virus.win32.ramnit.i

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

virus.win32.ramnit.i also known as PUP-FJE, Application.AdPack (A), Malware.Generic!xYfFQCDajYN@5 (thunder).

Malware Analysis of virus.win32.ramnit.i – ZDENGINE.DLL

Created files:

%Program Files%\OtherSearch\uninstall.exe
%Program Files%\OtherSearch\updengine.exe
%Program Files%\OtherSearch\zdengine.dll
%Program Files%\OtherSearch\zdengine.exe
%Program Files%\OtherSearch\zdengine.tlb

Autostart registry keys:

HKLM\Software\Classes\CLSID\{176F706B-5175-479C-A3DF-32420F6FB01A}\LocalServer32\: “”%Program Files%\OtherSearch\zdengine.exe””
HKLM\Software\Classes\CLSID\{38BE2BE8-EB8E-41D1-9D94-3B1697094D47}\LocalServer32\: “”%Program Files%\OtherSearch\zdengine.exe””
HKLM\Software\Classes\CLSID\{53C267B2-B01D-410F-A4DD-A32962EE55F4}\LocalServer32\: “”%Program Files%\OtherSearch\zdengine.exe””
HKLM\Software\Classes\CLSID\{8804A543-42D3-4D71-9685-B0243D5526F3}\LocalServer32\: “”%Program Files%\OtherSearch\zdengine.exe””
HKLM\Software\Classes\CLSID\{A0F322D5-6A13-4CAB-84CF-FABB5690618E}\LocalServer32\: “”%Program Files%\OtherSearch\zdengine.exe””
HKLM\Software\Classes\CLSID\{AC3E336C-B524-47F0-9AA2-5F67AA056086}\LocalServer32\: “”%Program Files%\OtherSearch\zdengine.exe””
HKLM\Software\Classes\CLSID\{C68E9BB6-3DBD-4C4B-910B-C5D84A7EBB03}\LocalServer32\: “”%Program Files%\OtherSearch\zdengine.exe””
HKLM\Software\Classes\CLSID\{F577A1BA-D82D-4BB2-8430-B767285D081D}\LocalServer32\: “”%Program Files%\OtherSearch\zdengine.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OtherSearch\DisplayName: “OtherSearch”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OtherSearch\UninstallString: “%Program Files%\OtherSearch\uninstall.exe”
HKLM\System\CurrentControlSet\services\zdengine\ImagePath: “%Program Files%\OtherSearch\zdengine.exe”
HKLM\System\CurrentControlSet\services\zdengine\DisplayName: “zdengine”

Detected by UnHackMe:

ZDENGINE.DLL
Default location: %PROGRAM FILES%\OTHERSEARCH\ZDENGINE.DLL

Dropper hash(md5): d4cee618d0bf40a5f66922354cbe75f3

Share This:

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

4
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera