Item: a variant of Win32/Toolbar.Visicom.A potentially unwantedMalwarefixit
Rating: 5
Author: Alex

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

Alex NightWatcher: Solved! (5 / 5)

a variant of Win32/Toolbar.Visicom.A potentially unwanted also known as Trojan.Win32.Generic!BT, Riskware.Nsis.Agent.dzpeuh, PUA.Toolbar.Agent!.

Malware Analysis of a variant of Win32/Toolbar.Visicom.A potentially unwanted – PANDASECURITYTB.EXE

Created files:

%Program Files%\Panda Security\Panda Security Protection\SystemRule.PRL
%Program Files%\Panda Security\Panda Security Protection\TMS_Component_Pack_Quick_Start_license.txt
%Program Files%\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe
%Program Files%\Panda Security\Panda Security Protection\UpgradeDialog.exe
%Program Files%\Panda Security\Panda Security Protection\USBVacineDLL.dll

Autostart registry keys:

HKLM\Software\Classes\Applications\PSUAMain.exe\TaskbarGroupIcon: “%Common Appdata%\Panda Security\Panda Security Protection\Res\Current\Images\MainIcon.ico”
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}\InprocServer32\: “%Program Files%\Panda Security\Panda Security Protection\PSUAShell.dll”
HKLM\Software\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\InprocServer32\: “%Program Files%\pandasecuritytb\pandasecurityDx.dll”
HKLM\Software\Classes\CLSID\{DD5C0A95-D409-46CE-B3CA-BBAAAA4E8D84}\InprocServer32\: “%Program Files%\Panda Security\Panda Security Protection\PSINOAV.dll”
HKLM\Software\Classes\PSUAScanner\Scan\Shell\open\command\: “”%Program Files%\Panda Security\Panda Security Protection\PSUAMain.exe” /LaunchAutorunAnalysis /custom:”%1″”
HKLM\Software\Google\Chrome\Extensions\fdhbkaahephniejapepaiggngjnedpci\update_url: “https://clients2.google.com/service/update2/crx”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ACED3EDD931993A4296741E3ACD17BE5\InstallProperties\UninstallString: “MsiExec.exe /X{DDE3DECA-9139-4A39-9276-143ECA1DB75E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ACED3EDD931993A4296741E3ACD17BE5\InstallProperties\DisplayName: “Panda Devices Agent”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0CDC1AC9173B864A9FA9344D2C0890C\InstallProperties\UninstallString: “MsiExec.exe /X{CA1CDC0C-3719-468B-9AAF-39442D0C98C0}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0CDC1AC9173B864A9FA9344D2C0890C\InstallProperties\DisplayName: “Panda Internet Security 2016”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PSUAMain: “”%Program Files%\Panda Security\Panda Security Protection\PSUAMain.exe” /LaunchSysTray”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Panda Security URL Filtering: “”%Program Files%\Panda Security URL Filtering\Panda_URL_Filtering.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Panda Devices Agent\DisplayName: “Panda Devices Agent”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Panda Devices Agent\UninstallString: “MsiExec.exe /X{DDE3DECA-9139-4A39-9276-143ECA1DB75E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Panda Security URL Filtering\UninstallString: “%Program Files%\Panda Security URL Filtering\uninstall.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Panda Universal Agent Endpoint\DisplayName: “Panda Internet Security 2016”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Panda Universal Agent Endpoint\UninstallString: “”%Program Files%\Panda Security\Panda Security Protection\PSINanoRun.exe” /Default:”%Program Files%\Panda Security\Panda Security Protection\Setup.exe /X{CA1CDC0C-3719-468B-9AAF-39442D0C98C0} “”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\pandasecuritytb\DisplayName: “Panda Security Toolbar”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\pandasecuritytb\UninstallString: “%Program Files%\pandasecuritytb\uninstall.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CA1CDC0C-3719-468B-9AAF-39442D0C98C0}\UninstallString: “MsiExec.exe /X{CA1CDC0C-3719-468B-9AAF-39442D0C98C0}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CA1CDC0C-3719-468B-9AAF-39442D0C98C0}\DisplayName: “Panda Internet Security 2016”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DDE3DECA-9139-4A39-9276-143ECA1DB75E}\UninstallString: “MsiExec.exe /X{DDE3DECA-9139-4A39-9276-143ECA1DB75E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DDE3DECA-9139-4A39-9276-143ECA1DB75E}\DisplayName: “Panda Devices Agent”
HKLM\Software\Wow6432Node\Google\Chrome\Extensions\fdhbkaahephniejapepaiggngjnedpci\update_url: “https://clients2.google.com/service/update2/crx”
HKLM\System\CurrentControlSet\Services\NanoServiceMain\ImagePath: “”%Program Files%\Panda Security\Panda Security Protection\PSANHost.exe””
HKLM\System\CurrentControlSet\Services\NanoServiceMain\DisplayName: “Panda Protection Service”
HKLM\System\CurrentControlSet\Services\NNSALPC\DisplayName: “NNSAlpc”
HKLM\System\CurrentControlSet\Services\NNSALPC\ImagePath: “system32\DRIVERS\NNSAlpc.sys”
HKLM\System\CurrentControlSet\Services\NNSHTTP\DisplayName: “NNSHttp”
HKLM\System\CurrentControlSet\Services\NNSHTTP\ImagePath: “system32\DRIVERS\NNSHttp.sys”
HKLM\System\CurrentControlSet\Services\NNSHTTPS\ImagePath: “system32\DRIVERS\NNSHttps.sys”
HKLM\System\CurrentControlSet\Services\NNSHTTPS\DisplayName: “NNSHttps”
HKLM\System\CurrentControlSet\Services\NNSIDS\ImagePath: “system32\DRIVERS\NNSIds.sys”
HKLM\System\CurrentControlSet\Services\NNSIDS\DisplayName: “NNSids”
HKLM\System\CurrentControlSet\Services\NNSNAHS\ImagePath: “system32\DRIVERS\NNSNAHS.sys”
HKLM\System\CurrentControlSet\Services\NNSNAHS\DisplayName: “Network Activity Hook Server Service”
HKLM\System\CurrentControlSet\Services\NNSPICC\DisplayName: “NNSPicc”
HKLM\System\CurrentControlSet\Services\NNSPICC\ImagePath: “system32\DRIVERS\NNSPicc.sys”
HKLM\System\CurrentControlSet\Services\NNSPIHS\DisplayName: “NNSPihs”
HKLM\System\CurrentControlSet\Services\NNSPIHS\ImagePath: “system32\DRIVERS\NNSPihs.sys”
HKLM\System\CurrentControlSet\Services\NNSPOP3\DisplayName: “NNSPop3”
HKLM\System\CurrentControlSet\Services\NNSPOP3\ImagePath: “system32\DRIVERS\NNSPop3.sys”
HKLM\System\CurrentControlSet\Services\NNSPROT\DisplayName: “NNSProt”
HKLM\System\CurrentControlSet\Services\NNSPROT\ImagePath: “system32\DRIVERS\NNSProt.sys”
HKLM\System\CurrentControlSet\Services\NNSPRV\DisplayName: “NNSPrv”
HKLM\System\CurrentControlSet\Services\NNSPRV\ImagePath: “system32\DRIVERS\NNSPrv.sys”
HKLM\System\CurrentControlSet\Services\NNSSMTP\ImagePath: “system32\DRIVERS\NNSSmtp.sys”
HKLM\System\CurrentControlSet\Services\NNSSMTP\DisplayName: “NNSSmtp”
HKLM\System\CurrentControlSet\Services\NNSSTRM\DisplayName: “NNSStrm”
HKLM\System\CurrentControlSet\Services\NNSSTRM\ImagePath: “system32\DRIVERS\NNSStrm.sys”
HKLM\System\CurrentControlSet\Services\NNSTLSC\ImagePath: “system32\DRIVERS\NNSTlsc.sys”
HKLM\System\CurrentControlSet\Services\NNSTLSC\DisplayName: “NNSTlsc”
HKLM\System\CurrentControlSet\Services\PandaAgent\ImagePath: “”%Program Files%\Panda Security\Panda Devices Agent\AgentSvc.exe””
HKLM\System\CurrentControlSet\Services\PandaAgent\DisplayName: “Panda Devices Agent”
HKLM\System\CurrentControlSet\Services\PSINAflt\DisplayName: “PSINAflt”
HKLM\System\CurrentControlSet\Services\PSINAflt\ImagePath: “system32\DRIVERS\PSINAflt.sys”
HKLM\System\CurrentControlSet\Services\PSINFile\DisplayName: “PSINFile”
HKLM\System\CurrentControlSet\Services\PSINFile\ImagePath: “system32\DRIVERS\PSINFile.sys”
HKLM\System\CurrentControlSet\Services\PSINKNC\ImagePath: “system32\DRIVERS\psinknc.sys”
HKLM\System\CurrentControlSet\Services\PSINKNC\DisplayName: “PSINKnc”
HKLM\System\CurrentControlSet\Services\PSINProc\ImagePath: “system32\DRIVERS\PSINProc.sys”
HKLM\System\CurrentControlSet\Services\PSINProc\DisplayName: “PSINProc”
HKLM\System\CurrentControlSet\Services\PSINProt\DisplayName: “PSINProt”
HKLM\System\CurrentControlSet\Services\PSINProt\ImagePath: “system32\DRIVERS\PSINProt.sys”
HKLM\System\CurrentControlSet\Services\PSINReg\DisplayName: “PSINReg”
HKLM\System\CurrentControlSet\Services\PSINReg\ImagePath: “system32\DRIVERS\PSINReg.sys”
HKLM\System\CurrentControlSet\Services\PSKMAD\ImagePath: “System32\DRIVERS\PSKMAD.sys”
HKLM\System\CurrentControlSet\Services\PSUAService\ImagePath: “”%Program Files%\Panda Security\Panda Security Protection\PSUAService.exe””
HKLM\System\CurrentControlSet\Services\PSUAService\DisplayName: “Panda Product Service”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\DisplayName: “Search The Web”

Detected by UnHackMe:

PANDASECURITYTB.EXE
Default location: %PROGRAM FILES%\PANDA SECURITY\PANDA SECURITY PROTECTION\TOOLS\PANDASECURITYTB.EXE

Dropper hash(md5): 2ddcc9d886353f09ab252f2f9da8fc01

Written by NightWatcher

Malware Hunter.
Google+

UnHackMe removes malware invisible for your antivirus!

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.