PUA.Win32.MyWebSearch.MiIN

malware No Comments

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

PUA.Win32.MyWebSearch.MiIN also known as MyWebSearch.J (v), W32/Mywebsearch.K.gen!Eldorado, PUA.Toolbar.MyWebSearch!.

Malware Analysis of PUA.Win32.MyWebSearch.MiIN – CREXTPDQ.EXE

Created files:

%Program Files%\DownSpeedTest_dq\bar\1.bin\BOOTSTRAP.JS
%Program Files%\DownSpeedTest_dq\bar\1.bin\CREXT.DLL
%Program Files%\DownSpeedTest_dq\bar\1.bin\CrExtPdq.exe
%Program Files%\DownSpeedTest_dq\bar\1.bin\DPNMNGR.DLL
%Program Files%\DownSpeedTest_dq\bar\1.bin\dqbar.dll

Autostart registry keys:

HKLM\Software\Classes\CLSID\{064861e7-8e77-4cb5-8235-a429aeb18b09}\InprocServer32\: “%Program Files%\DownSpeedTest_dq\bar\1.bin\dqmlbtn.dll”
HKLM\Software\Classes\CLSID\{07b2ca6f-4265-445d-9ef8-deab736437c1}\InprocServer32\: “%Program Files%\DownSpeedTest_dq\bar\1.bin\dqskin.dll”
HKLM\Software\Classes\CLSID\{1aab982b-77d7-44f1-b305-8909dac045f2}\InprocServer32\: “%Program Files%\DownSpeedTest_dq\bar\1.bin\dqbar.dll”
HKLM\Software\Classes\CLSID\{269dccde-3fc0-40a6-b68f-9b26994b4174}\InprocServer32\: “%Program Files%\DownSpeedTest_dq\bar\1.bin\dqhttpct.dll”
HKLM\Software\Classes\CLSID\{2cea2c56-5de8-4ff3-9749-37b280602a6a}\InprocServer32\: “%Program Files%\DownSpeedTest_dq\bar\1.bin\dqskin.dll”
HKLM\Software\Classes\CLSID\{3a46d7ac-7995-491d-ab10-c25ce8a3fc38}\InprocServer32\: “%Program Files%\DownSpeedTest_dq\bar\1.bin\dqfeedmg.dll”
HKLM\Software\Classes\CLSID\{481f6b47-2ad8-4c6a-8554-a2897e6cf900}\InprocServer32\: “%Program Files%\DownSpeedTest_dq\bar\1.bin\dqSrcAs.dll”
HKLM\Software\Classes\CLSID\{5818cea7-889d-459a-9a75-889e1298a892}\InprocServer32\: “C:\PROGRA~1\DOWNSP~1\bar\1.bin\dqbar.dll”
HKLM\Software\Classes\CLSID\{74e32eb6-7aa7-4f33-a9b2-dc6a0465c399}\InprocServer32\: “%Program Files%\DownSpeedTest_dq\bar\1.bin\dqdlghk.dll”
HKLM\Software\Classes\CLSID\{81b4e4a2-5055-4ff0-aafb-4da22e82a029}\InprocServer32\: “%Program Files%\DownSpeedTest_dq\bar\1.bin\dqskin.dll”
HKLM\Software\Classes\CLSID\{94f8e2f8-220b-4b53-8b25-65ea52ecef80}\InprocServer32\: “%Program Files%\DownSpeedTest_dq\bar\1.bin\dqdatact.dll”
HKLM\Software\Classes\CLSID\{B193B121-E4C0-41AC-96A3-CEA6C6C06FFA}\InprocServer32\: “%Program Files%\DownSpeedTest_dq\bar\1.bin\dqhtmlmu.dll”
HKLM\Software\Classes\CLSID\{b533ae56-ea28-440f-ae2b-e0b813c3b8a5}\InprocServer32\: “%Program Files%\DownSpeedTest_dq\bar\1.bin\dqbprtct.dll”
HKLM\Software\Classes\CLSID\{bcad9ea7-7173-4c4c-a10b-9e725b429dda}\InprocServer32\: “%Program Files%\DownSpeedTest_dq\bar\1.bin\dqbar.dll”
HKLM\Software\Classes\CLSID\{bf4a6c69-793c-4ec1-8b31-9a0ea69caa6d}\InprocServer32\: “%Program Files%\DownSpeedTest_dq\bar\1.bin\dqscript.dll”
HKLM\Software\Classes\CLSID\{c001e666-78b9-4c4b-9d64-37d3564a2feb}\InprocServer32\: “%Program Files%\DownSpeedTest_dq\bar\1.bin\T8HTML.DLL”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\DownSpeedTest AppIntegrator 32-bit: “C:\PROGRA~1\DOWNSP~1\bar\1.bin\AppIntegrator.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DownSpeedTest_dqbar Uninstall Internet Explorer\DisplayName: “DownSpeedTest Internet Explorer Toolbar”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DownSpeedTest_dqbar Uninstall Internet Explorer\UninstallString: “rundll32 “%Program Files%\DownSpeedTest_dq\bar\1.bin\dqBar.dll”,O mindsparktoolbarkey=”DownSpeedTest_dq” uninstalltype=IE”
HKLM\Software\DownSpeedTest_dq\bar\UninstallString: “”%Program Files%\DownSpeedTest_dq\bar\1.bin\dqhighin.exe” dqbar.dll,O uninstalltype=IE”
HKLM\System\CurrentControlSet\Services\DownSpeedTest_dqService\ImagePath: “C:\PROGRA~1\DOWNSP~1\bar\1.bin\dqbarsvc.exe”
HKLM\System\CurrentControlSet\Services\DownSpeedTest_dqService\DisplayName: “DownSpeedTestService”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ca6a7ab9-f4b5-4d50-b5d2-33e996549ae3}\DisplayName: “Ask Web Search”

Detected by UnHackMe:

CREXTPDQ.EXE
Default location: %PROGRAM FILES%\DOWNSPEEDTEST_DQ\BAR\1.BIN\CREXTPDQ.EXE

Dropper hash(md5): 1b7cec203bde6cd38f1bd7571db82b13

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

4
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

Tatva WordPress theme by IdeaBox

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera