Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
Backdoor.MSIL.Tnzbt also known as Trojan/Win32.FakeMS, Trojan.MSIL.CLE, Unwanted-Program ( 004a8e8a1 ).
Malware Analysis of Backdoor.MSIL.Tnzbt – NETSCP.EXE
Created files:
%Appdata%\Microsoft FxCop\c4febf31-f8bd-g26b.tmp
%Appdata%\Microsoft FxCop\MainModule.dll
%Appdata%\Microsoft FxCop\netscp.exe
%Appdata%\setup1.exe
%Temp%\33bd.rra
Autostart registry keys:
HKLM\Software\Classes\CLSID\{697DEABA-809C-49FC-ADD1-E9902D88360D}\LocalServer32\: “%Program Files Common%\InstallShield\Driver\8\Intel 32\IDriver2.exe”
HKLM\Software\Classes\CLSID\{8B1670C8-DC4A-4ED4-974B-81737A23826B}\LocalServer32\: “%Program Files Common%\InstallShield\Driver\8\Intel 32\IDriver.exe”
HKLM\Software\Classes\CLSID\{A1726C4F-5238-4907-B312-A7D3369E084E}\InProcServer32\: “%Program Files Common%\InstallShield\Driver\8\Intel 32\objps8.dll”
HKLM\Software\Classes\CLSID\{B84EDC85-8F87-4D92-A7DF-67AB94F2C528}\LocalServer32\: “%Program Files Common%\InstallShield\Driver\8\Intel 32\IDriver.exe”
HKLM\Software\Classes\CLSID\{FC5F5A61-B28C-4E1C-9528-40B4B40A897B}\InprocServer32\: “%Program Files Common%\InstallShield\Driver\8\Intel 32\IScript8.dll”
HKLM\Software\Classes\CLSID\{FFD7B771-8ECA-45DE-A944-7B013C6C2DF5}\InprocServer32\: “%Program Files Common%\InstallShield\Driver\8\Intel 32\IUser8.dll”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ComponentUpdate: “”%Appdata%\Microsoft\Google Component Update.lnk””
Detected by UnHackMe:
NETSCP.EXE
Default location: %APPDATA%\MICROSOFT FXCOP\NETSCP.EXE
Dropper hash(md5): be741520f13a2bf8bc064a73e146bf08
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.