Malware/Win32.Trojan Horse.N366255

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

Malware/Win32.Trojan Horse.N366255 also known as Trojan.Win32.Agent.gen, BehavesLike.Win32.Injector.ch, TR/Agent.131072.19.

Malware Analysis of Malware/Win32.Trojan Horse.N366255 – IEXTDRVTOOLS.EXE

Created files:

%Program Files%\Ultima\ArtecMedia\FileWriter.ax
%Program Files%\Ultima\ArtecMedia\gdiplus.dll
%Program Files%\Ultima\ArtecMedia\iExtDrvTools.exe
%Program Files%\Ultima\ArtecMedia\ImageProc.dll
%Program Files%\Ultima\ArtecMedia\IrModule.dll

Autostart registry keys:

HKLM\Software\Classes\CLSID\{0CA1283F-F104-4676-B416-D171721E8F30}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\SimpleDemux.ax”
HKLM\Software\Classes\CLSID\{1712505E-F1BB-4AB8-BC47-AAB6EA3838BE}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\PsiAnalyzer.ax”
HKLM\Software\Classes\CLSID\{20E5BB0E-1F0E-40AD-9C16-0B438EB270A4}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\TimeShift.ax”
HKLM\Software\Classes\CLSID\{33C31369-491C-4BAA-900B-3186A156F6F4}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\PsiAnalyzer.ax”
HKLM\SOFTWARE\CLASSES\CLSID\{3B58A3DF-9055-49A7-9ED0-455BA7E46525}\INPROCSERVER32\: “%SYSTEMDRIVE%\PROGRA~1\ULTIMA\ARTECM~1\ARTECA~1.OCX”
HKLM\Software\Classes\CLSID\{4C3B7798-3F10-489D-BBD7-55783EC19887}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\mlcom.ax”
HKLM\SOFTWARE\CLASSES\CLSID\{4E528815-6F66-4851-AC18-FDE6DDC10E9C}\INPROCSERVER32\: “%SYSTEMDRIVE%\PROGRA~1\ULTIMA\ARTECM~1\SCANPR~1.OCX”
HKLM\Software\Classes\CLSID\{4E8B54EC-1E2E-4D90-B420-3EB62137F96E}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\TimeShift.ax”
HKLM\Software\Classes\CLSID\{5EE6ABB7-3326-41BA-A284-150C0B1AE10B}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\SimpleDemux.ax”
HKLM\SOFTWARE\CLASSES\CLSID\{60D3955D-7DE9-4E8A-80BF-468797C16F80}\INPROCSERVER32\: “%SYSTEMDRIVE%\PROGRA~1\ULTIMA\ARTECM~1\ATSCVI~1.OCX”
HKLM\SOFTWARE\CLASSES\CLSID\{619476E5-ABE3-41E9-ABBE-242D7033CED9}\INPROCSERVER32\: “%SYSTEMDRIVE%\PROGRA~1\ULTIMA\ARTECM~1\ATSCVI~1.OCX”
HKLM\SOFTWARE\CLASSES\CLSID\{693CE19C-CB08-4575-AAE9-24A3FF2583E7}\INPROCSERVER32\: “%SYSTEMDRIVE%\PROGRA~1\ULTIMA\ARTECM~1\SCANPR~1.OCX”
HKLM\Software\Classes\CLSID\{6AEA6041-E8B0-459C-853F-47B1FBC7FBF2}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\NullFilter.ax”
HKLM\Software\Classes\CLSID\{6B4272E8-51E4-499A-8F62-BC1E6836DEE5}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\TSFileSource.ax”
HKLM\Software\Classes\CLSID\{83E98B11-105A-439C-81F5-EF9C3E9F1A04}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\SnapshotFilter.ax”
HKLM\Software\Classes\CLSID\{A6C7219B-8E21-4A6B-A5ED-A1EE48562030}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\FileWriter.ax”
HKLM\SOFTWARE\CLASSES\CLSID\{AFB0A73F-C726-43BF-96A1-88BC27E0B285}\INPROCSERVER32\: “%SYSTEMDRIVE%\PROGRA~1\ULTIMA\ARTECM~1\ARTECA~1.OCX”
HKLM\Software\Classes\CLSID\{B51800F8-2199-4587-8C9E-A2D40917E59A}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\SnapshotFilter.ax”
HKLM\Software\Classes\CLSID\{BEAC1EC7-56C8-4711-805D-562F93D2D5B9}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\StreamMonitor.ax”
HKLM\Software\Classes\CLSID\{CAAD6EBB-7E67-4EA9-B96E-A249A0A1710B}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\FileWriter.ax”
HKLM\Software\Classes\CLSID\{CB9C435E-831B-47F3-9CB8-4A657630AE0E}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\CCDecoder.ax”
HKLM\Software\Classes\CLSID\{cd077e14-4b1c-4b0e-8e6f-271ad5dac51d}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\VideoDec.ax”
HKLM\Software\Classes\CLSID\{CFB8BF3B-3C96-4230-BB96-19741411061B}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\CCDecoder.ax”
HKLM\Software\Classes\CLSID\{DFF37066-0E9E-4DA0-82E0-5A2DBC72685D}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\StreamMonitor.ax”
HKLM\Software\Classes\CLSID\{E32C3B01-C81B-4D01-8AD4-2B93F7FA544C}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\mlcom.ax”
HKLM\Software\Classes\CLSID\{E32C3B01-C81B-4D01-8AD4-2B93F7FA544E}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\mlcom.ax”
HKLM\Software\Classes\CLSID\{EAA44EDC-8F35-467E-908A-F2B81EEC7D69}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\TSFileSource.ax”
HKLM\Software\Classes\CLSID\{F1F137C5-1422-4D22-AE73-CB3166CC654D}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\AudioDec.ax”
HKLM\Software\Classes\CLSID\{F4651C48-3126-430B-A4D2-6BD8A78BC392}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\PsiAnalyzer.ax”
HKLM\Software\Classes\CLSID\{F50B3F13-19C4-11CF-AA9A-02608C9BABA2}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\mpgdec.ax”
HKLM\Software\Classes\CLSID\{F50B3F14-19C4-11CF-AA9A-02608C9BABA2}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\mpgdec.ax”
HKLM\Software\Classes\CLSID\{F50B3F15-19C4-11CF-AA9A-02608C9BABA2}\InprocServer32\: “%Program Files%\Ultima\ArtecMedia\mpgdec.ax”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E2C468ACD1D7844289AB689F8034AB2\InstallProperties\UninstallString: “MsiExec.exe /I{A864C2E4-D1DC-4487-82A9-6B988F30A42B}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E2C468ACD1D7844289AB689F8034AB2\InstallProperties\DisplayName: “ArtecMedia ATSC Digital TV Player 2.0.2.0”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A864C2E4-D1DC-4487-82A9-6B988F30A42B}\UninstallString: “MsiExec.exe /I{A864C2E4-D1DC-4487-82A9-6B988F30A42B}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A864C2E4-D1DC-4487-82A9-6B988F30A42B}\DisplayName: “ArtecMedia ATSC Digital TV Player 2.0.2.0”
HKLM\System\CurrentControlSet\services\Ultima T14 Driver Monitor\ImagePath: “”%Program Files%\Ultima\ArtecMedia\iExtDrvTools.exe””
HKLM\System\CurrentControlSet\services\Ultima T14 Driver Monitor\DisplayName: “Ultima T14 Driver Monitor”

Detected by UnHackMe:

IEXTDRVTOOLS.EXE
Default location: %PROGRAM FILES%\ULTIMA\ARTECMEDIA\IEXTDRVTOOLS.EXE

Dropper hash(md5): 172c44ff17b709a9456a3e21fff29497

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

1
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera