not-a-virus:RiskTool.Catalina

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

not-a-virus:RiskTool.Catalina also known as not-a-virus:RiskTool.Win32.Catalina.ajx, Application.InstallShare (A), Adware.Downware.17750.

Malware Analysis of not-a-virus:RiskTool.Catalina – CATALINACRASHHANDLER.EXE

Created files:

%LOCAL APPDATA%\CATALINAGROUP\CITRIO\USER DATA\SAFE BROWSING COOKIES
%LOCAL APPDATA%\CATALINAGROUP\CITRIO\USER DATA\SAFE BROWSING COOKIES-JOURNAL
%LOCAL APPDATA%\CATALINAGROUP\UPDATE\1.3.25.225\CATALINACRASHHANDLER.EXE
%LOCAL APPDATA%\CATALINAGROUP\UPDATE\1.3.25.225\CATALINAUPDATE.EXE
%LOCAL APPDATA%\CATALINAGROUP\UPDATE\1.3.25.225\CATALINAUPDATEBROKER.EXE

Autostart registry keys:

HKLM\SOFTWARE\CLASSES\CITRIODOC.5H2QR4GU3NYWVL3TJ6VO2JWGTI\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\CATALINAGROUP\CITRIO\APPLICATION\CITRIO.EXE” — “%1″”
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CITRIO.5H2QR4GU3NYWVL3TJ6VO2JWGTI\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\CATALINAGROUP\CITRIO\APPLICATION\CITRIO.EXE””
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CATALINAGROUP UPDATE: “”%LOCAL APPDATA%\CATALINAGROUP\UPDATE\CATALINAUPDATE.EXE” /C”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio\DisplayName: “Citrio”
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CITRIO\UNINSTALLSTRING: “”%LOCAL APPDATA%\CATALINAGROUP\CITRIO\APPLICATION\50.0.2661.274\INSTALLER\SETUP.EXE” –UNINSTALL”
HKCU\SOFTWARE\CATALINAGROUP\UPDATE\CLIENTSTATE\{92F8A219-E740-49D5-B785-B962AD819724}\UNINSTALLSTRING: “%LOCAL APPDATA%\CATALINAGROUP\CITRIO\APPLICATION\50.0.2661.274\INSTALLER\SETUP.EXE”

Detected by UnHackMe:

CATALINACRASHHANDLER.EXE
DEFAULT LOCATION: %LOCAL APPDATA%\CATALINAGROUP\UPDATE\1.3.25.225\CATALINACRASHHANDLER.EXE

Dropper hash(md5): 3d7f71cb62e667f74b0a8b5d9e23dc05

Share This:

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

1
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera