Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.
UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
(5 / 5)
Win32.Application.Agent.U003UE also known as W32/Mywebsearch.K.gen!Eldorado, Win32:Mindspark-A [PUP], PE:Malware.RDM.36!5.2A[F1].
Malware Analysis of Win32.Application.Agent.U003UE – DUHTTPCT.DLL
Created files:
%Program Files%\FunPopularGames_du\bar\1.bin\duhighin.exe
%Program Files%\FunPopularGames_du\bar\1.bin\duhtmlmu.dll
%Program Files%\FunPopularGames_du\bar\1.bin\duhttpct.dll
%Program Files%\FunPopularGames_du\bar\1.bin\duidle.dll
%Program Files%\FunPopularGames_du\bar\1.bin\dumedint.exe
Autostart registry keys:
HKLM\Software\Classes\CLSID\{46092b01-c376-469e-9138-8caeb3faced7}\InprocServer32\: “%Program Files%\FunPopularGames_du\bar\1.bin\dubprtct.dll”
HKLM\Software\Classes\CLSID\{49c42fd3-82ed-41b7-81f7-eb6b165f7d4f}\InprocServer32\: “%Program Files%\FunPopularGames_du\bar\1.bin\dudlghk.dll”
HKLM\Software\Classes\CLSID\{549e70c2-c292-43a2-856c-aaaefb326185}\InprocServer32\: “%Program Files%\FunPopularGames_du\bar\1.bin\dubar.dll”
HKLM\Software\Classes\CLSID\{6093dca9-1256-4dcd-9eb2-e1a741020c49}\InprocServer32\: “C:\PROGRA~1\FUNPOP~1\bar\1.bin\dubar.dll”
HKLM\Software\Classes\CLSID\{66b4c998-d833-48a0-b04c-dcf6da5f5eaf}\InprocServer32\: “%Program Files%\FunPopularGames_du\bar\1.bin\T8HTML.DLL”
HKLM\Software\Classes\CLSID\{6fa7cda1-3741-43fe-b607-55f195044ed3}\InprocServer32\: “%Program Files%\FunPopularGames_du\bar\1.bin\duhttpct.dll”
HKLM\Software\Classes\CLSID\{73326584-FF5B-4CB0-B9A1-1E1C34AE8A5A}\InprocServer32\: “%Program Files%\FunPopularGames_du\bar\1.bin\duhtmlmu.dll”
HKLM\Software\Classes\CLSID\{82f5f88a-6d01-442e-8247-98d3566fd216}\InprocServer32\: “%Program Files%\FunPopularGames_du\bar\1.bin\dubar.dll”
HKLM\Software\Classes\CLSID\{af5c71b7-c7e6-4d23-95ed-9663ecd572cd}\InprocServer32\: “%Program Files%\FunPopularGames_du\bar\1.bin\duskin.dll”
HKLM\Software\Classes\CLSID\{d48edbca-54e0-49bc-aa2a-dbf3872c50e1}\InprocServer32\: “%Program Files%\FunPopularGames_du\bar\1.bin\duskin.dll”
HKLM\Software\Classes\CLSID\{df087579-928a-475c-9dd1-59a245ef3a7a}\InprocServer32\: “%Program Files%\FunPopularGames_du\bar\1.bin\duskin.dll”
HKLM\Software\Classes\CLSID\{ec8ba98b-dc99-490c-8722-9cec954a4646}\InprocServer32\: “%Program Files%\FunPopularGames_du\bar\1.bin\duSrcAs.dll”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FunPopularGames_dubar Uninstall Internet Explorer\DisplayName: “Fun Popular Games Internet Explorer Toolbar”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FunPopularGames_dubar Uninstall Internet Explorer\UninstallString: “rundll32 “%Program Files%\FunPopularGames_du\bar\1.bin\duBar.dll”,O mindsparktoolbarkey=”FunPopularGames_du” uninstalltype=IE”
HKLM\Software\FunPopularGames_du\bar\UninstallString: “”%Program Files%\FunPopularGames_du\bar\1.bin\duhighin.exe” dubar.dll,O uninstalltype=IE”
HKLM\System\CurrentControlSet\Services\FunPopularGames_duService\ImagePath: “C:\PROGRA~1\FUNPOP~1\bar\1.bin\dubarsvc.exe”
HKLM\System\CurrentControlSet\Services\FunPopularGames_duService\DisplayName: “Fun Popular GamesService”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2e9b071c-876f-46f2-b76c-dee6e42bbf42}\DisplayName: “Ask Web Search”
Detected by UnHackMe:
DUHTTPCT.DLL
Default location: %PROGRAM FILES%\FUNPOPULARGAMES_DU\BAR\1.BIN\DUHTTPCT.DLL
Dropper hash(md5): fdcd5931c4c490e3ca171d5d305e3886
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.