HEUR/QVM30.1.0000.Malware.Gen

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

HEUR/QVM30.1.0000.Malware.Gen also known as Gen:Variant.Razy.9248, a variant of Win32/Adware.Weiduan.G.

Malware Analysis of HEUR/QVM30.1.0000.Malware.Gen – TUBA.DLL

Created files:

%Temp%\~xc2.tmp.0\res\zx-loading.gif
%Temp%\~xc2.tmp.0\tu8.exe
%Temp%\~xc2.tmp.0\tuba.dll
%Temp%\~xc2.tmp.0\tuPlugin.exe
%Temp%\~xc2.tmp.0\Uninstall.exe

Autostart registry keys:

HKLM\Software\Classes\CLSID\{7156E89C-1665-4067-9A11-B504DAAA282F}\InprocServer32\: “%Common Appdata%\SBJJO\ZxShellExt.dll”
HKLM\Software\Classes\CLSID\{8394048D-E37A-43AD-9783-61D92FC357C9}\InProcServer32\: “%Common Appdata%\SBJJO\npZxSSO.dll”
HKLM\Software\Classes\CLSID\{ED4DD5B5-7ED1-4D09-8F1A-C2FCAD54BD28}\InProcServer32\: “%Common Appdata%\SBJJO\ZxShellExt.dll”
HKLM\Software\Classes\CLSID\{F0622A6B-7BBA-4D93-99F4-7EED5D63AB1D}\InprocServer32\: “%Common Appdata%\SBJJO\npZxSSO.dll”
HKLM\Software\Classes\2.0.0.0.t8ver\shell\open\command\: “”%Common Appdata%\SBJJO\sbjjo.exe” “%1 %2″”
HKLM\Software\Classes\tu8\shell\open\command\: “”%Common Appdata%\SBJJO\sbjjo.exe” “%1″”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Zgvk: “”%Common Appdata%\SBJJO\sbjjo.exe” /start”

Detected by UnHackMe:

TUBA.DLL
Default location: %TEMP%\~XC2.TMP.0\TUBA.DLL

Dropper hash(md5): cf9986e240285f0bef14e0e85703fd66

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

1
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera