not-a-virus:RiskTool.Win32.SystemCare.z

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

not-a-virus:RiskTool.Win32.SystemCare.z also known as Pakes2_c.CJTN, PUA.Adposhel, Trojan.Razy.DF0F0.

Malware Analysis of not-a-virus:RiskTool.Win32.SystemCare.z – THSETUP.EXE

Created files:

%TEMP%\INSTALL_TMP2\CONVERTER.EXE
%TEMP%\INSTALL_TMP3\S2S_INSTALL.EXE
%TEMP%\INSTALL_TMP4\THSETUP.EXE
%TEMP%\INSTALL_TMP5\K9PCP_41830.EXE
%TEMP%\INSTALL_TMP5\SYSTEMHEALER.EXE

Autostart registry keys:

HKLM\Software\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\3279c5bf552a7b0d6dd7e706e51f71bb\DisplayName: “Social2Search”
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\3279C5BF552A7B0D6DD7E706E51F71BB\UNINSTALLSTRING: “%WINDIR%\20451995DFA37CBEF8C6500A099C09FA.EXE”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\9E2253C2-A799-47B0-9864-90CF612BCC61_K9Tools_K9-~6898A8B4_is1\DisplayName: “K9-PC Protector”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\9E2253C2-A799-47B0-9864-90CF612BCC61_K9Tools_K9-~6898A8B4_is1\UninstallString: “”%Program Files%\K9-PC Protector\unins000.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SystemHealer\DisplayName: “System Healer”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SystemHealer\UninstallString: “%Program Files%\SystemHealer\Uninstaller.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\TechAgent\DisplayName: “TechAgent”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\TechAgent\UninstallString: “%Program Files%\TechAgent\Uninstaller.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5757ec3c-9b4e-4e08-849e-c9fcd17f2d15}\DisplayName: “Web Companion”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5757ec3c-9b4e-4e08-849e-c9fcd17f2d15}\UninstallString: “%Program Files%\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe –uninstall”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B023AAEF-C0D5-4949-95CE-86AF1603AD1F}_is1\DisplayName: “Youtube Video/Music Downloader 8.6”
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B023AAEF-C0D5-4949-95CE-86AF1603AD1F}_IS1\UNINSTALLSTRING: “”%LOCAL APPDATA%\YOUTUBEDOWNLOADERGURU\UNINS000.EXE””
HKLM\System\CurrentControlSet\services\3279c5bf552a7b0d6dd7e706e51f71bb\ImagePath: “”%Program Files%\3279c5bf552a7b0d6dd7e706e51f71bb\87cf1028ea29c6e0d1f4286541ae4c54.exe””
HKLM\System\CurrentControlSet\services\3279c5bf552a7b0d6dd7e706e51f71bb\DisplayName: “3279c5bf552a7b0d6dd7e706e51f71bb”
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\454DF867CD9BFA5D0610D2291D88EA26\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\454DF867CD9BFA5D0610D2291D88EA26.SYS”
HKLM\System\CurrentControlSet\services\454df867cd9bfa5d0610d2291d88ea26\DisplayName: “disqbus”
HKLM\System\CurrentControlSet\services\LavasoftTcpService\ImagePath: “%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”
HKLM\System\CurrentControlSet\services\LavasoftTcpService\DisplayName: “LavasoftTcpService”
HKLM\System\CurrentControlSet\services\WCAssistantService\ImagePath: “%Program Files%\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe”
HKLM\System\CurrentControlSet\services\WCAssistantService\DisplayName: “WC Assistant”
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\INTERSTATNOGUI: “%APPDATA%\INTERSTATNOGUI\INTERSTATNOGUI.EXE”

Detected by UnHackMe:

THSETUP.EXE
DEFAULT LOCATION: %TEMP%\INSTALL_TMP4\THSETUP.EXE

Dropper hash(md5): 11ebc0737371af9e25dcbbf970bafe2b

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

4
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera