Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.
UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
(5 / 5)
a variant of Win64/SBWatchman.B potentially unwanted also known as Adware ( 004c58f51 ), Artemis.
Malware Analysis of a variant of Win64/SBWatchman.B potentially unwanted – SBW.EXE
Created files:
%Temp%\Stub\-1876952142\dm_dap10.log
%Temp%\Stub\-1876952142\magnet.xml
%Temp%\Stub\-1876952142\sbw.exe
%Temp%\Stub\nsr2.tmp
%Temp%\vcredist_x86.exe
Autostart registry keys:
HKLM\Software\Classes\CLSID\{2789EE13-0D17-5199-7B7F-7111F27E40E0}\InprocServer32\: “%SysDir%\MFC42u.DLL”
HKLM\Software\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\InprocServer32\: “%Program Files%\DAP\dapie.dll”
HKLM\Software\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32\: “%SysDir%\AniGIF.ocx”
HKLM\Software\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32\: “%SysDir%\AniGIF.ocx”
HKLM\Software\Classes\CLSID\{79D343F3-E4CE-40DF-8FD8-7D9349A1FAB1}\InprocServer32\: “%Program Files%\DAP\dexthlp.dll”
HKLM\Software\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\InprocServer32\: “%Program Files%\DAP\dapie.dll”
HKLM\Software\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32\: “%SysDir%\AniGIF.ocx”
HKLM\Software\Classes\CLSID\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}\InprocServer32\: “%Program Files%\DAP\LinkVerifier.dll”
HKLM\Software\Classes\daffile\shell\open\command\: “%Program Files%\DAP\DAP.EXE DAF:”%l””
HKLM\Software\Classes\dalfile\shell\open\command\: “%Program Files%\DAP\DAP.EXE DAL:”%l””
HKLM\Software\Classes\dasfile\shell\open\command\: “%Program Files%\DAP\DAP.EXE DAS:”%l””
HKLM\Software\Classes\dzsfile\shell\open\command\: “%Program Files%\DAP\DAP.EXE DZS:”%l””
HKLM\Software\Classes\vslfile\shell\open\command\: “%Program Files%\DAP\DAP.EXE VSL:”%l””
HKLM\Software\Google\Chrome\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\Path: “%Program Files%\DAP\DAPChrome\DAPChrome6.crx”
HKLM\Software\Google\Chrome\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\Version: “2.1.0.1”
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\DisplayName: “Speedbit Search”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6F9E66FF7E38E3A3FA41D89E8A906A4A\InstallProperties\UninstallString: “MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6F9E66FF7E38E3A3FA41D89E8A906A4A\InstallProperties\DisplayName: “Microsoft Visual C++ 2008 Redistributable – x86 9.0.21022”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Download Accelerator Plus (DAP)\DisplayName: “Download Accelerator Plus (DAP)”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Download Accelerator Plus (DAP)\UninstallString: “C:\PROGRA~1\DAP\DAPREMOVE.EXE”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}\UninstallString: “MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}\DisplayName: “Microsoft Visual C++ 2008 Redistributable – x86 9.0.21022”
HKLM\System\CurrentControlSet\Services\SBUpd\ImagePath: “%Program Files Common%\SpeedBit\SBUpdate\sbu.exe /service”
HKLM\System\CurrentControlSet\Services\SBUpd\DisplayName: “SpeedBit Update”
HKLM\System\CurrentControlSet\Services\SBUpdd\ImagePath: “\??\%Program Files Common%\SpeedBit\SBUpdate\sbw.sys”
HKLM\System\CurrentControlSet\Services\SBUpdd\DisplayName: “SpeedBit UpdateD”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\DisplayName: “Speedbit Search”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\DownloadAccelerator: “”%Program Files%\DAP\DAP.EXE” /STARTUP”
HKCU\Software\SpeedBit\SBUpdate\Install\dap\DisplayName: “Speedbit Search”
Detected by UnHackMe:
SBW.EXE
Default location: %TEMP%\STUB\-1876952142\SBW.EXE
Dropper hash(md5): 0bea8ec9aada898dca33d78d77586c1a
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.