Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

Alex NightWatcher: Solved! (5 / 5)

Malware Analysis of W64.HfsAdware.FBD8 – BD0002.DLL

Created files:

%Program Files Common%\Baidu\BaiduHips\1.2.0.751\BaiduPrevUIn.dll
%Program Files Common%\Baidu\BaiduHips\1.2.0.751\bd0001.dll
%Program Files Common%\Baidu\BaiduHips\1.2.0.751\bd0002.dll
%Program Files Common%\Baidu\BaiduHips\1.2.0.751\BDConfig.dll
%Program Files Common%\Baidu\BaiduHips\1.2.0.751\BDDriverFixer.dll

Autostart registry keys:

HKLM\Software\Classes\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\InprocServer32\: “%Program Files%\Baidu\BaiduSd\3.0.0.4605\BDShellExt.dll”
HKLM\Software\Classes\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}\InprocServer32\: “%Program Files%\Baidu\BaiduSd\3.0.0.4605\websafe\WebMonBHO.dll”
HKLM\Software\Classes\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\InprocServer32\: “%Program Files%\Baidu\BaiduSd\3.0.0.4605\explugin\ieBaiduSDDetectPlug.dll”
HKLM\Software\Classes\CLSID\{85E0B1AA-04FA-11D1-B7DA-00A0C90348D6}\InprocServer32\: “%Program Files%\Baidu\BaiduSd\3.0.0.4605\BDKVDeskBand.dll”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1FA18F7974E099CDFFF18C3B9B1A1EE8\InstallProperties\UninstallString: “MsiExec.exe /I{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1FA18F7974E099CDFFF18C3B9B1A1EE8\InstallProperties\DisplayName: “Visual C++ 8.0 ATL (x86) WinSXS MSM”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DA42BC89BF25F5BDFFF18C3B9B1A1EE8\InstallProperties\UninstallString: “MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DA42BC89BF25F5BDFFF18C3B9B1A1EE8\InstallProperties\DisplayName: “Visual C++ 8.0 CRT (x86) WinSXS MSM”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\baidusdTray: “”%Program Files%\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe” -stmd=3″
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}\UninstallString: “MsiExec.exe /I{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}\DisplayName: “Visual C++ 8.0 ATL (x86) WinSXS MSM”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}\UninstallString: “MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}\DisplayName: “Visual C++ 8.0 CRT (x86) WinSXS MSM”
HKLM\System\CurrentControlSet\Services\BaiduHips\ImagePath: “”%Program Files Common%\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe””
HKLM\System\CurrentControlSet\Services\BaiduHips\DisplayName: “BaiduHips”
HKLM\System\CurrentControlSet\Services\bd0001\ImagePath: “system32\DRIVERS\bd0001.sys”
HKLM\System\CurrentControlSet\Services\bd0001\DisplayName: “bd0001”
HKLM\System\CurrentControlSet\Services\bd0002\ImagePath: “system32\DRIVERS\bd0002.sys”
HKLM\System\CurrentControlSet\Services\bd0002\DisplayName: “bd0002”
HKLM\System\CurrentControlSet\Services\bd0003\ImagePath: “system32\DRIVERS\bd0003.sys”
HKLM\System\CurrentControlSet\Services\bd0003\DisplayName: “bd0003”
HKLM\System\CurrentControlSet\Services\BDArKit\ImagePath: “system32\DRIVERS\BDArKit.sys”
HKLM\System\CurrentControlSet\Services\BDArKit\DisplayName: “BDArKit”
HKLM\System\CurrentControlSet\Services\BDDefense\ImagePath: “\??\%SysDir%\drivers\BDDefense.sys”
HKLM\System\CurrentControlSet\Services\BDDefense\DisplayName: “BDDefense”
HKLM\System\CurrentControlSet\Services\BDFileDefend\ImagePath: “system32\DRIVERS\BDFileDefend.sys”
HKLM\System\CurrentControlSet\Services\BDFileDefend\DisplayName: “BDFileDefend”
HKLM\System\CurrentControlSet\Services\BDKVRTP\ImagePath: “”%Program Files%\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe” -r”
HKLM\System\CurrentControlSet\Services\BDKVRTP\DisplayName: “BDKVRTP Service”
HKLM\System\CurrentControlSet\Services\BDMWrench\ImagePath: “system32\DRIVERS\BDMWrench.sys”
HKLM\System\CurrentControlSet\Services\BDMWrench\DisplayName: “BDMWrench”
HKLM\System\CurrentControlSet\Services\BdSandBox\ImagePath: “system32\DRIVERS\BdSandBox.sys”
HKLM\System\CurrentControlSet\Services\BdSandBox\DisplayName: “BdSandBox”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\apphide: “%Program Files%\baidu\baidu.exe”

Detected by UnHackMe:

BD0002.DLL
Default location: %PROGRAM FILES COMMON%\BAIDU\BAIDUHIPS\1.2.0.751\BD0002.DLL

Dropper hash(md5): ba669fe3e656d71c07db8c7c06ab9cdf

Written by NightWatcher

Malware Hunter.
Google+

UnHackMe removes malware invisible for your antivirus!

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.