Artemis!C9293FE33533

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

Artemis!C9293FE33533 also known as Adware.Softcnapp.1050144.B[h], Adware ( 004dd5ca1 ), Trojan.Win32.Generic!BT.

Malware Analysis of Artemis!C9293FE33533 – SCMUTUAL.EXE

Created files:

%Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe
%Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe
%Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe
%Program Files%\SmartCloudInput\1.0.6.1224\SCPlan.dll
%Program Files%\SmartCloudInput\1.0.6.1224\SCPlugin.dll

Autostart registry keys:

HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “”
HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “”
HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “”
HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE””
HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\”
HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\”
HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\”
HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll”
HKLM\Software\Classes\CLSID\{10AFB451-4816-48A1-8DDD-0F9595EB9F67}\InProcServer32\: “%Program Files%\360\360Safe\Utils\npaxlogin.dll”
HKLM\SOFTWARE\CLASSES\CLSID\{12793398-A212-446F-BA1E-1F1B5ABDB89C}\SHELL\OPEN\COMMAND\: “%SYSTEMROOT%\EXPLORER.EXE %SYSTEMDRIVE%\”
HKLM\Software\Classes\CLSID\{12793398-A212-446F-BA1E-1F1B5ABDB89C}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{26CD0715-0722-479B-A8C7-29A911171774}\InProcServer32\: “%Program Files%\360\360Safe\Utils\shell360ext.dll”
HKLM\Software\Classes\CLSID\{2A650B6F-1548-4294-AB07-F17604108156}\Shell\Open\command\: “%SystemRoot%\explorer.exe O:\”
HKLM\Software\Classes\CLSID\{2A650B6F-1548-4294-AB07-F17604108156}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\Accelerator\IEHelper.dll”
HKLM\Software\Classes\CLSID\{467B32FF-C688-40FF-95FC-C7C61247B0AA}\InprocServer32\: “%Program Files%\360\360Safe\SoftMgr\SMWebProxy.dll”
HKLM\Software\Classes\CLSID\{47F57C45-E7A1-4414-A6F0-A0865F6E4CA6}\Shell\Open\command\: “%SystemRoot%\explorer.exe Q:\”
HKLM\Software\Classes\CLSID\{47F57C45-E7A1-4414-A6F0-A0865F6E4CA6}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{4D88ED58-E7F0-4EF2-AE06-5D5873AD19C6}\Shell\Open\command\: “%SystemRoot%\explorer.exe X:\”
HKLM\Software\Classes\CLSID\{4D88ED58-E7F0-4EF2-AE06-5D5873AD19C6}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{55F9A4E2-52B3-4743-9EA7-2FEE413DABB6}\Shell\Open\command\: “%SystemRoot%\explorer.exe N:\”
HKLM\Software\Classes\CLSID\{55F9A4E2-52B3-4743-9EA7-2FEE413DABB6}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{5E19C0CE-C02C-46c2-98C3-A2E12EDE0E17}\InprocServer32\: “%Program Files%\360\360Safe\SoftMgr\SoftMgrExt.dll”
HKLM\Software\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll”
HKLM\Software\Classes\CLSID\{63A39D0C-0B63-49EE-BB21-D106ED548C51}\Shell\Open\command\: “%SystemRoot%\explorer.exe T:\”
HKLM\Software\Classes\CLSID\{63A39D0C-0B63-49EE-BB21-D106ED548C51}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{6A377734-9D9D-44AE-A69C-06E81F6C8064}\Shell\Open\command\: “%SystemRoot%\explorer.exe W:\”
HKLM\Software\Classes\CLSID\{6A377734-9D9D-44AE-A69C-06E81F6C8064}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{78A1990F-7561-4CB9-A8BF-B6CCF8AAEB97}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{7A148181-CEB9-4F5E-B5F2-CDC5B68BD3A8}\Shell\Open\command\: “%SystemRoot%\explorer.exe A:\”
HKLM\Software\Classes\CLSID\{7A148181-CEB9-4F5E-B5F2-CDC5B68BD3A8}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{7C0F6D57-E799-4C8A-A319-8E2B4D724CF0}\InprocServer32\: “%Program Files%\360\360Safe\Utils\shell360ext.dll”
HKLM\Software\Classes\CLSID\{826D8B56-A99E-4CD2-8F38-CFCE2A7B89C4}\Shell\Open\command\: “%SystemRoot%\explorer.exe B:\”
HKLM\Software\Classes\CLSID\{826D8B56-A99E-4CD2-8F38-CFCE2A7B89C4}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\SOFTWARE\CLASSES\CLSID\{86A06468-8A7C-4EFA-A61C-9C0E911194C9}\SHELL\OPEN\COMMAND\: “%SYSTEMROOT%\EXPLORER.EXE %SYSTEMDRIVE%\”
HKLM\Software\Classes\CLSID\{86A06468-8A7C-4EFA-A61C-9C0E911194C9}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{87515F61-A66C-4319-A0E0-D416CB8059E3}\InprocServer32\: “%Program Files%\360\360Safe\Safelive.dll”
HKLM\Software\Classes\CLSID\{A0AB8231-8E73-410D-8D1C-BE1027EA19A3}\Shell\Open\command\: “%SystemRoot%\explorer.exe H:\”
HKLM\Software\Classes\CLSID\{A0AB8231-8E73-410D-8D1C-BE1027EA19A3}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{A23CB8EB-C9C4-475D-88C0-CC51933F2D9E}\Shell\Open\command\: “%SystemRoot%\explorer.exe Z:\”
HKLM\Software\Classes\CLSID\{A23CB8EB-C9C4-475D-88C0-CC51933F2D9E}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{AF1859F5-DF30-4EEC-9404-E5F32FD260B7}\Shell\Open\command\: “%SystemRoot%\explorer.exe P:\”
HKLM\Software\Classes\CLSID\{AF1859F5-DF30-4EEC-9404-E5F32FD260B7}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}\InprocServer32\: “%Program Files%\360\360Safe\safemon\safemon.dll”
HKLM\Software\Classes\CLSID\{C0B3184D-90C8-4F4D-B19A-42B6C659378B}\Shell\Open\command\: “%SystemRoot%\explorer.exe J:\”
HKLM\Software\Classes\CLSID\{C0B3184D-90C8-4F4D-B19A-42B6C659378B}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\SOFTWARE\CLASSES\CLSID\{C0D5287C-E671-43C4-98B1-3A25ADDF79FA}\INPROCSERVER32\: “%SYSDIR%\SCMENU32.DLL”
HKLM\Software\Classes\CLSID\{C9A94B6A-60FB-4A19-8BA3-4A2068F1026D}\Shell\Open\command\: “%SystemRoot%\explorer.exe G:\”
HKLM\Software\Classes\CLSID\{C9A94B6A-60FB-4A19-8BA3-4A2068F1026D}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{CC00F81D-5262-450A-B1FA-D6BEE3406263}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}\Shell\Open\Command\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QyClient.exe web_startup_tray”
HKLM\Software\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}\InProcServer32\: “shdocvw.dll”
HKLM\Software\Classes\CLSID\{D1B878E7-5528-4BAE-8CA0-41567697EF90}\InprocServer32\: “%Program Files%\360\360Safe\safemon\safemon.dll”
HKLM\Software\Classes\CLSID\{D1FD8167-E560-4B08-9F4E-CA89F979BD84}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{D8A9DF39-075A-4C8C-B48B-8121C37FFDF0}\Shell\Open\command\: “%SystemRoot%\explorer.exe S:\”
HKLM\Software\Classes\CLSID\{D8A9DF39-075A-4C8C-B48B-8121C37FFDF0}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{DEEEC48D-1053-44C5-A26F-8CC6550BD138}\InprocServer32\: “%Program Files%\360\360Safe\Utils\npaxlogin.dll”
HKLM\Software\Classes\CLSID\{E431A037-AE60-4D57-99D7-B402223AE8A0}\Shell\Open\command\: “%SystemRoot%\explorer.exe Y:\”
HKLM\Software\Classes\CLSID\{E431A037-AE60-4D57-99D7-B402223AE8A0}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{E715FE74-087F-4F4C-BB0A-0245C8A897E2}\Shell\Open\command\: “%SystemRoot%\explorer.exe L:\”
HKLM\Software\Classes\CLSID\{E715FE74-087F-4F4C-BB0A-0245C8A897E2}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{EE3F69E2-3085-4C46-B050-A45F008827D6}\Shell\Open\command\: “%SystemRoot%\explorer.exe U:\”
HKLM\Software\Classes\CLSID\{EE3F69E2-3085-4C46-B050-A45F008827D6}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{EEE8C32E-C785-4B1F-A33B-FCD6942418BD}\Shell\Open\command\: “%SystemRoot%\explorer.exe D:\”
HKLM\Software\Classes\CLSID\{EEE8C32E-C785-4B1F-A33B-FCD6942418BD}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{F6BC477E-2646-459A-9D6A-75902C24430D}\Shell\Open\command\: “%SystemRoot%\explorer.exe F:\”
HKLM\Software\Classes\CLSID\{F6BC477E-2646-459A-9D6A-75902C24430D}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{FA1B1706-967F-4834-8405-2343A38E4086}\Shell\Open\command\: “%SystemRoot%\explorer.exe K:\”
HKLM\Software\Classes\CLSID\{FA1B1706-967F-4834-8405-2343A38E4086}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\Accelerator\IEHelper.dll”
HKLM\Software\Classes\CLSID\{FD6A8A28-DB7F-478C-A358-C989EFE02096}\Shell\Open\command\: “%SystemRoot%\explorer.exe E:\”
HKLM\Software\Classes\CLSID\{FD6A8A28-DB7F-478C-A358-C989EFE02096}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\SOFTWARE\CLASSES\360SEURL\SHELL\OPEN\COMMAND\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE” — “%1″”
HKLM\Software\Classes\magnet2\shell\open\command\: “”%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QyClient.exe” -ppstream “%1″”
HKLM\Software\Classes\pps\shell\open\command\: “”%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QyClient.exe” -ppstream “%1″”
HKLM\Software\Classes\ppsrun\shell\open\command\: “”%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QyClient.exe” -ppstream “%1″”
HKLM\Software\Classes\ppstream\shell\open\command\: “”%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QyClient.exe” -ppstream “%1″”
HKLM\Software\Classes\pps_pfv\shell\open\command\: “”%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QyClient.exe” -ppstream “%1″”
HKLM\Software\Classes\pps_qsv\shell\open\command\: “”%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QyClient.exe” -ppstream “%1″”
HKLM\Software\Classes\qips\shell\open\command\: “”%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QyClient.exe” -ppstream “%1″”
HKLM\Software\Classes\qisu\shell\open\command\: “”%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QyClient.exe” -ppstream “%1″”
HKLM\Software\Classes\qygameclient\shell\open\command\: “”%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYAppPlugin\QyGameClient\QyGameClient.exe” -qygameclient “%1″”
HKLM\Software\Classes\SmartCloudPYImeDictFile\shell\open\command\: “”%Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe” -install %1″
HKLM\Software\Classes\SmartCloudPYImeSkinFile\shell\open\command\: “”%Program Files%\SmartCloudInput\1.0.6.1224\SCSkinInst.exe” -install %1″
HKLM\Software\Classes\softmanager360\Shell\Open\Command\: “”%Program Files%\360\360Safe\SoftMgr\SoftManagerProxy.exe” “%1″”
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\360SE6\SHELL\OPEN\COMMAND\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE””
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\360Safetray: “”%Program Files%\360\360Safe\safemon\360Tray.exe” /start”
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\SCMutualRunOne: “%Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe RestartRunOneProgram”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PPStream\DisplayName: “???PPS”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PPStream\UninstallString: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QyUninst.exe”
HKLM\Software\360Safe\360krnlsvc\softmgrs\ImagePath: “%Program Files%\360\360Safe\SoftMgr\360SoftMgrS.dll”
HKLM\Software\360Safe\360krnlsvc\optext\ImagePath: “%Program Files%\360\360Safe\softmgr\360OptExt.dll”
HKLM\Software\360Safe\KeepAlive\360PayInsure\ImagePath: “%Program Files%\360\360Safe\safemon\SomProxy.dll”
HKLM\Software\360Safe\KeepAlive\360GenRoad\ImagePath: “%Program Files%\360\360Safe\Utils\360GenRoadMsg.dll”
HKLM\Software\360Safe\KeepAlive\360Ask\ImagePath: “%Program Files%\360\360Safe\netmon\360AskMsg.dll”
HKLM\Software\360Safe\tpi\RouterSafe\ImagePath: “safemon\RouterSafeTpi.tpi”
HKLM\Software\360Safe\tpi\AndMon\ImagePath: “safemon\AndMon.tpi”
HKLM\Software\360Safe\tpi\360TaskBar\ImagePath: “safemon\360TaskBar.tpi”
HKLM\Software\360Safe\tpi\360softmgrlite\ImagePath: “safemon\SMLStarter.tpi”
HKLM\Software\360Safe\tpi\360SafeCamera\ImagePath: “safemon\360SafeCamera.tpi”
HKLM\Software\360Safe\tpi\360dfsopt\ImagePath: “safemon\360dfsopt.tpi”
HKLM\Software\360Safe\tpi\360bsmon\ImagePath: “safemon\360bsmon.tpi”
HKLM\Software\QiYi\QiSu\DisplayName: “???”
HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0200804\Ime File: “ZNYSRF.IME”
HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0200804\Layout Text: “??(??) – ??????”
HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0200804\Layout File: “kbdus.dll”
HKLM\System\CurrentControlSet\services\360AntiHacker\ImagePath: “System32\Drivers\360AntiHacker.sys”
HKLM\System\CurrentControlSet\services\360AntiHacker\DisplayName: “360Safe Anti Hacker Service”
HKLM\System\CurrentControlSet\services\360AntiHijack\ImagePath: “System32\Drivers\360AntiHijack.sys”
HKLM\System\CurrentControlSet\services\360AntiHijack\DisplayName: “360Safe Anti Hijack Service”
HKLM\System\CurrentControlSet\services\360Box\ImagePath: “system32\DRIVERS\360Box.sys”
HKLM\System\CurrentControlSet\services\360Box\DisplayName: “360Box mini-filter driver”
HKLM\System\CurrentControlSet\services\360Camera\ImagePath: “System32\Drivers\360Camera.sys”
HKLM\System\CurrentControlSet\services\360Camera\DisplayName: “360Safe Camera Filter Service”
HKLM\System\CurrentControlSet\services\360netmon\ImagePath: “system32\DRIVERS\360netmon.sys”
HKLM\System\CurrentControlSet\services\360netmon\DisplayName: “360netmon”
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\360RESKIT\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\360RESKIT.SYS”
HKLM\System\CurrentControlSet\services\360reskit\DisplayName: “360reskit driver”
HKLM\System\CurrentControlSet\services\360SelfProtection\ImagePath: “system32\drivers\360SelfProtection.sys”
HKLM\System\CurrentControlSet\services\360SelfProtection\DisplayName: “360SelfProtection”
HKLM\System\CurrentControlSet\services\BAPIDRV\ImagePath: “system32\DRIVERS\BAPIDRV.sys”
HKLM\System\CurrentControlSet\services\BAPIDRV\DisplayName: “BAPIDRV”
HKLM\System\CurrentControlSet\services\EfiMon\ImagePath: “System32\Drivers\Efimon.sys”
HKLM\System\CurrentControlSet\services\EfiMon\DisplayName: “EfiSystemMon”
HKLM\System\CurrentControlSet\services\HookPort\ImagePath: “System32\Drivers\Hookport.sys”
HKLM\System\CurrentControlSet\services\HookPort\DisplayName: “HookPort”
HKLM\System\CurrentControlSet\services\QiyiService\ImagePath: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QiyiService.exe”
HKLM\System\CurrentControlSet\services\QiyiService\DisplayName: “IQIYI Video Platform Service”
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\QUTMDSERV\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\QUTMDRV.SYS”
HKLM\System\CurrentControlSet\services\qutmdserv\DisplayName: “Quantum DeepScanner Servers”
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\QUTMIPC\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\QUTMIPC.SYS”
HKLM\System\CurrentControlSet\services\qutmipc\DisplayName: “qutmipc”
HKLM\System\CurrentControlSet\services\ZhuDongFangYu\DisplayName: “????”
HKLM\System\CurrentControlSet\services\ZhuDongFangYu\ImagePath: “”%Program Files%\360\360Safe\deepscan\zhudongfangyu.exe””
HKLM\System\CurrentControlSet\services\znyshuruV1\ImagePath: “%Program Files%\SmartCloudInput\1.0.6.1224\SCService.exe StartService”
HKLM\System\CurrentControlSet\services\znyshuruV1\DisplayName: “znyshuru”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\HCDNClient: “”%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QyKernel.exe” -shell_start”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\YouXunBox\DisplayName: “?????”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\YouXunBox\UninstallString: “%Program Files%\YouXunBox\uninst.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\360se6\DisplayName: “360?????”
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\360SE6\UNINSTALLSTRING: “”%APPDATA%\360SE6\APPLICATION\8.1.1.158\INSTALLER\SETUP.EXE” –UNINSTALL”
HKCU\SOFTWARE\360\360SE6\UPDATE\CLIENTSTATE\{02E720BD-2B50-4404-947C-65DBE64F6970}\UNINSTALLSTRING: “%APPDATA%\360SE6\APPLICATION\8.1.1.158\INSTALLER\SETUP.EXE”

Detected by UnHackMe:

SCMUTUAL.EXE
Default location: %PROGRAM FILES%\SMARTCLOUDINPUT\1.0.6.1224\SCMUTUAL.EXE

Dropper hash(md5): 126c09e756318937d71cc6acf3d3abd1

Share This:

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

1
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera