Category Archives: Virus

Virus.B7A.Gen!c

Virus.B7A.Gen!c also known as Trojan.Win32.Generic!BT, a variant of Win32/Jawego.C potentially unwanted. Malware Analysis of Virus.B7A.Gen!c – SM.EXE Created files: %APPDATA%\SYSTEM MONITOR\JAPAN_EM.INI %APPDATA%\SYSTEM MONITOR\LOG_11-17-2016.LOG %APPDATA%\SYSTEM MONITOR\SM.EXE %SYSDIR%\TASKS\RUNATSTARTUP Detected by UnHackMe: SM.EXE DEFAULT LOCATION: %APPDATA%\SYSTEM MONITOR\SM.EXE Dropper hash(md5): fd0100f52db55d0cdde99ec8fb5c82d6 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

not-a-virus:RiskTool.Win32.BitCoinMiner.hwkq

not-a-virus:RiskTool.Win32.BitCoinMiner.hwkq also known as Malware.Generic!dCHeZJ8DLFL@5 (thunder), Application.BitCoinMiner.IB, Trojan.BitCoinMiner.Win32.86. Malware Analysis of not-a-virus:RiskTool.Win32.BitCoinMiner.hwkq – X64SSE2.EXE Created files: %APPDATA%\MICROSOFT\LIBZ-1.DLL %APPDATA%\MICROSOFT\MSVCR120.DLL %APPDATA%\MICROSOFT\X64SSE2.EXE %APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\DATAREPORTING\ABORTED-SESSION-PING %APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\SESSIONSTORE-BACKUPS\RECOVERY.BAK Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DEVENCL.EXE: “%APPDATA%\MICROSOFT\DEVENCL.EXE” Detected by UnHackMe: X64SSE2.EXE DEFAULT LOCATION: %APPDATA%\MICROSOFT\X64SSE2.EXE Dropper hash(md5): afd5eb72bb8f02b9e9bbb7594e0d3cd4 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading

W32.eHeur.Virus02

W32.eHeur.Virus02 also known as malicious_confidence_85% (D). Malware Analysis of W32.eHeur.Virus02 – GAMEEXECUTORHELPERX86.DLL Created files: %Program Files%\QGNA\GameDownloaderx86.dll %Program Files%\QGNA\GameExecutorHelperX64.dll %Program Files%\QGNA\GameExecutorHelperX86.dll %Program Files%\QGNA\GameExecutorX86.dll %Program Files%\QGNA\gamenet.ui.exe Autostart registry keys: HKLM\Software\Classes\gamenet\shell\open\command\: “”%Program Files%\QGNA\qgna.exe” “/uri:%1″” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\2DC74854-88F0-4543-9AC5-3ACABFABA8F4_is1\DisplayName: “QGNA” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\2DC74854-88F0-4543-9AC5-3ACABFABA8F4_is1\UninstallString: “”%Program Files%\QGNA\unins000.exe”” Detected by UnHackMe: GAMEEXECUTORHELPERX86.DLL Default location: %PROGRAM FILES%\QGNA\GAMEEXECUTORHELPERX86.DLL Dropper hash(md5): c536893e4cf2feecde76f8fa837d7fc0 Share This: UnHackMe removes malware invisible for your…

Continue reading

not-a-virus:RemoteAdmin.Win32.WinVNC-based.e

not-a-virus:RemoteAdmin.Win32.WinVNC-based.e also known as RemAdm-TightVNC, virus.win32.sality.at. Malware Analysis of not-a-virus:RemoteAdmin.Win32.WinVNC-based.e – MSJAVA.EXE Created files: %PROFILE%\DESKTOP\SUPORTE.LNK %WINDIR%\MSJAVA.DLL %WINDIR%\MSJAVA.EXE %WINDIR%\MSJAVA.REG Detected by UnHackMe: MSJAVA.EXE Default location: %WinDir%\MSJAVA.EXE Dropper hash(md5): d636caaf0271478f08043789f1bb415b Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

not-a-virus:RemoteAdmin.Win32.WinVNC-based

not-a-virus:RemoteAdmin.Win32.WinVNC-based also known as RemoteAdmin.W32.WinVNC-based.e!c, RemoteAdmin.Win32.WinVNC-based!O, Riskware.Win32.WinVNCbased.bookc. Malware Analysis of not-a-virus:RemoteAdmin.Win32.WinVNC-based – MSJAVA.EXE Created files: %PROFILE%\DESKTOP\SUPORTE.LNK %WINDIR%\MSJAVA.DLL %WINDIR%\MSJAVA.EXE %WINDIR%\MSJAVA.REG Detected by UnHackMe: MSJAVA.EXE Default location: %WinDir%\MSJAVA.EXE Dropper hash(md5): d636caaf0271478f08043789f1bb415b Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

Virus.F7D.Gen!c

Virus.F7D.Gen!c also known as W32.HfsAdware.1E9C, Artemis!D75CEDAFA11C, TROJ_GEN.R0C1C0OHH16. Malware Analysis of Virus.F7D.Gen!c – SOCKET2.DLL Created files: %TEMP%\NSH29EB.TMP\SHELLLINK.DLL %TEMP%\NSH29EB.TMP\SHHELPER.DLL %TEMP%\NSH29EB.TMP\SOCKET2.DLL %TEMP%\NSH29EB.TMP\SYSTEM.DLL %TEMP%\NSH29EB.TMP\TOOLTIPS.DLL Detected by UnHackMe: SOCKET2.DLL DEFAULT LOCATION: %TEMP%\NSH29EB.TMP\SOCKET2.DLL Dropper hash(md5): 5c9f23773e1ed07b4674ba2799645679 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

virus.win32.parite.c

virus.win32.parite.c also known as Win32/Parite, W32/Parite, Win32.Parite.c (v). Malware Analysis of virus.win32.parite.c – NRJIIZ.EXE Created files: %Program Files%\NrJIIZ.exe %TEMP%\AFA3803.TMP Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NrJIIZ.exe: “%Program Files%\NrJIIZ.exe” Detected by UnHackMe: NRJIIZ.EXE Default location: %PROGRAM FILES%\NRJIIZ.EXE Dropper hash(md5): 0c2fc6fa3f9174ec1a597cd112ff3d79 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading

Virus.Win32.Parite.I

Virus.Win32.Parite.I also known as Win32.Parite.C, Virus.Win32.Parite.bysj, Win32.Parite.C. Malware Analysis of Virus.Win32.Parite.I – NRJIIZ.EXE Created files: %Program Files%\NrJIIZ.exe %TEMP%\AFA3803.TMP Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NrJIIZ.exe: “%Program Files%\NrJIIZ.exe” Detected by UnHackMe: NRJIIZ.EXE Default location: %PROGRAM FILES%\NRJIIZ.EXE Dropper hash(md5): 0c2fc6fa3f9174ec1a597cd112ff3d79 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Win32.Virus.Parite.d

Win32.Virus.Parite.d also known as Virus:Win32/Parite.C, Virus/Win32.Parite.N2113980496, Win32.Parite.C. Malware Analysis of Win32.Virus.Parite.d – NRJIIZ.EXE Created files: %Program Files%\NrJIIZ.exe %TEMP%\AFA3803.TMP Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NrJIIZ.exe: “%Program Files%\NrJIIZ.exe” Detected by UnHackMe: NRJIIZ.EXE Default location: %PROGRAM FILES%\NRJIIZ.EXE Dropper hash(md5): 0c2fc6fa3f9174ec1a597cd112ff3d79 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

virus.win32.slugin.a

virus.win32.slugin.a also known as Win32:OutBrowse-E [PUP], Unwanted-Program ( 004a9db51 ), PUP/Win32.OutBrowse.R124846. Malware Analysis of virus.win32.slugin.a – BACACABEBBBHD.EXE Created files: %STARTUP%-OLD\MUTEX_3.LNK %STARTUP%-OLD\ZOOMIT.EXE %TEMP%\BACACABEBBBHD.EXE %TEMP%\NSF586C.TMP\AA.DLL %TEMP%\NSF586C.TMP\NSISUNZ.DLL Detected by UnHackMe: BACACABEBBBHD.EXE DEFAULT LOCATION: %TEMP%\BACACABEBBBHD.EXE Dropper hash(md5): 1868d21763b16764a6195ee6ac26ba12 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Virus.Parite!1.9B80 (classic)

Virus.Parite!1.9B80 (classic) also known as Virus ( 00001b711 ), Virus.Win32.Parite.gen, Virus/Win32.Parite.N2113980496. Malware Analysis of Virus.Parite!1.9B80 (classic) – NRJIIZ.EXE Created files: %Program Files%\NrJIIZ.exe %TEMP%\AFA3803.TMP Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NrJIIZ.exe: “%Program Files%\NrJIIZ.exe” Detected by UnHackMe: NRJIIZ.EXE Default location: %PROGRAM FILES%\NRJIIZ.EXE Dropper hash(md5): 0c2fc6fa3f9174ec1a597cd112ff3d79 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus…

Continue reading

Virus/Win32.Parite.N2113980496

Virus/Win32.Parite.N2113980496 also known as Virus:Win32/Parite.C, Virus ( 00001b711 ), Win32.Parite.B. Malware Analysis of Virus/Win32.Parite.N2113980496 – NRJIIZ.EXE Created files: %Program Files%\NrJIIZ.exe %TEMP%\AFA3803.TMP Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NrJIIZ.exe: “%Program Files%\NrJIIZ.exe” Detected by UnHackMe: NRJIIZ.EXE Default location: %PROGRAM FILES%\NRJIIZ.EXE Dropper hash(md5): 0c2fc6fa3f9174ec1a597cd112ff3d79 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

not-a-virus:HEUR:RiskTool.Win32.PassFox.heur

not-a-virus:HEUR:RiskTool.Win32.PassFox.heur also known as Win32.Trojan.WisdomEyes.16070401.9500.9999, Gen:Variant.Razy.71565, malicious_confidence_99% (W). Malware Analysis of not-a-virus:HEUR:RiskTool.Win32.PassFox.heur – RYTR5674657GFHGJGJ.EXE Created files: %TEMP%\RYTR5674657GFHGJGJ.EXE Detected by UnHackMe: RYTR5674657GFHGJGJ.EXE DEFAULT LOCATION: %TEMP%\RYTR5674657GFHGJGJ.EXE Dropper hash(md5): 28506eb8524a10e9b71e7e16f17b9206 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading

not-a-virus:PSWTool.Win32.MailPassView

not-a-virus:PSWTool.Win32.MailPassView also known as Trojan.Razy.D1178D, Win32/Hedo. Malware Analysis of not-a-virus:PSWTool.Win32.MailPassView – RYTR5674657GFHGJGJ.EXE Created files: %TEMP%\RYTR5674657GFHGJGJ.EXE Detected by UnHackMe: RYTR5674657GFHGJGJ.EXE DEFAULT LOCATION: %TEMP%\RYTR5674657GFHGJGJ.EXE Dropper hash(md5): 28506eb8524a10e9b71e7e16f17b9206 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading

not-a-virus:NetTool.Win32.NetFilter.gf

not-a-virus:NetTool.Win32.NetFilter.gf also known as Gen:Variant.Midie.33100, trojan.win32.ramdo.h, Gen:Variant.Midie.33100. Malware Analysis of not-a-virus:NetTool.Win32.NetFilter.gf – 454DF867CD9BFA5D0610D2291D88EA26.SYS Created files: %APPDATA%\SYSTEM HEALER\LANGUAGES\SWEDISH.JSON %PROFILE%\DESKTOP\YOUTUBE DOWNLOADER GURU.LNK %SYSDIR%\DRIVERS\454DF867CD9BFA5D0610D2291D88EA26.SYS %SYSDIR%\TASKS\K9-PC PROTECTOR_STARTUP %SYSDIR%\TASKS\SYSTEM HEALER TASK Autostart registry keys: HKLM\Software\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}\LocalServer32\: “”%Program…

Continue reading

virus.win32.ramnit.j

virus.win32.ramnit.j also known as Gen:Variant.Razy.61680, Adware ( 004f67ae1 ), Trojan.Win32.Generic!BT. Malware Analysis of virus.win32.ramnit.j – TECHMONITOR.EXE Created files: %Program Files%\TechAgent\icon.ico %Program Files%\TechAgent\TechAgent.exe %Program Files%\TechAgent\TechMonitor.exe %Program Files%\TechAgent\uninstaller.exe %COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\K9-PC PROTECTOR\K9-PC PROTECTOR.LNK Autostart registry keys: HKLM\Software\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}\LocalServer32\:…

Continue reading

virus.win32.expiro.ea!bit

virus.win32.expiro.ea!bit also known as Artemis!82D334D254BF, PUA.BubbleSound, Program.Unwanted.1149. Malware Analysis of virus.win32.expiro.ea!bit – SOUND+.EXE Created files: %Program Files%\Sound+\silentconfigurator.exe %Program Files%\Sound+\silentunconfigurator.exe %Program Files%\Sound+\Sound+.exe %Program Files%\Sound+\SoundP.dll %Program Files%\Sound+\Uninstall.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Sound+: “”%Program Files%\Sound+\Sound+.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoundPlus\DisplayName: “Sound+” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoundPlus\UninstallString: “”%Program Files%\Sound+\Uninstall.exe”” Detected by UnHackMe: SOUND+.EXE Default location: %PROGRAM FILES%\SOUND+\SOUND+.EXE Dropper hash(md5): 9b6c634adcfadaacd9aaff17cfae04cf Share This: UnHackMe removes malware invisible for your…

Continue reading

Win32/Virus.NetTool.76a

Win32/Virus.NetTool.76a also known as Gen:Variant.Midie.33100, Win32.Trojan.WisdomEyes.16070401.9500.9647, Malware.Generic!oxvU5jtiGHS@1 (thunder). Malware Analysis of Win32/Virus.NetTool.76a – 454DF867CD9BFA5D0610D2291D88EA26.SYS Created files: %APPDATA%\SYSTEM HEALER\LANGUAGES\SWEDISH.JSON %PROFILE%\DESKTOP\YOUTUBE DOWNLOADER GURU.LNK %SYSDIR%\DRIVERS\454DF867CD9BFA5D0610D2291D88EA26.SYS %SYSDIR%\TASKS\K9-PC PROTECTOR_STARTUP %SYSDIR%\TASKS\SYSTEM HEALER TASK Autostart registry keys: HKLM\Software\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}\LocalServer32\:…

Continue reading

not-a-virus:RiskTool.Win32.SystemCare.z

not-a-virus:RiskTool.Win32.SystemCare.z also known as Pakes2_c.CJTN, PUA.Adposhel, Trojan.Razy.DF0F0. Malware Analysis of not-a-virus:RiskTool.Win32.SystemCare.z – THSETUP.EXE Created files: %TEMP%\INSTALL_TMP2\CONVERTER.EXE %TEMP%\INSTALL_TMP3\S2S_INSTALL.EXE %TEMP%\INSTALL_TMP4\THSETUP.EXE %TEMP%\INSTALL_TMP5\K9PCP_41830.EXE %TEMP%\INSTALL_TMP5\SYSTEMHEALER.EXE Autostart registry keys: HKLM\Software\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””…

Continue reading

virus.win32.gael.c

virus.win32.gael.c also known as PUA.Bang5mai, Win32.Trojan.WisdomEyes.16070401.9500.9931. Malware Analysis of virus.win32.gael.c – TCADAPTORCHRM.EXE Created files: %LOCAL APPDATA%\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DJGHKGGDAMPKOGMKMNMPFHFPBGEDPMFM\1.2.2.11_0\_METADATA\VERIFIED_CONTENTS.JSON %LOCAL APPDATA%\GOOGLE\CHROME\USER DATA\DEFAULT\COM.KOUSHUIDANG.TUCAO.JSON %LOCAL APPDATA%\GOOGLE\CHROME\USER DATA\DEFAULT\TCADAPTORCHRM.EXE %LOCAL APPDATA%\MICROSOFT\INTERNET EXPLORER\DOMSTORE\3J6WAL81\HAO.360[1].XML %LOCAL APPDATA%\MICROSOFT\INTERNET EXPLORER\RECOVERY\HIGH\ACTIVE\RECOVERYSTORE.{4660602B-A451-11E6-B077-000C2982064B}.DAT Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{25A1EDDD-CAD0-40EE-B868-905EA69DC803}\INPROCSERVER32\: “%LOCAL APPDATA%\TUCAO\1.1.3.9\TCHELPER.DLL” HKLM\Software\Classes\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}\InprocServer32\: “%Program Files%\?iN?\X86\KZipShell.dll” HKLM\Software\Classes\CLSID\{34B3C588-D06C-4F92-929C-2C3A0BC7F821}\InprocServer32\: “%Program Files%\LuDaShi\ComputerZ7.dll” HKLM\Software\Classes\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}\InprocServer32\: “%Program Files%\?iN?\X86\KZipShell.dll” HKLM\Software\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}\InprocServer32\: “%Program Files%\?iN?\X86\KZipShell.dll” HKLM\Software\Classes\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32\: “%Program Files%\Tencent\QQBrowser\9.3.7080.400\webp\WebpDecodeFilter.dll” HKLM\Software\Classes\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}\InprocServer32\: “%Program Files%\?iN?\X86\KZipShell.dll” HKLM\Software\Classes\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}\InprocServer32\: “%Program…

Continue reading

Virus.Win32.VirutChangeCall.J

Virus.Win32.VirutChangeCall.J also known as Win32.Virtob.Gen.12, Virus.Win32.Virut.ce.6 (v), W32/SuspPack.FW.gen!Eldorado. Malware Analysis of Virus.Win32.VirutChangeCall.J – IETASK.EXE Created files: %SYSDIR%\IETASK.EXE Detected by UnHackMe: IETASK.EXE Default location: %SYSDIR%\IETASK.EXE Dropper hash(md5): 62f670321fe66cfb693ddafb82ed2828 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading

Win32.Virus.Virut.gen

Win32.Virus.Virut.gen also known as W32.Virut.CF, BehavesLike.Win32.Dropper.ch, Virus:Win32/Virut.EPO. Malware Analysis of Win32.Virus.Virut.gen – IETASK.EXE Created files: %SYSDIR%\IETASK.EXE Detected by UnHackMe: IETASK.EXE Default location: %SYSDIR%\IETASK.EXE Dropper hash(md5): 62f670321fe66cfb693ddafb82ed2828 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading

Virus:Win32/Virut.EPO

Virus:Win32/Virut.EPO also known as Win32.Virtob.Gen.12, Win32.Virtob.Gen.12, W32/Virtob.Gen(F). Malware Analysis of Virus:Win32/Virut.EPO – IETASK.EXE Created files: %SYSDIR%\IETASK.EXE Detected by UnHackMe: IETASK.EXE Default location: %SYSDIR%\IETASK.EXE Dropper hash(md5): 62f670321fe66cfb693ddafb82ed2828 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading

Win32.Virus.Virut.Wqdi

Win32.Virus.Virut.Wqdi also known as Win32.Virtob.Gen.12, BehavesLike.Win32.Dropper.ch, W32/SuspPack.FW.gen!Eldorado. Malware Analysis of Win32.Virus.Virut.Wqdi – IETASK.EXE Created files: %SYSDIR%\IETASK.EXE Detected by UnHackMe: IETASK.EXE Default location: %SYSDIR%\IETASK.EXE Dropper hash(md5): 62f670321fe66cfb693ddafb82ed2828 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading

virus.win32.ursnif.d

virus.win32.ursnif.d also known as HW32.Packed.99B9, MultiPlug (PUA), Gen:Variant.Adware.Multiplug.35. Malware Analysis of virus.win32.ursnif.d – ACCC949179099303AEC3B6E20CBC13FC.EXE Created files: %COMMON APPDATA%\{6D79EA7A-52AF-9531-6D79-9EA7A52AA9E9}\13E0D7791B06F33B %COMMON APPDATA%\{6D79EA7A-52AF-9531-6D79-9EA7A52AA9E9}\ACCC949179099303AEC3B6E20CBC13FC.DAT %COMMON APPDATA%\{6D79EA7A-52AF-9531-6D79-9EA7A52AA9E9}\ACCC949179099303AEC3B6E20CBC13FC.EXE %COMMON APPDATA%\{6D79EA7A-52AF-9531-6D79-9EA7A52AA9E9}\DE1D712C3CD214EF %SYSDIR%\TASKS\MEETINGLOGS Detected by UnHackMe: ACCC949179099303AEC3B6E20CBC13FC.EXE DEFAULT LOCATION: %COMMON APPDATA%\{6D79EA7A-52AF-9531-6D79-9EA7A52AA9E9}\ACCC949179099303AEC3B6E20CBC13FC.EXE Dropper hash(md5): accc949179099303aec3b6e20cbc13fc Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading

Win.Virus.TeslaCrypt3_AntiVss-1

Win.Virus.TeslaCrypt3_AntiVss-1 also known as Riskware ( 0040eff71 ), Ransom:Win32/Tescrypt.J, Win32.Trojan.WisdomEyes.151026.9950.9999. Malware Analysis of Win.Virus.TeslaCrypt3_AntiVss-1 – GJGMU.EXE Created files: %PROFILE%\DESKTOP\RECOVERY.PNG %PROFILE%\DESKTOP\RECOVERY.TXT %PROFILE%\DOCUMENTS\GJGMU.EXE %PROFILE%\DOCUMENTS\QSDYL.EXE %PROFILE%\DOCUMENTS\RECOVERY+NGYJP.HTML Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\12_23-DST: “%WINDIR%\WLXMRWBLELCT.EXE” Detected by UnHackMe: GJGMU.EXE DEFAULT LOCATION: %PROFILE%\DOCUMENTS\GJGMU.EXE Dropper hash(md5): bfbad3eebd3e845ac540c65cde6ffb3b Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

virus.win32.virut.epo

virus.win32.virut.epo also known as AdWare.Adload, Gen:Variant.Razy.14008. Malware Analysis of virus.win32.virut.epo – D42283A2D0895A56FAB67DD2E698DCBF.EXE Created files: %COMMON APPDATA%\{81CB9A68-03F7-C877-81CB-B9A6803F69A0}\18C39081D849A3B3 %COMMON APPDATA%\{81CB9A68-03F7-C877-81CB-B9A6803F69A0}\D42283A2D0895A56FAB67DD2E698DCBF.DAT %COMMON APPDATA%\{81CB9A68-03F7-C877-81CB-B9A6803F69A0}\D42283A2D0895A56FAB67DD2E698DCBF.EXE %COMMON APPDATA%\{81CB9A68-03F7-C877-81CB-B9A6803F69A0}\D53E36D4FF9D4467 %SYSDIR%\TASKS\FINDYOURKEYS Detected by UnHackMe: D42283A2D0895A56FAB67DD2E698DCBF.EXE DEFAULT LOCATION: %COMMON APPDATA%\{81CB9A68-03F7-C877-81CB-B9A6803F69A0}\D42283A2D0895A56FAB67DD2E698DCBF.EXE Dropper hash(md5): d42283a2d0895a56fab67dd2e698dcbf Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

not-a-virus:RiskTool.MSIL.PCOptimizer.b

not-a-virus:RiskTool.MSIL.PCOptimizer.b also known as Application.GenericKD.3471925, MSIL/MyPCBackup.G potentially unwanted, Riskware.Win32.MyPCBackup.eeivrh. Malware Analysis of not-a-virus:RiskTool.MSIL.PCOptimizer.b – C4F46B362F144F6F9F7575206577311E996211.EXE Created files: %Program Files%\OLBPre\uninst.exe %TEMP%\AFF.CONF %TEMP%\C4F46B362F144F6F9F7575206577311E996211.EXE %TEMP%\LOG.TXT %TEMP%\NSV3F77.TMP\NSSCM.DLL Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre\DisplayName: “MyPC Backup ” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre\UninstallString: “%Program Files%\OLBPre\uninst.exe” Detected by UnHackMe: C4F46B362F144F6F9F7575206577311E996211.EXE DEFAULT LOCATION: %TEMP%\C4F46B362F144F6F9F7575206577311E996211.EXE Dropper hash(md5): db22963f0ff484fafb755a621d6fa0bf Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading

virus.win32.jadtre.l

virus.win32.jadtre.l also known as Gen:Variant.Adware.MultiPlug.18, HEUR/QVM10.1.0000.Malware.Gen, Win32:MultiPlug-ABC [PUP]. Malware Analysis of virus.win32.jadtre.l – D1C5ABF071097944220ABB3B684CD73C.EXE Created files: %COMMON APPDATA%\{2623C3DC-81BF-56B8-2623-3C3DC81B0F72}\D1C5ABF071097944220ABB3B684CD73C.DAT %COMMON APPDATA%\{2623C3DC-81BF-56B8-2623-3C3DC81B0F72}\D1C5ABF071097944220ABB3B684CD73C.EXE %SYSDIR%\TASKS\GRABABITE %WINDIR%\TASKS\GRABABITE.JOB Detected by UnHackMe: D1C5ABF071097944220ABB3B684CD73C.EXE DEFAULT LOCATION: %COMMON APPDATA%\{2623C3DC-81BF-56B8-2623-3C3DC81B0F72}\D1C5ABF071097944220ABB3B684CD73C.EXE Dropper hash(md5): d1c5abf071097944220abb3b684cd73c Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

W32.eHeur.Virus06

W32.eHeur.Virus06 also known as Win32.Trojan.WisdomEyes.16070401.9500.9974, trojan.win32.coinminer.aq, BehavesLike.Win32.Dropper.rc. Malware Analysis of W32.eHeur.Virus06 – WHKCKC81KXBNJKX85LK1.EXE Created files: %TEMP%\DLG\DLGRES\DLG-PRODUCT-LOGO.PNG %TEMP%\DLG\EXE\4BEE1563F288B8178B768F312DB4C273\INTERNET EXPLORER SETUP %TEMP%\DLG\EXE\99F0E44F2BD76AC0515A2606A8FB84AB\WHKCKC81KXBNJKX85LK1.EXE %TEMP%\DLG\INITWINDOW\CSS\STYLE.CSS %TEMP%\DLG\INITWINDOW\NOCONNECTION.HTML Autostart registry keys: HKLM\Software\Google\Chrome\Extensions\kbejacapfbbfcbonimhhmpdbbpjdoplf\update_url: “https://clients2.google.com/service/update2/crx” HKLM\Software\Wow6432Node\Google\Chrome\Extensions\kbejacapfbbfcbonimhhmpdbbpjdoplf\update_url: “https://clients2.google.com/service/update2/crx” Detected by UnHackMe: WHKCKC81KXBNJKX85LK1.EXE DEFAULT LOCATION: %TEMP%\DLG\EXE\99F0E44F2BD76AC0515A2606A8FB84AB\WHKCKC81KXBNJKX85LK1.EXE Dropper hash(md5): e807cc3209446b4f455410a2b1205197 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software.…

Continue reading

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera