Suspicious_GEN.F47V1103

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

Suspicious_GEN.F47V1103 also known as W32/Dropper.gen8!Maximus.

Malware Analysis of Suspicious_GEN.F47V1103 – BDKVRECOMM.DLL

Created files:

%Program Files%\Baidu\BaiduSd\2.1.0.3086\BDKVDownloadProtect_x64.dll
%Program Files%\Baidu\BaiduSd\2.1.0.3086\BDKVMainFrame.dll
%Program Files%\Baidu\BaiduSd\2.1.0.3086\BDKVRecomm.dll
%Program Files%\Baidu\BaiduSd\2.1.0.3086\BDKVWsc.exe
%Program Files%\Baidu\BaiduSd\2.1.0.3086\BDLogicUtils.dll

Autostart registry keys:

HKLM\Software\Classes\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\InprocServer32\: “%Program Files%\Baidu\BaiduSd\2.1.0.3086\BDShellExt.dll”
HKLM\Software\Classes\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\InProcServer32\: “%Program Files%\Baidu\BaiduSd\2.1.0.3086\BDShellExt.dll”
HKLM\Software\Classes\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}\InprocServer32\: “%Program Files%\Baidu\BaiduSd\2.1.0.3086\websafe\WebMonBHO.dll”
HKLM\Software\Classes\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32\: “%Program Files Common%\Baidu\BDDownload\108\bdcomproxy.dll”
HKLM\Software\Classes\CLSID\{85E0B1AA-04FA-11D1-B7DA-00A0C90348D6}\InprocServer32\: “%Program Files%\Baidu\BaiduSd\2.1.0.3086\BDKVDeskBand.dll”
HKLM\Software\Classes\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\LocalServer32\: “”%Program Files Common%\Baidu\BDDownload\108\bddownloader.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1FA18F7974E099CDFFF18C3B9B1A1EE8\InstallProperties\UninstallString: “MsiExec.exe /I{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1FA18F7974E099CDFFF18C3B9B1A1EE8\InstallProperties\DisplayName: “Visual C++ 8.0 ATL (x86) WinSXS MSM”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DA42BC89BF25F5BDFFF18C3B9B1A1EE8\InstallProperties\UninstallString: “MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DA42BC89BF25F5BDFFF18C3B9B1A1EE8\InstallProperties\DisplayName: “Visual C++ 8.0 CRT (x86) WinSXS MSM”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\BaiduSdTray: “”%Program Files%\Baidu\BaiduSd\2.1.0.3086\BaiduSdTray.exe” -stmd=3″
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}\UninstallString: “MsiExec.exe /I{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}\DisplayName: “Visual C++ 8.0 ATL (x86) WinSXS MSM”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}\UninstallString: “MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}\DisplayName: “Visual C++ 8.0 CRT (x86) WinSXS MSM”
HKLM\System\CurrentControlSet\Services\BaiduHips\ImagePath: “”%Program Files Common%\Baidu\BaiduHips\1.0.0.667\BaiduHips.exe””
HKLM\System\CurrentControlSet\Services\BaiduHips\DisplayName: “BaiduHips”
HKLM\System\CurrentControlSet\Services\bd0001\ImagePath: “system32\DRIVERS\bd0001.sys”
HKLM\System\CurrentControlSet\Services\bd0001\DisplayName: “bd0001”
HKLM\System\CurrentControlSet\Services\bd0002\ImagePath: “system32\DRIVERS\bd0002.sys”
HKLM\System\CurrentControlSet\Services\bd0002\DisplayName: “bd0002”
HKLM\System\CurrentControlSet\Services\bd0003\ImagePath: “system32\DRIVERS\bd0003.sys”
HKLM\System\CurrentControlSet\Services\bd0003\DisplayName: “bd0003”
HKLM\System\CurrentControlSet\Services\BDArKit\ImagePath: “system32\DRIVERS\BDArKit.sys”
HKLM\System\CurrentControlSet\Services\BDArKit\DisplayName: “BDArKit”
HKLM\System\CurrentControlSet\Services\BDKVRTP\ImagePath: “”%Program Files%\Baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe” -r”
HKLM\System\CurrentControlSet\Services\BDKVRTP\DisplayName: “BDKVRTP Service”
HKLM\System\CurrentControlSet\Services\BDMWrench\DisplayName: “BDMWrench”
HKLM\System\CurrentControlSet\Services\BDMWrench\ImagePath: “system32\DRIVERS\BDMWrench.sys”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\pcket_x86: “%Program Files% (x86)\BaiduEx\uninit.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\pcket_x64: “%Program Files%\BaiduEx\uninit.exe”

Detected by UnHackMe:

BDKVRECOMM.DLL
Default location: %PROGRAM FILES%\BAIDU\BAIDUSD\2.1.0.3086\BDKVRECOMM.DLL

Dropper hash(md5): 564bf6e1e4b3773bb3cfdad1a42d5eed

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

1
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera