Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.
UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
(5 / 5)
Worm.Ridnu.e.(kcloud) also known as I-Worm.Win32.A.Ridnu.92846, Mal/Sily-A, Generic_r.PW.
Malware Analysis of Worm.Ridnu.e.(kcloud)
Created files:
%Appdata%\Mr_CF\Folder.htt
%Appdata%\Mr_CoolFace.exe
%Appdata%\Mutant.exe
%Appdata%\Sahang.exe
%Appdata%\SMA Negeri 1 Pangkalpinang.exe
Autostart registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nplpfonx: 65 6B 6B 6E 73 61 73 6D 2E 65 78 65 00 00 00 00 00 00 00 00 0E 00 00 00 6E 70 6C 70 66 6F 6E 78 00 00 00 00 00 00 00 00 00 00 00 00 63 6B 67 6C 74 76 6B 74 00 00 00 00 00 00 00 00 00 00 00 00 77 6D 74 70 7B 6E 61 7C 00 00 00 00 00 00 00 00 00 00 00 00 6B 76 75 63 77 65 75 76 00 00 00 00 00 00 00
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Alumni_Smoensa_Pangkalpinang: 4D 72 5F 43 6F 6F 6C 46 61 63 65 00 42 69 6C 6C 69 6E 65 74 20 43 6C 69 65 6E 74 20 4C 6F 67 69 6E 00 00 00 49 72 65 6E 74 69 61 43 6C 69 65 6E 74 00 00 00 49 6E 64 6F 42 69 6C 6C 69 6E 67 43 6C 69 65 6E 74 00 00 00 43 6C 69 65 6E 74 30 31 30 00 00 00 43 6C 69 65 6E 74 30 30 38 00 00 00 50 72 6F
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\My_Old_Class: 33 49 50 41 32 2E 70 69 66 00 00 00 41 6C 75 6D 6E 69 5F 53 6D 6F 65 6E 73 61 5F 50 61 6E 67 6B 61 6C 70 69 6E 61 6E 67 00 00 00 00 5C 33 49 50 41 32 2E 70 69 66 00 00 55 73 65 72 69 6E 69 74 00 00 00 00 5C 75 73 65 72 69 6E 69 74 2E 65 78 65 2C 20 00 73 68 65 6C 6C 5C 41 75 74 6F 5C 63 6F 6D 6D
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gkomkm.exe: 43 3A 5C 44 6F 63 75 6D 65 6E 74 73 20 61 6E 64 20 53 65 74 74 69 6E 67 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 4C 6F 63 61 6C 20 53 65 74 74 69 6E 67 73 5C 67 6B 6F 6D 6B 6D 2E 65 78 65 00 01 00 11 00 00 00 3F 65 12 00 88 00 00 00 65 75 12 00 00 65 3F 7C 40 00 91 7C 79 79 79 79 3D 00 91
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: 65 78 70 6C 6F 72 65 72 2E 65 78 65 20 22 43 3A 5C 65 78 70 6C 6F 72 65 72 2E 65 78 65 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “%SysDir%\userinit.exe, C:\explorer.exe”
HKCU\Control Panel\Desktop\SCRNSAVE.EXE: 4D 52 5F 43 4F 4F 7E 31 2E 53 43 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Detected by UnHackMe:
MUTANT.EXE
Default location: %APPDATA%\MUTANT.EXE
Dropper hash(md5): 0a2f5f3ea71261ea6b56e3033ab8b337
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.