Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.
UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
(5 / 5)
Artemis!A76F1AA166EC also known as Riskware ( 0040eff71 ), Trojan/Win32.TSGeneric, W32.Clod9b3.Trojan.8c47.
Malware Analysis of Artemis!A76F1AA166EC – UUC0789.EXE
Created files:
%Program Files%\UCBrowser\Application\Uninstall.exe
%Program Files%\UCBrowser\Application\update_task.exe
%Program Files%\UCBrowser\Application\UUC0789.exe
%Program Files%\UCBrowser\Application\VERSION
%Program Files%\UCBrowser\Application\wow_helper.exe
Autostart registry keys:
HKLM\Software\Classes\UCHTML\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.CRX\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.HTM\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.HTML\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.MHT\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.SHTM\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.SHTML\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.WEBP\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.XHT\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.XHTML\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Clients\StartMenuInternet\UCBrowser\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe””
HKLM\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\: “UC???”
HKLM\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\StubPath: “”%Program Files%\UCBrowser\Application\5.6.14087.7\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level”
HKLM\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Localized Name: “UC???”
HKLM\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\IsInstalled: 0x00000001
HKLM\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Version: “43,0,0,0”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\apphide: “%Program Files%\badu\uc.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser\DisplayName: “UC???”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser\UninstallString: “”%Program Files%\UCBrowser\Application\Uninstall.exe” –uninstall –system-level”
HKLM\Software\UCBrowser\UninstallString: “%Program Files%\UCBrowser\Application\Uninstall.exe”
Detected by UnHackMe:
UUC0789.EXE
Default location: %PROGRAM FILES%\UCBROWSER\APPLICATION\UUC0789.EXE
Dropper hash(md5): 17d04ab16c0ecb16a54bafa58bb91077
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.