Category Archives: Trojan

Trojan.Win32.Z.Agent.458496.A[h]

Trojan.Win32.Z.Agent.458496.A[h] also known as Win32/Filecoder.NHQ, Trojan.Win32.SageCrypt.emkgle, TR/Crypt.Xpack.ykxwa. Malware Analysis of Trojan.Win32.Z.Agent.458496.A[h] – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

TrojWare.Win32.Pakes.lmb

TrojWare.Win32.Pakes.lmb also known as BrowserModifier:Win32/CNNIC, PE:Trojan.Win32.Generic.148B9C89!344693897, ADSPY/Cdnup.A.1. Malware Analysis of TrojWare.Win32.Pakes.lmb – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Trojan.Generic.D135EA0E

Trojan.Generic.D135EA0E also known as Trojan.Gen, Trojan.Generic!8.C3 (cloud:hIVqoP5XjTU) , Trojan.Crypt. Malware Analysis of Trojan.Generic.D135EA0E – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

Trojan/Win32.SageCrypt.C1854792

Trojan/Win32.SageCrypt.C1854792 also known as GenericR-JLF!12C6A555B5DD, Trojan.GenericKD.4595309, Atros5.RXZ. Malware Analysis of Trojan/Win32.SageCrypt.C1854792 – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Trojan-Clicker/W32.CDNUp.560128

Trojan-Clicker/W32.CDNUp.560128 also known as Adware.Cdnup.A, Trojan/Win32.Cdnup, Trojan.Win32.Pakes.lmb. Malware Analysis of Trojan-Clicker/W32.CDNUp.560128 – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Troj.Ransom.W32.SageCrypt.tobx

Troj.Ransom.W32.SageCrypt.tobx also known as Trojan.Win32.SageCrypt.emkgle, Win32/Trojan.Ransom.b1f, Trojan/Win32.SageCrypt.C1854792. Malware Analysis of Troj.Ransom.W32.SageCrypt.tobx – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Win32.Trojan.Gamepass.Peqg

Win32.Trojan.Gamepass.Peqg also known as Trojan.Gen, PWS:Win32/Zakahic.A, Win32/Trojan.GameThief.baa. Malware Analysis of Win32.Trojan.Gamepass.Peqg – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

Trojan ( 004f76a01 )

Trojan ( 004f76a01 ) also known as Trojan.GenericKD.4595309, Mal/Generic-S. Malware Analysis of Trojan ( 004f76a01 ) – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Trojan.Win32.Pakes.lmb

Trojan.Win32.Pakes.lmb also known as Adware.Cdnup.A, W32/Trojan.ZCAP-9292, ADSPY/Cdnup.A.1. Malware Analysis of Trojan.Win32.Pakes.lmb – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Win32.Troj.Agent.kr.(kcloud)

Win32.Troj.Agent.kr.(kcloud) also known as Adware.Bdsearch (fs), Adware.Cdnup!RDqouidOmx0, Adware.Cdnup.A. Malware Analysis of Win32.Troj.Agent.kr.(kcloud) – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

Trojan/Win32.Cdnup

Trojan/Win32.Cdnup also known as PE:Trojan.Win32.Generic.148B9C89!344693897, BrowserModifier:Win32/CNNIC, ADSPY/Cdnup.A.1. Malware Analysis of Trojan/Win32.Cdnup – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Win32.Trojan.Outbrowse.Ljao

Win32.Trojan.Outbrowse.Ljao also known as Artemis!PUP, a variant of Win32/OutBrowse.BZ potentially unwanted, OutBrowse Revenyou (PUA). Malware Analysis of Win32.Trojan.Outbrowse.Ljao – BEEHEIEEHD.EXE Created files: %TEMP%\WER3E9D.TMP.MDMP %TEMP%\WERF44E.TMP.WERINTERNALMETADATA.XML %TEMP%\BEEHEIEEHD.EXE %TEMP%\ICACHE-04044202.TMP %TEMP%\ILIST-00000000.TMP Detected by UnHackMe: BEEHEIEEHD.EXE DEFAULT LOCATION: %TEMP%\BEEHEIEEHD.EXE Dropper hash(md5): 13e7265d2b37bef83f1b618ae607d177 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Win32.Trojan.WisdomEyes.16070401.9500.9962

Win32.Trojan.WisdomEyes.16070401.9500.9962 also known as malicious (moderate confidence), Adware.BrowseFox.Win32.291276. Malware Analysis of Win32.Trojan.WisdomEyes.16070401.9500.9962 – LETVSETUP.EXE Created files: %TEMP%\NSSD2D1.TMP\IQIYISETUP_L_SPL004@KB010.EXE %TEMP%\NSSD2D1.TMP\K1.ICO %TEMP%\NSSD2D1.TMP\LETVSETUP.EXE %TEMP%\NSSD2D1.TMP\NSPROCESS.DLL %TEMP%\NSSD2D1.TMP\NSVFF9F.TMP Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe”” HKLM\System\CurrentControlSet\services\RsMgrSvc\DisplayName: “Rsd Service” HKLM\System\CurrentControlSet\services\sysmon\ImagePath: “system32\DRIVERS\sysmon.sys” HKLM\System\CurrentControlSet\services\sysmon\DisplayName: “sysmon” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PPTASSIST\UNINSTALLSTRING: “%LOCAL APPDATA%\PPTASSIST\UTILITY\UNINST.EXE”…

Continue reading

Trojan.Win32.Z.Packed.540672[h]

Trojan.Win32.Z.Packed.540672[h] also known as HEUR:Trojan.Win32.Generic, W32.Clodbc5.Trojan.1ac2, Win32/Trojan.e6d. Malware Analysis of Trojan.Win32.Z.Packed.540672[h] – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading

Trojan/Win32.Zegost.R196288

Trojan/Win32.Zegost.R196288 also known as Trojan.Inject2.43427, Trojan.GenericKD.4564741. Malware Analysis of Trojan/Win32.Zegost.R196288 – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d Share This: UnHackMe removes malware invisible for…

Continue reading

Trojan.Xpack.Win32.678

Trojan.Xpack.Win32.678 also known as Trojan.Generic.20310542, Trojan/MSIL.Packed.Confuser.P, Trojan.Win32.Generic.pak!cobra. Malware Analysis of Trojan.Xpack.Win32.678 – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading

Win32/Trojan.e04

Win32/Trojan.e04 also known as W32/Trojan.ZEAW-3919, W32/Generic.AC.3D73A8!tr, Backdoor.RBot.qb. Malware Analysis of Win32/Trojan.e04 – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d Share This: UnHackMe removes malware invisible…

Continue reading

Trojan.Encoder.10433

Trojan.Encoder.10433 also known as Win32:Malware-gen, Trojan.GenericKD.4595309, TR/Crypt.Xpack.ykxwa. Malware Analysis of Trojan.Encoder.10433 – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Trojan.Symmi.D3812

Trojan.Symmi.D3812 also known as W32/Onlinegames.QTX!tr.pws, Gen:Variant.Symmi.14354, HEUR:Trojan.Win32.Generic. Malware Analysis of Trojan.Symmi.D3812 – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

Win.Trojan.Ramnit-6040

Win.Trojan.Ramnit-6040 also known as Backdoor.Ramnit.Win32.3256. Malware Analysis of Win.Trojan.Ramnit-6040 – BARCONTROL.DLL Created files: %TEMP%\~RNSETUP\ZGOOGLE_DESKTOP\GDSAPI.DLL %TEMP%\~RNSETUP\ZGOOGLE_DESKTOP\GDSSETUP.EXE %TEMP%\~RNSETUP\ZGOOGLE_TOOLBAR\BARCONTROL.DLL %TEMP%\~RNSETUP\ZGOOGLE_TOOLBAR\GOOGLETOOLBARINSTALLER.EXE %TEMP%\~RNSETUP\ZGOOGLE_TOOLBAR\GOOGLETOOLBARINSTALLER98.EXE Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: BARCONTROL.DLL DEFAULT LOCATION: %TEMP%\~RNSETUP\ZGOOGLE_TOOLBAR\BARCONTROL.DLL Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Win32.Trojan.Falsesign.Wtdg

Win32.Trojan.Falsesign.Wtdg also known as Win32.Application.Agent.LED4GR, Artemis!D3F054DE4C81, Virus/Win32.Sality.gen. Malware Analysis of Win32.Trojan.Falsesign.Wtdg – YX_DTS.EXE Created files: %TEMP%\NSSD2D1.TMP\SYSTEM.DLL %TEMP%\NSSD2D1.TMP\UCBROWSER_V3.1.1644.29_4443_(BUILD14102814)_DOWNLOADER.EXE %TEMP%\NSSD2D1.TMP\YX_DTS.EXE %TEMP%\NSX1004.TMP\BG.BMP %TEMP%\NSX1004.TMP\BGWORKER.DLL Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe”” HKLM\System\CurrentControlSet\services\RsMgrSvc\DisplayName: “Rsd Service” HKLM\System\CurrentControlSet\services\sysmon\ImagePath: “system32\DRIVERS\sysmon.sys” HKLM\System\CurrentControlSet\services\sysmon\DisplayName: “sysmon” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PPTASSIST\UNINSTALLSTRING: “%LOCAL APPDATA%\PPTASSIST\UTILITY\UNINST.EXE” HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PPTAssist\DisplayName:…

Continue reading

W32/Trojan.XGLK-6260

W32/Trojan.XGLK-6260 also known as Trojan.Gen, Trojan.Generic.20310542, a variant of MSIL/Packed.Confuser.P suspicious. Malware Analysis of W32/Trojan.XGLK-6260 – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading

Trojan.Win32.Rbot.ellhso

Trojan.Win32.Rbot.ellhso also known as Trojan.Win32.Generic!BT, UDS:DangerousObject.Multi.Generic, Trojan/Win32.Zegost.R196288. Malware Analysis of Trojan.Win32.Rbot.ellhso – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d Share This: UnHackMe removes malware invisible…

Continue reading

TROJ_GEN.R0E3C0DAD17

TROJ_GEN.R0E3C0DAD17 also known as static engine – malicious, PWS:Win32/Zakahic.A, malicious (high confidence). Malware Analysis of TROJ_GEN.R0E3C0DAD17 – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Trojan[Ransom]/Win32.SageCrypt

Trojan[Ransom]/Win32.SageCrypt also known as Ransom_Milicry.R023C0CCN17, generic.ml, Win32:Malware-gen. Malware Analysis of Trojan[Ransom]/Win32.SageCrypt – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

MSIL.Trojan.Injector.JO

MSIL.Trojan.Injector.JO also known as generic.ml, Trj/GdSda.A, Trojan ( 004be5b21 ). Malware Analysis of MSIL.Trojan.Injector.JO – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Trojan.GenericKD.4564741 (B)

Trojan.GenericKD.4564741 (B) also known as W32/Trojan.ZEAW-3919, Trojan.GenericKD.4564741, Mal/Generic-S. Malware Analysis of Trojan.GenericKD.4564741 (B) – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d Share This: UnHackMe removes…

Continue reading

Win32.Trojan.WisdomEyes.16070401.9500.9984

Win32.Trojan.WisdomEyes.16070401.9500.9984 also known as static engine – malicious, MSIL/Injecto.58E1!tr, Generic.awn. Malware Analysis of Win32.Trojan.WisdomEyes.16070401.9500.9984 – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Trojan.Generic.D461E6D

Trojan.Generic.D461E6D also known as Trojan-Ransom.Win32.SageCrypt.asr, Ransom.SageLocker, Win32:Malware-gen. Malware Analysis of Trojan.Generic.D461E6D – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

W32/Trojan.ZEAW-3919

W32/Trojan.ZEAW-3919 also known as Trojan.GenericKD.4564741, Trojan.Win32.Generic!BT, Win32.Trojan.WisdomEyes.16070401.9500.9991. Malware Analysis of W32/Trojan.ZEAW-3919 – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d Share This: UnHackMe removes malware invisible…

Continue reading

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera