Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
RiskWare[RiskTool:not-a-virus]/Win32.Hidap also known as a variant of Win32/HideBaid.L potentially unwanted, Trj/CI.A, Win32:Malware-gen.
Malware Analysis of RiskWare[RiskTool:not-a-virus]/Win32.Hidap – UC.EXE
Created files:
%Program Files%\badu\badu.ini
%Program Files%\badu\Bind.exe
%Program Files%\badu\uc.exe
%Program Files%\badu\unins000.dat
%Program Files%\badu\unins000.exe
Autostart registry keys:
HKLM\Software\Classes\UCHTML\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.CRX\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.HTM\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.HTML\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.MHT\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.SHTM\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.SHTML\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.WEBP\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.XHT\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.XHTML\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Clients\StartMenuInternet\UCBrowser\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe””
HKLM\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\: “UC???”
HKLM\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\StubPath: “”%Program Files%\UCBrowser\Application\5.6.14087.7\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level”
HKLM\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Localized Name: “UC???”
HKLM\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\IsInstalled: 0x00000001
HKLM\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Version: “43,0,0,0”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\apphide: “%Program Files%\badu\uc.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser\DisplayName: “UC???”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser\UninstallString: “”%Program Files%\UCBrowser\Application\Uninstall.exe” –uninstall –system-level”
HKLM\Software\UCBrowser\UninstallString: “%Program Files%\UCBrowser\Application\Uninstall.exe”
Detected by UnHackMe:
UC.EXE
Default location: %PROGRAM FILES%\BADU\UC.EXE
Dropper hash(md5): 17d04ab16c0ecb16a54bafa58bb91077
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.