal: “%SysDir%\systemIni.exe” HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe:…

Continue reading →

Win32:Spyware-gen [Spy] also known as Generic.Ranky.C4F5A53A, Win-Trojan/Ranky.46017.B, Trojan-Proxy.Win32.Ranky.gen. Malware Analysis of Win32:Spyware-gen [Spy] – MSLL32.EXE Created files: %SysDir%\MSLL32.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\msll: “%SysDir%\MSLL32.exe” Detected by UnHackMe: MSLL32.EXE Default location: %SYSDIR%\MSLL32.EXE Dropper hash(md5): 6a949d587820218eca62aa635ad227d9 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Spyware ( 003c66c71 ) also known as Trojan[Dropper]/Win32.Injector, TrojanDropper.Injector, Gen:Variant.Graftor.106695. Malware Analysis of Spyware ( 003c66c71 ) – WTMPS.EXE Created files: %Temp%\tmp4.tmp %Temp%\tmp6.tmp %Temp%\wtmps.exe %Program Files%\Google\Chrome\Application\46.0.2490.86\46.0.2490.86.manifest %Program Files%\Google\Chrome\Application\46.0.2490.86\chrome.dll Autostart registry keys: HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe:…

Continue reading →