Win32/UniBlue.E potentially unwanted

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

Win32/UniBlue.E potentially unwanted also known as Trojan/Win32.Diple, Suspicious_GEN.F47V0519, Adware ( 004c21491 ).

Malware Analysis of Win32/UniBlue.E potentially unwanted – PC-MECHANIC.EXE

Created files:

%Program Files%\Uniblue\PC-Mechanic\Microsoft.VC90.CRT\msvcp90.dll
%Program Files%\Uniblue\PC-Mechanic\Microsoft.VC90.CRT\msvcr90.dll
%Program Files%\Uniblue\PC-Mechanic\pc-mechanic.exe
%Program Files%\Uniblue\PC-Mechanic\resources.dat
%Program Files%\Uniblue\PC-Mechanic\Third-party Terms\cefpython.txt

Autostart registry keys:

HKLM\Software\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32\: “%Program Files%\YTDownloader\AniGIF.ocx”
HKLM\Software\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32\: “%Program Files%\YTDownloader\AniGIF.ocx”
HKLM\Software\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32\: “%Program Files%\YTDownloader\AniGIF.ocx”
HKLM\Software\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32\: “%Common Appdata%\ShopperPro\ShopperPro.dll”
HKLM\Software\Classes\pc-mechanic\shell\open\command\: “”%Program Files%\Uniblue\PC-Mechanic\pc-mechanic.exe” –serial=”%1″”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\YTDownloader: “”%Program Files%\YTDownloader\YTDownloader.exe” /boot”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iWebar\DisplayName: “iWebar”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iWebar\UninstallString: “%Program Files%\iWebar\Uninstall.exe /fcp=1 ”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Object Browser\DisplayName: “Object Browser”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Object Browser\UninstallString: “%Program Files%\Object Browser\Uninstall.exe /fcp=1 ”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro\DisplayName: “Shopper-Pro”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro\UninstallString: “%Program Files%\ShopperPro\SPremove.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader\DisplayName: “YTDownloader”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader\UninstallString: “%Program Files%\YTDownloader\YTDUninstall.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1F88FC5D-4D46-448A-AF59-7061FFC6ABBF}_is1\DisplayName: “PC Mechanic”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1F88FC5D-4D46-448A-AF59-7061FFC6ABBF}_is1\UninstallString: “”%Program Files%\Uniblue\PC-Mechanic\unins000.exe””
HKLM\System\CurrentControlSet\Services\BrsHelper\ImagePath: “C:\PROGRA~1\YTDOWN~1\BROWSE~2.EXE”
HKLM\System\CurrentControlSet\Services\sbmntr\ImagePath: “\??\C:\PROGRA~1\YTDOWN~1\sbmntr.sys”
HKLM\System\CurrentControlSet\Services\sbmntr\DisplayName: “SBMNTR”
HKLM\System\CurrentControlSet\Services\SPBIUpd\ImagePath: “%Program Files Common%\ShopperPro\spbiu.exe /service”
HKLM\System\CurrentControlSet\Services\SPBIUpd\DisplayName: “ShopperPro Update”
HKLM\System\CurrentControlSet\Services\SPBIUpdd\ImagePath: “\??\%Program Files Common%\ShopperPro\spbiw.sys”
HKLM\System\CurrentControlSet\Services\SPBIUpdd\DisplayName: “ShopperPro UpdateD”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\YTDownloader: “”%Program Files%\YTDownloader\YTDownloader.exe” /boot”

Detected by UnHackMe:

PC-MECHANIC.EXE
Default location: %PROGRAM FILES%\UNIBLUE\PC-MECHANIC\PC-MECHANIC.EXE

Dropper hash(md5): 6dd8c09c164d8870c4af737da9d1097f

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

1
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera