Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.
UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
(5 / 5)
TScope.Malware-Cryptor.SB also known as TROJ_GEN.R0CBC0UGK14, Trj/CI.A, HW32.CDB.4d6c.
Malware Analysis of TScope.Malware-Cryptor.SB – DMR.EXE
Created files:
%Program Files%\capicom.dll
%Program Files%\dmr.exe
%Program Files%\Sdmr.exe
%SysDir%\capicom.dll
Autostart registry keys:
HKLM\Software\Classes\CLSID\{03ACC284-B757-4B8F-9951-86E600D2CD06}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{22A85CE1-F011-4231-B9E4-7E7A0438F71B}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{3605B612-C3CF-4ab4-A426-2D853391DB2E}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{54BA1E8F-818D-407F-949D-BAE1692C5C18}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{550C8FFB-4DC0-4756-828C-862E6D0AE74F}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{60A9863A-11FD-4080-850E-A8E184FC3A3C}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{65104D73-BA60-4160-A95A-4B4782E7AA62}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{78E61E52-0E57-4456-A2F2-517492BCBF8F}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{8C3E4934-9FA4-4693-9253-A29A05F99186}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{91D221C4-0CD4-461C-A728-01D509321556}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{94AFFFCC-6C05-4814-B123-A941105AA77F}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{9E7EA907-5810-4FCA-B817-CD0BBA8496FC}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{A440BD76-CFE1-4D46-AB1F-15F238437A3D}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{A996E48C-D3DC-4244-89F7-AFA33EC60679}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{CE32ABF6-475D-41F6-BF82-D27F03E3D38B}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{E38FD381-6404-4041-B5E9-B2739258941F}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{F3A12E08-EDE9-4160-8B51-334D982A9AD0}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\Software\Classes\CLSID\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}\InprocServer32\: “%SysDir%\capicom.dll”
HKLM\System\CurrentControlSet\Services\MyServiceDemos\ImagePath: “c:\program files\Sdmr.exe”
HKLM\System\CurrentControlSet\Services\MyServiceDemos\DisplayName: “My Service Demos”
Detected by UnHackMe:
DMR.EXE
Default location: %PROGRAM FILES%\DMR.EXE
Dropper hash(md5): f0622fe34ffd53e5ad33c1a9d1d5b4b4
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.