Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.
UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
(5 / 5)
Trojan.Buzus!tQxAEIAE2IA also known as Suspicious_Gen2.HEOIN.
Malware Analysis of Trojan.Buzus!tQxAEIAE2IA – WBRPDW.EXE
Created files:
%Temp%\irsetup.exe
%Temp%\~DF5D75.tmp
%Program Files Common%\Temp\wbrpdw.exe
Autostart registry keys:
HKLM\Software\Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\: “C:\Windows\System32\MSINET.OCX”
HKLM\Software\Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32\: “C:\Windows\System32\MSINET.OCX”
HKLM\Software\Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32\: “C:\Windows\System32\MSINET.OCX”
HKLM\Software\Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
HKLM\Software\Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32\: “C:\Windows\System32\comctl32.ocx”
Detected by UnHackMe:
WBRPDW.EXE
Default location: %PROGRAM FILES COMMON%\TEMP\WBRPDW.EXE
Dropper hash(md5): 20b965afcba2e676a52ec77e389cd5e7
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.