Win32/DH{JVdO}

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

Win32/DH{JVdO} also known as Artemis!D78052F9853C, Trojan.Win32.Generic!BT, suspected of Trojan.Downloader.gen.h.

Malware Analysis of Win32/DH{JVdO}

Created files:

%Desktop%\hottv.lnk
%Local Appdata%\Adobe\AIR\logs\Install.log
%Temp%\hottv_inst.exe
%Common Appdata%\Adobe\AIR\eulaAccepted
%Common Startmenu%\hottv.lnk

Autostart registry keys:

HKLM\Software\Classes\AIR.InstallerPackage\shell\open\command\: “c:\PROGRA~1\COMMON~1\ADOBEA~1\Versions\1.0\ADOBEA~1.EXE “%1″”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\216301FFEB0372A4CB438E86C385A188\InstallProperties\UninstallString: “MsiExec.exe /I{FF103612-30BE-4A27-BC34-E8683C581A88}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\216301FFEB0372A4CB438E86C385A188\InstallProperties\DisplayName: “?????”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AE5293A0E0B5B1041A9847914179742B\InstallProperties\UninstallString: “MsiExec.exe /I{0A3925EA-5B0E-401B-A189-7419149747B2}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AE5293A0E0B5B1041A9847914179742B\InstallProperties\DisplayName: “Adobe AIR”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName: “Adobe AIR”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\UninstallString: “c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\tvHotTv\DisplayName: “?????”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\tvHotTv\UninstallString: “msiexec /qb /x {FF103612-30BE-4A27-BC34-E8683C581A88}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0A3925EA-5B0E-401B-A189-7419149747B2}\UninstallString: “MsiExec.exe /I{0A3925EA-5B0E-401B-A189-7419149747B2}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0A3925EA-5B0E-401B-A189-7419149747B2}\DisplayName: “Adobe AIR”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF103612-30BE-4A27-BC34-E8683C581A88}\UninstallString: “MsiExec.exe /I{FF103612-30BE-4A27-BC34-E8683C581A88}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF103612-30BE-4A27-BC34-E8683C581A88}\DisplayName: “?????”

Detected by UnHackMe:

HOTTV_INST.EXE
Default location: %TEMP%\HOTTV_INST.EXE

Dropper hash(md5): 2f01253a1e8de8d70727977ea34bf161

Share This:

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

4
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera