Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

Alex NightWatcher: Solved! (5 / 5)

Malware Analysis of AdWare.Goopdate.o – NPDROPBOXUPDATE3.DLL

Created files:

%Program Files%\Dropbox\Update\1.3.35.1\goopdateres_zh-CN.dll
%Program Files%\Dropbox\Update\1.3.35.1\goopdateres_zh-TW.dll
%Program Files%\Dropbox\Update\1.3.35.1\npDropboxUpdate3.dll
%Program Files%\Dropbox\Update\1.3.35.1\psmachine.dll
%Program Files%\Dropbox\Update\1.3.35.1\psuser.dll

Autostart registry keys:

HKLM\Software\Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\LocalServer32\: “”%Program Files%\Dropbox\Client\Dropbox.exe” /autoplay”
HKLM\Software\Classes\CLSID\{04F3B937-6C9D-4DAC-9477-8C35E24B25D1}\LocalServer32\: “”%Program Files%\Dropbox\Update\1.3.35.1\DropboxUpdateBroker.exe””
HKLM\Software\Classes\CLSID\{28F751F5-74E3-4C46-8174-D8D8A6BAF83F}\LocalServer32\: “”%Program Files%\Dropbox\Update\1.3.35.1\DropboxUpdateOnDemand.exe””
HKLM\Software\Classes\CLSID\{3363994D-A786-4A32-A745-48B9B6EA709A}\LocalServer32\: “”%Program Files%\Dropbox\Update\1.3.35.1\DropboxUpdateOnDemand.exe””
HKLM\Software\Classes\CLSID\{49423331-2B41-4EDE-838E-F8C8F3F6BF62}\LocalServer32\: “”%Program Files%\Dropbox\Update\1.3.35.1\DropboxUpdateOnDemand.exe””
HKLM\Software\Classes\CLSID\{4AF89161-A408-4DFD-9DE2-3C3B7BDB14E2}\LocalServer32\: “”%Program Files%\Dropbox\Update\1.3.35.1\DropboxUpdateOnDemand.exe””
HKLM\Software\Classes\CLSID\{6F268A50-D9CE-47C3-8B6A-CE16581405D9}\InProcServer32\: “%Program Files%\Dropbox\Update\1.3.35.1\psmachine.dll”
HKLM\Software\Classes\CLSID\{78F1393A-63FD-494A-BA89-2C3ECA4E8EC8}\InprocServer32\: “%Program Files%\Dropbox\Update\1.3.35.1\psmachine.dll”
HKLM\Software\Classes\CLSID\{82821E4E-4B46-430D-8BB8-8B480FC9D8A5}\LocalServer32\: “”%Program Files%\Dropbox\Update\1.3.35.1\DropboxUpdateBroker.exe””
HKLM\Software\Classes\CLSID\{9E396485-96EB-4906-B2C5-3E0F1E7748C3}\LocalServer32\: “”%Program Files%\Dropbox\Update\1.3.35.1\DropboxUpdateOnDemand.exe””
HKLM\Software\Classes\CLSID\{A496C5D9-84FE-4E84-9D20-7481589E1C23}\LocalServer32\: “”%Program Files%\Dropbox\Update\1.3.35.1\DropboxUpdateBroker.exe””
HKLM\Software\Classes\CLSID\{E4A0D496-A6CC-4BE3-BF5E-94936324B60D}\LocalServer32\: “”%Program Files%\Dropbox\Client\Dropbox.exe” /autoplayproxy /wia /device_id:%1 /event_id:%2″
HKLM\Software\Classes\CLSID\{E54806CB-0046-4BCF-B389-3A6F732DC6E6}\LocalServer32\: “”%Program Files%\Dropbox\Update\1.3.35.1\DropboxUpdateBroker.exe””
HKLM\Software\Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32\: “%Program Files%\Dropbox\Client\DropboxExt.34.dll”
HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32\: “%Program Files%\Dropbox\Client\DropboxExt.34.dll”
HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32\: “%Program Files%\Dropbox\Client\DropboxExt.34.dll”
HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32\: “%Program Files%\Dropbox\Client\DropboxExt.34.dll”
HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32\: “%Program Files%\Dropbox\Client\DropboxExt.34.dll”
HKLM\Software\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32\: “%Program Files%\Dropbox\Client\DropboxExt.34.dll”
HKLM\Software\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32\: “%Program Files%\Dropbox\Client\DropboxExt.34.dll”
HKLM\Software\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32\: “%Program Files%\Dropbox\Client\DropboxExt.34.dll”
HKLM\Software\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32\: “%Program Files%\Dropbox\Client\DropboxExt.34.dll”
HKLM\Software\Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32\: “%Program Files%\Dropbox\Client\DropboxExt.34.dll”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5A812990327ACD34D85B163756A6E149\InstallProperties\UninstallString: “MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5A812990327ACD34D85B163756A6E149\InstallProperties\DisplayName: “Dropbox Update Helper”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Dropbox: “”%Program Files%\Dropbox\Client\Dropbox.exe” /systemstartup”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dropbox\UninstallString: “”%Program Files%\Dropbox\Client\DropboxUninstaller.exe” /InstallType:MACHINE”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dropbox\DisplayName: “Dropbox”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{099218A5-A723-43DC-8DB5-6173656A1E94}\UninstallString: “MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{099218A5-A723-43DC-8DB5-6173656A1E94}\DisplayName: “Dropbox Update Helper”
HKLM\System\CurrentControlSet\Services\dbupdate\ImagePath: “”%Program Files%\Dropbox\Update\DropboxUpdate.exe” /svc”
HKLM\System\CurrentControlSet\Services\dbupdate\DisplayName: “Dropbox Update Service (dbupdate)”
HKLM\System\CurrentControlSet\Services\dbupdatem\ImagePath: “”%Program Files%\Dropbox\Update\DropboxUpdate.exe” /medsvc”
HKLM\System\CurrentControlSet\Services\dbupdatem\DisplayName: “Dropbox Update Service (dbupdatem)”

Detected by UnHackMe:

NPDROPBOXUPDATE3.DLL
Default location: %PROGRAM FILES%\DROPBOX\UPDATE\1.3.35.1\NPDROPBOXUPDATE3.DLL

Dropper hash(md5): 089ed6b341a30a3ae78966eecc9b8295

Written by NightWatcher

Malware Hunter.
Google+

UnHackMe removes malware invisible for your antivirus!

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.