Item: Win32/FusionCore.D potentially unwantedMalwarefixit
Rating: 5
Author: Alex

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

Alex NightWatcher: Solved! (5 / 5)

Win32/FusionCore.D potentially unwanted also known as NSIS:Relevant-G [PUP].

Malware Analysis of Win32/FusionCore.D potentially unwanted – FREEWIFIHOTSPOT [1].EXE

Created files:

%Temp%\is-2ILQK.tmp\OCSetupHlp.dll
%Temp%\is-2ILQK.tmp\rkverify.exe
%Personal%\Downloads\FreeWiFiHotspot [1].exe
%Programs%\StormFall\StormFall.lnk
%Startmenu%\Free WiFi Hotspot.lnk

Autostart registry keys:

HKLM\Software\Classes\CLSID\{02849255-07CD-4C09-97D7-017DA2AE45AA}\LocalServer32\: “”%Program Files%\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe””
HKLM\Software\Classes\CLSID\{2509ABBC-871E-42e5-A27B-F7DA394B1897}\LocalServer32\: “”%Program Files%\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe””
HKLM\Software\Classes\CLSID\{4838CD50-7E5D-4811-9B17-C47A85539F28}\InProcServer32\: “%Program Files%\AVG\AVG PC TuneUp\DseShExt-x86.dll”
HKLM\Software\Classes\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}\InProcServer32\: “%Program Files%\AVG\AVG PC TuneUp\SDShelEx-win32.dll”
HKLM\Software\Classes\CLSID\{5EF1CF5D-87A9-434b-8786-2A08E1C30F6C}\LocalServer32\: “”%Program Files%\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe””
HKLM\Software\Classes\CLSID\{FCA02D56-BF9D-4591-AD41-E59AF763C64A}\LocalServer32\: “”%Program Files%\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe””
HKLM\Software\Classes\TuneUp.Boot.Screen\Shell\Open\Command\: “”%Program Files%\AVG\AVG PC TuneUp\Styler.exe” “%1″”
HKLM\Software\Classes\TuneUp.Icon.Package\Shell\Open\Command\: “”%Program Files%\AVG\AVG PC TuneUp\Styler.exe” “%1″”
HKLM\Software\Classes\TuneUp.Logo.Animation\Shell\Open\Command\: “”%Program Files%\AVG\AVG PC TuneUp\Styler.exe” “%1″”
HKLM\Software\Classes\TuneUp.Logon.Screen\Shell\Open\Command\: “”%Program Files%\AVG\AVG PC TuneUp\Styler.exe” “%1″”
HKLM\Software\Classes\TuneUp.Utilities.2013.Unlock.Code\Shell\Open\Command\: “”%Program Files%\AVG\AVG PC TuneUp\tuuix.dll” /regcode “%1″”
HKLM\Software\Classes\TuneUp.Visual.Style\Shell\Open\Command\: “”%Program Files%\AVG\AVG PC TuneUp\Styler.exe” “%1″”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\199CC97592D32304C996988EF12C6601\InstallProperties\UninstallString: “MsiExec.exe /I{579CC991-3D29-4032-9C69-89E81FC26610}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\199CC97592D32304C996988EF12C6601\InstallProperties\DisplayName: “AVG Zen”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2599F36932C707D41B8C25286F823CAD\InstallProperties\DisplayName: “AVG PC TuneUp”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A91FFE89BA03B4E49B340FB6C136BE8F\InstallProperties\UninstallString: “MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A91FFE89BA03B4E49B340FB6C136BE8F\InstallProperties\DisplayName: “Visual Studio 2012 x86 Redistributables”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A9E3DEBA6EF260345BCF42DF3C371AD1\InstallProperties\UninstallString: “MsiExec.exe /I{ABED3E9A-2FE6-4306-B5FC-24FDC373A11D}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A9E3DEBA6EF260345BCF42DF3C371AD1\InstallProperties\DisplayName: “FMW 1”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\AvgUi: “”%Program Files%\AVG\Framework\Common\avguirnx.exe” /lps=fmw”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG PC TuneUp\DisplayName: “AVG PC TuneUp”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG PC TuneUp\UninstallString: “%Program Files%\AVG\AVG PC TuneUp\..\Setup\avgsetupx.exe /mode=offline /uninstall=tu /tu.show_installation_page=1”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AvgZen\DisplayName: “AVG”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AvgZen\UninstallString: “%Program Files%\AVG\Setup\avgsetupx.exe /mode=offline /uninstall=zen”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Free WiFi Hotspot_is1\DisplayName: “Free WiFi Hotspot 4.1.1”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Free WiFi Hotspot_is1\UninstallString: “”%Program Files%\Free WiFi Hotspot\unins000.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{579CC991-3D29-4032-9C69-89E81FC26610}\UninstallString: “MsiExec.exe /I{579CC991-3D29-4032-9C69-89E81FC26610}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{579CC991-3D29-4032-9C69-89E81FC26610}\DisplayName: “AVG Zen”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{963F9952-7C23-4D70-B1C8-5282F628C3DA}\DisplayName: “AVG PC TuneUp”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}\UninstallString: “MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}\DisplayName: “Visual Studio 2012 x86 Redistributables”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ABED3E9A-2FE6-4306-B5FC-24FDC373A11D}\UninstallString: “MsiExec.exe /I{ABED3E9A-2FE6-4306-B5FC-24FDC373A11D}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ABED3E9A-2FE6-4306-B5FC-24FDC373A11D}\DisplayName: “FMW 1”
HKLM\System\CurrentControlSet\Services\avgsvc\ImagePath: “”%Program Files%\AVG\Framework\Common\avgsvcx.exe””
HKLM\System\CurrentControlSet\Services\avgsvc\DisplayName: “AVG Service”
HKLM\System\CurrentControlSet\Services\TuneUp.UtilitiesSvc\ImagePath: “”%Program Files%\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe””
HKLM\System\CurrentControlSet\Services\TuneUp.UtilitiesSvc\DisplayName: “AVG PC TuneUp Service”
HKLM\System\CurrentControlSet\Services\TuneUpUtilitiesDrv\ImagePath: “\??\%Program Files%\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys”
HKLM\System\CurrentControlSet\Services\TuneUpUtilitiesDrv\DisplayName: “TuneUpUtilitiesDrv”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormFall\DisplayName: “StormFall”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormFall\UninstallString: “%Appdata%\StormFall\Uninstaller.exe /Run /ePN:0S2Z1F1C1H0F1T1I1I”

Detected by UnHackMe:

FREEWIFIHOTSPOT [1].EXE
Default location: %PERSONAL%\DOWNLOADS\FREEWIFIHOTSPOT [1].EXE

Dropper hash(md5): 56ace6091c2cd98d4af2052092f031a1

Written by NightWatcher

Malware Hunter.
Google+

UnHackMe removes malware invisible for your antivirus!

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.