Adware.BrowseFox.Win32.291276 also known as malicious (moderate confidence), W32.HfsAdware.14EA. Malware Analysis of Adware.BrowseFox.Win32.291276 – LETVSETUP.EXE Created files: %TEMP%\NSSD2D1.TMP\IQIYISETUP_L_SPL004@KB010.EXE %TEMP%\NSSD2D1.TMP\K1.ICO %TEMP%\NSSD2D1.TMP\LETVSETUP.EXE %TEMP%\NSSD2D1.TMP\NSPROCESS.DLL %TEMP%\NSSD2D1.TMP\NSVFF9F.TMP Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe”” HKLM\System\CurrentControlSet\services\RsMgrSvc\DisplayName: “Rsd Service” HKLM\System\CurrentControlSet\services\sysmon\ImagePath: “system32\DRIVERS\sysmon.sys” HKLM\System\CurrentControlSet\services\sysmon\DisplayName: “sysmon” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PPTASSIST\UNINSTALLSTRING: “%LOCAL APPDATA%\PPTASSIST\UTILITY\UNINST.EXE”…

Continue reading →

OScope.Adware.GV.Cdn also known as ADSPY/Cdnup.A.1, CNav, BrowserModifier:Win32/CNNIC. Malware Analysis of OScope.Adware.GV.Cdn – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Adware ( 005017e31 ) also known as PUP/Win32.Linkury.R196393, RDN/Generic PUP.x, RiskWare[WebToolbar]/Win32.Linkury. Malware Analysis of Adware ( 005017e31 ) – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 UnHackMe removes malware…

Continue reading →

Win.Adware.Terkcop-22 also known as W32/S-d53108b6!Eldorado, Generic Suspicious, HEUR/QVM10.1.0000.Malware.Gen. MALWARE ANALYSIS OF WIN.ADWARE.TERKCOP-22 – 127AD9239627DD62B32F655745DEF479.EXE Created files: %COMMON APPDATA%\{E935CBCC-01FC-F79D-E935-5CBCC01F2F30}\F87FCBA015291D2D %COMMON APPDATA%\{E935CBCC-01FC-F79D-E935-5CBCC01F2F30}\127AD9239627DD62B32F655745DEF479.DAT %COMMON APPDATA%\{E935CBCC-01FC-F79D-E935-5CBCC01F2F30}\127AD9239627DD62B32F655745DEF479.EXE %SYSDIR%\TASKS\THINKSYNC %WINDIR%\TASKS\THINKSYNC.JOB Detected by UnHackMe: 127AD9239627DD62B32F655745DEF479.EXE DEFAULT LOCATION: %COMMON APPDATA%\{E935CBCC-01FC-F79D-E935-5CBCC01F2F30}\127AD9239627DD62B32F655745DEF479.EXE Dropper hash(md5): 127ad9239627dd62b32f655745def479 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

AdWare.Generic.dppx also known as Trojan.Adware.MultiPlug.18, Win32.Adware.Generic.bb, Malicious. MALWARE ANALYSIS OF ADWARE.GENERIC.DPPX – 127AD9239627DD62B32F655745DEF479.EXE Created files: %COMMON APPDATA%\{E935CBCC-01FC-F79D-E935-5CBCC01F2F30}\F87FCBA015291D2D %COMMON APPDATA%\{E935CBCC-01FC-F79D-E935-5CBCC01F2F30}\127AD9239627DD62B32F655745DEF479.DAT %COMMON APPDATA%\{E935CBCC-01FC-F79D-E935-5CBCC01F2F30}\127AD9239627DD62B32F655745DEF479.EXE %SYSDIR%\TASKS\THINKSYNC %WINDIR%\TASKS\THINKSYNC.JOB Detected by UnHackMe: 127AD9239627DD62B32F655745DEF479.EXE DEFAULT LOCATION: %COMMON APPDATA%\{E935CBCC-01FC-F79D-E935-5CBCC01F2F30}\127AD9239627DD62B32F655745DEF479.EXE Dropper hash(md5): 127ad9239627dd62b32f655745def479 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

W32.HfsAdware.6E3B also known as AdWare/MultiPlug.fgtj, suspected of Heur.Malware-Cryptor.Multiplug, Trojan.Win32.Qudamah.Gen.3. MALWARE ANALYSIS OF W32.HFSADWARE.6E3B – 1223C9FA6D00798CA6F78657857D0E52.EXE Created files: %COMMON APPDATA%\{0F76ABB7-3215-BB66-0F76-6ABB7321AEDC}\1223C9FA6D00798CA6F78657857D0E52.DAT %COMMON APPDATA%\{0F76ABB7-3215-BB66-0F76-6ABB7321AEDC}\1223C9FA6D00798CA6F78657857D0E52.EXE %STARTUP%\1223C9FA6D00798CA6F78657857D0E52.LNK Detected by UnHackMe: 1223C9FA6D00798CA6F78657857D0E52.EXE DEFAULT LOCATION: %COMMON APPDATA%\{0F76ABB7-3215-BB66-0F76-6ABB7321AEDC}\1223C9FA6D00798CA6F78657857D0E52.EXE Dropper hash(md5): 1223c9fa6d00798ca6f78657857d0e52 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

AdWare/MultiPlug.gian also known as Gen:Variant.Adware.Mplug.37, Unwanted-Program ( 0040f9681 ), Trojan.Crossrider1.22656. MALWARE ANALYSIS OF ADWARE/MULTIPLUG.GIAN – 09295C875750D2C267059C2FA9AB10B7.EXE Created files: %COMMON APPDATA%\{7E847732-2447-2AFF-7E84-47732244DCC8}\09295C875750D2C267059C2FA9AB10B7.DAT %COMMON APPDATA%\{7E847732-2447-2AFF-7E84-47732244DCC8}\09295C875750D2C267059C2FA9AB10B7.EXE %STARTUP%\09295C875750D2C267059C2FA9AB10B7.LNK %SYSDIR%\TASKS\BIDAILY SYNCHRONIZE TASK %WINDIR%\TASKS\BIDAILY SYNCHRONIZE TASK.JOB Detected by UnHackMe: 09295C875750D2C267059C2FA9AB10B7.EXE DEFAULT LOCATION: %COMMON APPDATA%\{7E847732-2447-2AFF-7E84-47732244DCC8}\09295C875750D2C267059C2FA9AB10B7.EXE Dropper hash(md5): 09295c875750d2c267059c2fa9ab10b7 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading →

Adware.Outbrowse.1395072[h] also known as Downloader.BVI, Adware ( 004b92291 ). Malware Analysis of Adware.Outbrowse.1395072[h] – F.EXE Created files: %TEMP%\F.EXE %TEMP%\NSFCB40.TMP\CONVERT.DLL %TEMP%\WER3341.TMP.WERINTERNALMETADATA.XML %TEMP%\WER3B9F.TMP.APPCOMPAT.TXT %TEMP%\WER4072.TMP.MDMP Detected by UnHackMe: F.EXE DEFAULT LOCATION: %TEMP%\F.EXE Dropper hash(md5): 061190930f35d7041d942862b2018974 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

Adware.Bho.4031 also known as ADW_DOWNWARE, Trj/Chgt.A, ADW_DOWNWARE. Malware Analysis of Adware.Bho.4031 – F.EXE Created files: %TEMP%\F.EXE %TEMP%\NSFCB40.TMP\CONVERT.DLL %TEMP%\WER3341.TMP.WERINTERNALMETADATA.XML %TEMP%\WER3B9F.TMP.APPCOMPAT.TXT %TEMP%\WER4072.TMP.MDMP Detected by UnHackMe: F.EXE DEFAULT LOCATION: %TEMP%\F.EXE Dropper hash(md5): 061190930f35d7041d942862b2018974 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

not-a-virus:AdWare.Win32.OutBrowse.h also known as Riskware.Win32.OutBrowse.dtmevz, SoftwareBundler:Win32/OutBrowse, PUA.OutBrowse!. Malware Analysis of not-a-virus:AdWare.Win32.OutBrowse.h – F.EXE Created files: %TEMP%\F.EXE %TEMP%\NSFCB40.TMP\CONVERT.DLL %TEMP%\WER3341.TMP.WERINTERNALMETADATA.XML %TEMP%\WER3B9F.TMP.APPCOMPAT.TXT %TEMP%\WER4072.TMP.MDMP Detected by UnHackMe: F.EXE DEFAULT LOCATION: %TEMP%\F.EXE Dropper hash(md5): 061190930f35d7041d942862b2018974 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

not-a-virus:HEUR:AdWare.Win32.OutBrowse.gen also known as Trojan/Win32.TSGeneric, Pua.Outbrowse.Gen!c, Trojan.Agent/Gen-OutBrowse. Malware Analysis of not-a-virus:HEUR:AdWare.Win32.OutBrowse.gen – CONVERT.DLL Created files: %TEMP%\F.EXE %TEMP%\NSFCB40.TMP\CONVERT.DLL %TEMP%\WER3341.TMP.WERINTERNALMETADATA.XML %TEMP%\WER3B9F.TMP.APPCOMPAT.TXT %TEMP%\WER4072.TMP.MDMP Detected by UnHackMe: CONVERT.DLL DEFAULT LOCATION: %TEMP%\NSFCB40.TMP\CONVERT.DLL Dropper hash(md5): 061190930f35d7041d942862b2018974 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Adware.OutBrowseCRTD.Win32.276 also known as OutBrowse (fs), Adware.Gen.2, Trj/Chgt.A. Malware Analysis of Adware.OutBrowseCRTD.Win32.276 – F.EXE Created files: %TEMP%\F.EXE %TEMP%\NSFCB40.TMP\CONVERT.DLL %TEMP%\WER3341.TMP.WERINTERNALMETADATA.XML %TEMP%\WER3B9F.TMP.APPCOMPAT.TXT %TEMP%\WER4072.TMP.MDMP Detected by UnHackMe: F.EXE DEFAULT LOCATION: %TEMP%\F.EXE Dropper hash(md5): 061190930f35d7041d942862b2018974 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Adware.Gen.2 also known as PUP.Adware.OutBrowse, malicious (moderate confidence), OutBrowse (fs). Malware Analysis of Adware.Gen.2 – F.EXE Created files: %TEMP%\F.EXE %TEMP%\NSFCB40.TMP\CONVERT.DLL %TEMP%\WER3341.TMP.WERINTERNALMETADATA.XML %TEMP%\WER3B9F.TMP.APPCOMPAT.TXT %TEMP%\WER4072.TMP.MDMP Detected by UnHackMe: F.EXE DEFAULT LOCATION: %TEMP%\F.EXE Dropper hash(md5): 061190930f35d7041d942862b2018974 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

AdWare.W32.OutBrowse.h!c also known as Adware/OutBrowse, Trj/Chgt.A, Adware.Outbrowse.1395072[h]. Malware Analysis of AdWare.W32.OutBrowse.h!c – F.EXE Created files: %TEMP%\F.EXE %TEMP%\NSFCB40.TMP\CONVERT.DLL %TEMP%\WER3341.TMP.WERINTERNALMETADATA.XML %TEMP%\WER3B9F.TMP.APPCOMPAT.TXT %TEMP%\WER4072.TMP.MDMP Detected by UnHackMe: F.EXE DEFAULT LOCATION: %TEMP%\F.EXE Dropper hash(md5): 061190930f35d7041d942862b2018974 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

a variant of Win32/Adware.HPDefender.ZZ also known as Riskware/HPDefender, Ml.Attribute.Gen!c, Trojan.Gen.8. Malware Analysis of a variant of Win32/Adware.HPDefender.ZZ – CPUZAPP.EXE Created files: %TEMP%\NSHD0BE.TMP\NSPROCESS.DLL %APPDATA%\CPUZAPP\CPUZAPP\CPUZ_X32.EXE %APPDATA%\CPUZAPP\CPUZAPP.EXE %APPDATA%\CPUZAPP\UNINSTALLER.EXE %PROFILE%\DESKTOP\CPUZ_X32.LNK Detected by UnHackMe: CPUZAPP.EXE DEFAULT LOCATION: %APPDATA%\CPUZAPP\CPUZAPP.EXE Dropper hash(md5): 0213e7add3ba2b793405c592fdbe3330 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

Adware ( 004b92291 ) also known as Trj/Chgt.A, malicious_confidence_100% (D), Pua.Outbrowse. Malware Analysis of Adware ( 004b92291 ) – F.EXE Created files: %TEMP%\F.EXE %TEMP%\NSFCB40.TMP\CONVERT.DLL %TEMP%\WER3341.TMP.WERINTERNALMETADATA.XML %TEMP%\WER3B9F.TMP.APPCOMPAT.TXT %TEMP%\WER4072.TMP.MDMP Detected by UnHackMe: F.EXE DEFAULT LOCATION: %TEMP%\F.EXE Dropper hash(md5): 061190930f35d7041d942862b2018974 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Win32.Adware.Outbrowse.Wsts also known as PUA.OutBrowse!, malicious (moderate confidence), AdWare.W32.OutBrowse.h!c. Malware Analysis of Win32.Adware.Outbrowse.Wsts – F.EXE Created files: %TEMP%\F.EXE %TEMP%\NSFCB40.TMP\CONVERT.DLL %TEMP%\WER3341.TMP.WERINTERNALMETADATA.XML %TEMP%\WER3B9F.TMP.APPCOMPAT.TXT %TEMP%\WER4072.TMP.MDMP Detected by UnHackMe: F.EXE DEFAULT LOCATION: %TEMP%\F.EXE Dropper hash(md5): 061190930f35d7041d942862b2018974 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

Win.Adware.Agent-1348122 also known as Unwanted-Program ( 004ccd421 ), a variant of Win32/Adware.MultiPlug.NU, Gen:Variant.Razy.14008. MALWARE ANALYSIS OF WIN.ADWARE.AGENT-1348122 – 027A0FC011117DCAEF0F43EE93E3D84C.EXE Created files: %COMMON APPDATA%\{35293A86-C7CC-13F1-3529-93A86C7CEA1B}\E06D58D358C3D668 %COMMON APPDATA%\{35293A86-C7CC-13F1-3529-93A86C7CEA1B}\027A0FC011117DCAEF0F43EE93E3D84C.DAT %COMMON APPDATA%\{35293A86-C7CC-13F1-3529-93A86C7CEA1B}\027A0FC011117DCAEF0F43EE93E3D84C.EXE %SYSDIR%\TASKS\INSTANTFAME %WINDIR%\TASKS\INSTANTFAME.JOB Detected by UnHackMe: 027A0FC011117DCAEF0F43EE93E3D84C.EXE DEFAULT LOCATION: %COMMON APPDATA%\{35293A86-C7CC-13F1-3529-93A86C7CEA1B}\027A0FC011117DCAEF0F43EE93E3D84C.EXE Dropper hash(md5): 027a0fc011117dcaef0f43ee93e3d84c UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading →

AdWare.Generic.bwe also known as HW32.Packed.A5AF, AdWare.W32.Gen.muUa, Application.Win32.MultiPlug.HE. MALWARE ANALYSIS OF ADWARE.GENERIC.BWE – 027A0FC011117DCAEF0F43EE93E3D84C.EXE Created files: %COMMON APPDATA%\{35293A86-C7CC-13F1-3529-93A86C7CEA1B}\E06D58D358C3D668 %COMMON APPDATA%\{35293A86-C7CC-13F1-3529-93A86C7CEA1B}\027A0FC011117DCAEF0F43EE93E3D84C.DAT %COMMON APPDATA%\{35293A86-C7CC-13F1-3529-93A86C7CEA1B}\027A0FC011117DCAEF0F43EE93E3D84C.EXE %SYSDIR%\TASKS\INSTANTFAME %WINDIR%\TASKS\INSTANTFAME.JOB Detected by UnHackMe: 027A0FC011117DCAEF0F43EE93E3D84C.EXE DEFAULT LOCATION: %COMMON APPDATA%\{35293A86-C7CC-13F1-3529-93A86C7CEA1B}\027A0FC011117DCAEF0F43EE93E3D84C.EXE Dropper hash(md5): 027a0fc011117dcaef0f43ee93e3d84c UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

AdWare/MultiPlug.bxwe also known as SMG.Heur!gen, malicious (high confidence), Gen:Variant.Adware.MultiPlug.18. MALWARE ANALYSIS OF ADWARE/MULTIPLUG.BXWE – 04311E8A5F051A30B8357E6985AF1F1F.EXE Created files: %COMMON APPDATA%\{1164CACD-5E75-96BA-1164-4CACD5E72B35}\E81D3FBF34793FC3 %COMMON APPDATA%\{1164CACD-5E75-96BA-1164-4CACD5E72B35}\04311E8A5F051A30B8357E6985AF1F1F.DAT %COMMON APPDATA%\{1164CACD-5E75-96BA-1164-4CACD5E72B35}\04311E8A5F051A30B8357E6985AF1F1F.EXE %SYSDIR%\TASKS\FILESUPPORT %WINDIR%\TASKS\FILESUPPORT.JOB Detected by UnHackMe: 04311E8A5F051A30B8357E6985AF1F1F.EXE DEFAULT LOCATION: %COMMON APPDATA%\{1164CACD-5E75-96BA-1164-4CACD5E72B35}\04311E8A5F051A30B8357E6985AF1F1F.EXE Dropper hash(md5): 04311e8a5f051a30b8357e6985af1f1f UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

Win.Adware.Agent-1320767 also known as not-a-virus:HEUR:AdWare.Win32.Generic, malicious_confidence_100% (D), AdLoad. MALWARE ANALYSIS OF WIN.ADWARE.AGENT-1320767 – 04311E8A5F051A30B8357E6985AF1F1F.EXE Created files: %COMMON APPDATA%\{1164CACD-5E75-96BA-1164-4CACD5E72B35}\E81D3FBF34793FC3 %COMMON APPDATA%\{1164CACD-5E75-96BA-1164-4CACD5E72B35}\04311E8A5F051A30B8357E6985AF1F1F.DAT %COMMON APPDATA%\{1164CACD-5E75-96BA-1164-4CACD5E72B35}\04311E8A5F051A30B8357E6985AF1F1F.EXE %SYSDIR%\TASKS\FILESUPPORT %WINDIR%\TASKS\FILESUPPORT.JOB Detected by UnHackMe: 04311E8A5F051A30B8357E6985AF1F1F.EXE DEFAULT LOCATION: %COMMON APPDATA%\{1164CACD-5E75-96BA-1164-4CACD5E72B35}\04311E8A5F051A30B8357E6985AF1F1F.EXE Dropper hash(md5): 04311e8a5f051a30b8357e6985af1f1f UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Win.Adware.Agent-1384315 also known as Gen:Variant.Adware.MPlug.59, Win32:MultiPlug-ABB [PUP], PUP/Win32.MultiPlug.R157273. MALWARE ANALYSIS OF WIN.ADWARE.AGENT-1384315 – 0830B9E0EDB6A365959975821B0D1837.EXE Created files: %COMMON APPDATA%\{DDF8370C-D865-8A5C-DDF8-8370CD86DC33}\A2C7DD4B4A8384D7 %COMMON APPDATA%\{DDF8370C-D865-8A5C-DDF8-8370CD86DC33}\0830B9E0EDB6A365959975821B0D1837.DAT %COMMON APPDATA%\{DDF8370C-D865-8A5C-DDF8-8370CD86DC33}\0830B9E0EDB6A365959975821B0D1837.EXE %SYSDIR%\TASKS\VIEWCOUNTER %WINDIR%\TASKS\VIEWCOUNTER.JOB Detected by UnHackMe: 0830B9E0EDB6A365959975821B0D1837.EXE DEFAULT LOCATION: %COMMON APPDATA%\{DDF8370C-D865-8A5C-DDF8-8370CD86DC33}\0830B9E0EDB6A365959975821B0D1837.EXE Dropper hash(md5): 0830b9e0edb6a365959975821b0d1837 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Adware.MultiPlug.Win32.482863 also known as HEUR/QVM10.1.0000.Malware.Gen, Trojan.Win32.Crypted.duvikb, PUP.Optional.MultiPlug. MALWARE ANALYSIS OF ADWARE.MULTIPLUG.WIN32.482863 – 058E7D6542D8B26AF5666846904AA579.EXE Created files: %COMMON APPDATA%\{E9899A61-63A5-993F-E989-99A6163A6985}\DE082928F451F45C %COMMON APPDATA%\{E9899A61-63A5-993F-E989-99A6163A6985}\058E7D6542D8B26AF5666846904AA579.DAT %COMMON APPDATA%\{E9899A61-63A5-993F-E989-99A6163A6985}\058E7D6542D8B26AF5666846904AA579.EXE %SYSDIR%\TASKS\VIRUSKILL %WINDIR%\TASKS\VIRUSKILL.JOB Detected by UnHackMe: 058E7D6542D8B26AF5666846904AA579.EXE DEFAULT LOCATION: %COMMON APPDATA%\{E9899A61-63A5-993F-E989-99A6163A6985}\058E7D6542D8B26AF5666846904AA579.EXE Dropper hash(md5): 058e7d6542d8b26af5666846904aa579 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

W32.HfsAdware.C018 also known as Unwanted-Program ( 0040f9be1 ), Trojan.Crossrider1.22656. MALWARE ANALYSIS OF W32.HFSADWARE.C018 – 7C14BCD123DD436B7317F26716315DEE.EXE Created files: %COMMON APPDATA%\{CFC77540-C271-D777-CFC7-77540C27D503}\7C14BCD123DD436B7317F26716315DEE.DAT %COMMON APPDATA%\{CFC77540-C271-D777-CFC7-77540C27D503}\7C14BCD123DD436B7317F26716315DEE.EXE %STARTUP%\7C14BCD123DD436B7317F26716315DEE.LNK Detected by UnHackMe: 7C14BCD123DD436B7317F26716315DEE.EXE DEFAULT LOCATION: %COMMON APPDATA%\{CFC77540-C271-D777-CFC7-77540C27D503}\7C14BCD123DD436B7317F26716315DEE.EXE Dropper hash(md5): 7c14bcd123dd436b7317f26716315dee UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

AdWare/MultiPlug.cqig also known as Gen:Variant.Adware.Kazy, AdWare.W32.MultiPlug.mzN0, a variant of Win32/Adware.MultiPlug.NP. MALWARE ANALYSIS OF ADWARE/MULTIPLUG.CQIG – 058E7D6542D8B26AF5666846904AA579.EXE Created files: %COMMON APPDATA%\{E9899A61-63A5-993F-E989-99A6163A6985}\DE082928F451F45C %COMMON APPDATA%\{E9899A61-63A5-993F-E989-99A6163A6985}\058E7D6542D8B26AF5666846904AA579.DAT %COMMON APPDATA%\{E9899A61-63A5-993F-E989-99A6163A6985}\058E7D6542D8B26AF5666846904AA579.EXE %SYSDIR%\TASKS\VIRUSKILL %WINDIR%\TASKS\VIRUSKILL.JOB Detected by UnHackMe: 058E7D6542D8B26AF5666846904AA579.EXE DEFAULT LOCATION: %COMMON APPDATA%\{E9899A61-63A5-993F-E989-99A6163A6985}\058E7D6542D8B26AF5666846904AA579.EXE Dropper hash(md5): 058e7d6542d8b26af5666846904aa579 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

AdWare/Generic.iwz also known as Gen:Variant.Razy.14008, W32/S-c9393445!Eldorado, Trojan.Razy.D36B8. MALWARE ANALYSIS OF ADWARE/GENERIC.IWZ – 0464D818885BEFD6A5E0AE73322EEC5A.EXE Created files: %COMMON APPDATA%\{6B9561E9-5EEA-7CD0-6B95-561E95EE87A5}\C97DB18A40766010 %COMMON APPDATA%\{6B9561E9-5EEA-7CD0-6B95-561E95EE87A5}\0464D818885BEFD6A5E0AE73322EEC5A.DAT %COMMON APPDATA%\{6B9561E9-5EEA-7CD0-6B95-561E95EE87A5}\0464D818885BEFD6A5E0AE73322EEC5A.EXE %SYSDIR%\TASKS\ULTIMATEMUSIC %WINDIR%\TASKS\ULTIMATEMUSIC.JOB Detected by UnHackMe: 0464D818885BEFD6A5E0AE73322EEC5A.EXE DEFAULT LOCATION: %COMMON APPDATA%\{6B9561E9-5EEA-7CD0-6B95-561E95EE87A5}\0464D818885BEFD6A5E0AE73322EEC5A.EXE Dropper hash(md5): 0464d818885befd6a5e0ae73322eec5a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

AdWare.W32.MultiPlug.mm9S also known as Application.Win32.MultiPlug.MBS, Win32:FakeDownload-G [PUP], Trojan ( 0040fa761 ). MALWARE ANALYSIS OF ADWARE.W32.MULTIPLUG.MM9S – 0841C090362848C4A23AB95A134562DD.EXE Created files: %COMMON APPDATA%\{E0779325-ECD0-DECB-E077-79325ECD4C97}\0841C090362848C4A23AB95A134562DD.DAT %COMMON APPDATA%\{E0779325-ECD0-DECB-E077-79325ECD4C97}\0841C090362848C4A23AB95A134562DD.EXE %SYSDIR%\TASKS\BIDAILY SYNCHRONIZE TASK[973B] %WINDIR%\TASKS\BIDAILY SYNCHRONIZE TASK[973B].JOB Detected by UnHackMe: 0841C090362848C4A23AB95A134562DD.EXE DEFAULT LOCATION: %COMMON APPDATA%\{E0779325-ECD0-DECB-E077-79325ECD4C97}\0841C090362848C4A23AB95A134562DD.EXE Dropper hash(md5): 0841c090362848c4a23ab95a134562dd UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading →

AdWare/MultiPlug.bqik also known as AdLoad, MultiPlug (PUA), MultiPlug-FAC. MALWARE ANALYSIS OF ADWARE/MULTIPLUG.BQIK – 0841C090362848C4A23AB95A134562DD.EXE Created files: %COMMON APPDATA%\{E0779325-ECD0-DECB-E077-79325ECD4C97}\0841C090362848C4A23AB95A134562DD.DAT %COMMON APPDATA%\{E0779325-ECD0-DECB-E077-79325ECD4C97}\0841C090362848C4A23AB95A134562DD.EXE %SYSDIR%\TASKS\BIDAILY SYNCHRONIZE TASK[973B] %WINDIR%\TASKS\BIDAILY SYNCHRONIZE TASK[973B].JOB Detected by UnHackMe: 0841C090362848C4A23AB95A134562DD.EXE DEFAULT LOCATION: %COMMON APPDATA%\{E0779325-ECD0-DECB-E077-79325ECD4C97}\0841C090362848C4A23AB95A134562DD.EXE Dropper hash(md5): 0841c090362848c4a23ab95a134562dd UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

AdWare/MultiPlug.edmv also known as Riskware/MultiPlug, PE:Adware.MultiPlug!1.A126[F1]. MALWARE ANALYSIS OF ADWARE/MULTIPLUG.EDMV – 113CCE4D5FB179F06587FFF42E5FE060.EXE Created files: %TEMP%\69B8\IMAGES\LOADER.GIF %TEMP%\69B8\IMAGES\PROGRESSBAR.GIF %TEMP%\69B8\TEMP\BG.CA %TEMP%\69B8\TEMP\113CCE4D5FB179F06587FFF42E5FE060.EXE Detected by UnHackMe: 113CCE4D5FB179F06587FFF42E5FE060.EXE DEFAULT LOCATION: %TEMP%\69B8\TEMP\113CCE4D5FB179F06587FFF42E5FE060.EXE Dropper hash(md5): 113cce4d5fb179f06587fff42e5fe060 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

Win32.Adware.Multiplug.Dumm also known as Riskware/MultiPlug, Unwanted-Program ( 0040f9be1 ), Trojan.Adware.MPLug.35. MALWARE ANALYSIS OF WIN32.ADWARE.MULTIPLUG.DUMM – 113CCE4D5FB179F06587FFF42E5FE060.EXE Created files: %TEMP%\69B8\IMAGES\LOADER.GIF %TEMP%\69B8\IMAGES\PROGRESSBAR.GIF %TEMP%\69B8\TEMP\BG.CA %TEMP%\69B8\TEMP\113CCE4D5FB179F06587FFF42E5FE060.EXE Detected by UnHackMe: 113CCE4D5FB179F06587FFF42E5FE060.EXE DEFAULT LOCATION: %TEMP%\69B8\TEMP\113CCE4D5FB179F06587FFF42E5FE060.EXE Dropper hash(md5): 113cce4d5fb179f06587fff42e5fe060 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →