Adwareare.Solimba.Gen!c also known as PUP.Solimba/Variant, Trojan ( 0048e1d61 ), Adware.Solimba.254976[h]. Malware Analysis of Adwareare.Solimba.Gen!c – E876D9D0-E3FB-11E2-B66B-00259033C1DA.EXE Created files: %TEMP%\NSCDD51.TMP %TEMP%\NSIDEAA.TMP\E876D9D0-E3FB-11E2-B66B-00259033C1DA.EXE %TEMP%\NSIDEAA.TMP\INSTALLER.EXE %TEMP%\NSIDEAA.TMP\NSE07F.TMP %TEMP%\NSIDEAA.TMP\NSEXEC.DLL Detected by UnHackMe: E876D9D0-E3FB-11E2-B66B-00259033C1DA.EXE DEFAULT LOCATION: %TEMP%\NSIDEAA.TMP\E876D9D0-E3FB-11E2-B66B-00259033C1DA.EXE Dropper hash(md5): 68b6179d37cf2d2fecff8bb6318b45d8 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

W32.HfsAdware.CEA8 also known as PUA/Multiplug.aoa, Win32:Agent-AUVV [Trj], GrayWare[AdWare:not-a-virus]/Win32.MultiPlug.bwof. MALWARE ANALYSIS OF W32.HFSADWARE.CEA8 – DABA4B2B4D7510366E764AF0D7622F19.EXE Created files: %TEMP%\1050\IMAGES\LOADER.GIF %TEMP%\1050\IMAGES\PROGRESSBAR.GIF %TEMP%\1050\TEMP\BG.CA %TEMP%\1050\TEMP\DABA4B2B4D7510366E764AF0D7622F19.EXE %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON Detected by UnHackMe: DABA4B2B4D7510366E764AF0D7622F19.EXE DEFAULT LOCATION: %TEMP%\1050\TEMP\DABA4B2B4D7510366E764AF0D7622F19.EXE Dropper hash(md5): daba4b2b4d7510366e764af0d7622f19 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Adware.MultiPlug!1.A113 (classic) also known as SMG.Heur!gen, Win.Adware.Agent-1383489, BehavesLike.Win32.MultiPlug.fh. MALWARE ANALYSIS OF ADWARE.MULTIPLUG!1.A113 (CLASSIC) – 6B42C2EEDA6C750CE843F19138717E26.EXE Created files: %COMMON APPDATA%\{FBA25F69-E9EA-B13D-FBA2-25F69E9E7DA7}\B914A662AB4EFAB1 %COMMON APPDATA%\{FBA25F69-E9EA-B13D-FBA2-25F69E9E7DA7}\6B42C2EEDA6C750CE843F19138717E26.DAT %COMMON APPDATA%\{FBA25F69-E9EA-B13D-FBA2-25F69E9E7DA7}\6B42C2EEDA6C750CE843F19138717E26.EXE %SYSDIR%\TASKS\HASSLEFREECOMMUTE %WINDIR%\TASKS\HASSLEFREECOMMUTE.JOB Detected by UnHackMe: 6B42C2EEDA6C750CE843F19138717E26.EXE DEFAULT LOCATION: %COMMON APPDATA%\{FBA25F69-E9EA-B13D-FBA2-25F69E9E7DA7}\6B42C2EEDA6C750CE843F19138717E26.EXE Dropper hash(md5): 6b42c2eeda6c750ce843f19138717e26 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

W32.HfsAdware.5DCA also known as Gen:Variant.Adware.MPlug.31 (B), PE:Malware.XPACK-HIE/Heur!1.9C48, Gen:Variant.Adware.MPlug.31. MALWARE ANALYSIS OF W32.HFSADWARE.5DCA – 6A659DDC4718FD19DFF2EE71ED956484.EXE Created files: %TEMP%\7C80\IMAGES\LOADER.GIF %TEMP%\7C80\IMAGES\PROGRESSBAR.GIF %TEMP%\7C80\TEMP\BG.CA %TEMP%\7C80\TEMP\6A659DDC4718FD19DFF2EE71ED956484.EXE Detected by UnHackMe: 6A659DDC4718FD19DFF2EE71ED956484.EXE DEFAULT LOCATION: %TEMP%\7C80\TEMP\6A659DDC4718FD19DFF2EE71ED956484.EXE Dropper hash(md5): 6a659ddc4718fd19dff2ee71ed956484 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

AdWare/MultiPlug.bvcp also known as Trojan.Adware.MultiPlug.18, Unwanted-Program ( 004cbc931 ), PUP/Win32.MultiPlug.R160584. MALWARE ANALYSIS OF ADWARE/MULTIPLUG.BVCP – 6B28709831D465D1D5C87254650ECE05.EXE Created files: %COMMON APPDATA%\{77E84E11-1961-B406-77E8-84E111963844}\E64A916E1BE33A0A %COMMON APPDATA%\{77E84E11-1961-B406-77E8-84E111963844}\6B28709831D465D1D5C87254650ECE05.DAT %COMMON APPDATA%\{77E84E11-1961-B406-77E8-84E111963844}\6B28709831D465D1D5C87254650ECE05.EXE %SYSDIR%\TASKS\FRAMEVID %WINDIR%\TASKS\FRAMEVID.JOB Detected by UnHackMe: 6B28709831D465D1D5C87254650ECE05.EXE DEFAULT LOCATION: %COMMON APPDATA%\{77E84E11-1961-B406-77E8-84E111963844}\6B28709831D465D1D5C87254650ECE05.EXE Dropper hash(md5): 6b28709831d465d1d5c87254650ece05 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Win.Adware.Multiplug-55503 also known as BehavesLike.Win32.MultiPlug.fh, Unwanted-Program ( 004cbc931 ), SMG.Heur!gen. MALWARE ANALYSIS OF WIN.ADWARE.MULTIPLUG-55503 – 6B28709831D465D1D5C87254650ECE05.EXE Created files: %COMMON APPDATA%\{77E84E11-1961-B406-77E8-84E111963844}\E64A916E1BE33A0A %COMMON APPDATA%\{77E84E11-1961-B406-77E8-84E111963844}\6B28709831D465D1D5C87254650ECE05.DAT %COMMON APPDATA%\{77E84E11-1961-B406-77E8-84E111963844}\6B28709831D465D1D5C87254650ECE05.EXE %SYSDIR%\TASKS\FRAMEVID %WINDIR%\TASKS\FRAMEVID.JOB Detected by UnHackMe: 6B28709831D465D1D5C87254650ECE05.EXE DEFAULT LOCATION: %COMMON APPDATA%\{77E84E11-1961-B406-77E8-84E111963844}\6B28709831D465D1D5C87254650ECE05.EXE Dropper hash(md5): 6b28709831d465d1d5c87254650ece05 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

AdWare.Generic.cadb also known as Adware.MultiPlugGen.Win32.51, PUA.MultiPlug!, PUP.Optional.MultiPlug. Malware Analysis of AdWare.Generic.cadb – VIRUSSHARE_60417145F370E2370E72171629F961C9.EXE Created files: %COMMON APPDATA%\{FA21163D-54A0-917E-FA21-1163D54A58F5}\D7C1472858573E7E %COMMON APPDATA%\{FA21163D-54A0-917E-FA21-1163D54A58F5}\VIRUSSHARE_60417145F370E2370E72171629F961C9.DAT %COMMON APPDATA%\{FA21163D-54A0-917E-FA21-1163D54A58F5}\VIRUSSHARE_60417145F370E2370E72171629F961C9.EXE %SYSDIR%\TASKS\KEYBOARDBOOST %WINDIR%\TASKS\KEYBOARDBOOST.JOB Detected by UnHackMe: VIRUSSHARE_60417145F370E2370E72171629F961C9.EXE DEFAULT LOCATION: %COMMON APPDATA%\{FA21163D-54A0-917E-FA21-1163D54A58F5}\VIRUSSHARE_60417145F370E2370E72171629F961C9.EXE Dropper hash(md5): 60417145f370e2370e72171629f961c9 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

AdWare/MultiPlug.bzal also known as Gen:Variant.Adware.MultiPlug.18, MultiPlug (v), Win.Adware.Terkcop-55. Malware Analysis of AdWare/MultiPlug.bzal – VIRUSSHARE_5E3335EE8945F568F4748FC4BE394138.EXE Created files: %COMMON APPDATA%\{F9576B4C-8F0C-47C7-F957-76B4C8F0AD32}\B534F2B1740EB584 %COMMON APPDATA%\{F9576B4C-8F0C-47C7-F957-76B4C8F0AD32}\VIRUSSHARE_5E3335EE8945F568F4748FC4BE394138.DAT %COMMON APPDATA%\{F9576B4C-8F0C-47C7-F957-76B4C8F0AD32}\VIRUSSHARE_5E3335EE8945F568F4748FC4BE394138.EXE %SYSDIR%\TASKS\DAILFAST %WINDIR%\TASKS\DAILFAST.JOB Detected by UnHackMe: VIRUSSHARE_5E3335EE8945F568F4748FC4BE394138.EXE DEFAULT LOCATION: %COMMON APPDATA%\{F9576B4C-8F0C-47C7-F957-76B4C8F0AD32}\VIRUSSHARE_5E3335EE8945F568F4748FC4BE394138.EXE Dropper hash(md5): 5e3335ee8945f568f4748fc4be394138 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Adware.Outbrowse.110592[h] also known as Trojan.Win32.OutBrowse.dmikil, Gen:Variant.Application.Bundler.Outbrowse.1, Gen:Variant.Application.Bundler. Malware Analysis of Adware.Outbrowse.110592[h] – ZZP.DLL Created files: %TEMP%\BCCICABECBCAG.EXE %TEMP%\NSDD2C2.TMP\NSISUNZ.DLL %TEMP%\NSDD2C2.TMP\ZZP.DLL %TEMP%\WER32CA.TMP.APPCOMPAT.TXT %TEMP%\WER4634.TMP.MDMP Detected by UnHackMe: ZZP.DLL DEFAULT LOCATION: %TEMP%\NSDD2C2.TMP\ZZP.DLL Dropper hash(md5): 5fd7d62eb9c2a8e6965b243de4be565e UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Adware.BrowseFox.Win32.170411 also known as Trojan.Win32.Generic!BT, Gen:Variant.Application.Bundler, Trojan ( 004b338e1 ). Malware Analysis of Adware.BrowseFox.Win32.170411 – ZZP.DLL Created files: %TEMP%\BCCICABECBCAG.EXE %TEMP%\NSDD2C2.TMP\NSISUNZ.DLL %TEMP%\NSDD2C2.TMP\ZZP.DLL %TEMP%\WER32CA.TMP.APPCOMPAT.TXT %TEMP%\WER4634.TMP.MDMP Detected by UnHackMe: ZZP.DLL DEFAULT LOCATION: %TEMP%\NSDD2C2.TMP\ZZP.DLL Dropper hash(md5): 5fd7d62eb9c2a8e6965b243de4be565e UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

ADWARE/PennyBee.A.2116 also known as Generic_s.FY, Trojan.Patcher.v, Trojan.Win32.Patcher. Malware Analysis of ADWARE/PennyBee.A.2116 – BIBDE.EXE Created files: %APPDATA%\CEFUKIOW\ANATAS.DIN %APPDATA%\CEFUKIOW\BIBDE.EXE Detected by UnHackMe: BIBDE.EXE DEFAULT LOCATION: %APPDATA%\CEFUKIOW\BIBDE.EXE Dropper hash(md5): 62fde98c349417633fa7254b5249a1ad UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

AdWare/MultiPlug.btpz also known as Application.Win32.AdWare.MultiPlug.VA, not-a-virus:AdWare.MultiPlug, Win32:MultiPlug-OZ [PUP]. Malware Analysis of AdWare/MultiPlug.btpz – VIRUSSHARE_5F8D916C5C80AB192BA045D53D5FBCBE.EXE Created files: %TEMP%\1A72067AB\IMAGES\LOADER.GIF %TEMP%\1A72067AB\IMAGES\PROGRESSBAR.GIF %TEMP%\1A72067AB\TEMP\BG.CA %TEMP%\1A72067AB\TEMP\VIRUSSHARE_5F8D916C5C80AB192BA045D53D5FBCBE.EXE Detected by UnHackMe: VIRUSSHARE_5F8D916C5C80AB192BA045D53D5FBCBE.EXE DEFAULT LOCATION: %TEMP%\1A72067AB\TEMP\VIRUSSHARE_5F8D916C5C80AB192BA045D53D5FBCBE.EXE Dropper hash(md5): 5f8d916c5c80ab192ba045d53d5fbcbe UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Win.Adware.Agent-1319359 also known as not-a-virus:HEUR:AdWare.Win32.Generic, W32/Generic.AC.1AC122!tr. Malware Analysis of Win.Adware.Agent-1319359 – VIRUSSHARE_56D6CB6456427EC66268803D654BD2E2.EXE Created files: %COMMON APPDATA%\{31FD6E61-5C81-6846-31FD-D6E615C8B985}\A74284EFA6E2051D %COMMON APPDATA%\{31FD6E61-5C81-6846-31FD-D6E615C8B985}\VIRUSSHARE_56D6CB6456427EC66268803D654BD2E2.DAT %COMMON APPDATA%\{31FD6E61-5C81-6846-31FD-D6E615C8B985}\VIRUSSHARE_56D6CB6456427EC66268803D654BD2E2.EXE %SYSDIR%\TASKS\SOCIALTRUST %WINDIR%\TASKS\SOCIALTRUST.JOB Detected by UnHackMe: VIRUSSHARE_56D6CB6456427EC66268803D654BD2E2.EXE DEFAULT LOCATION: %COMMON APPDATA%\{31FD6E61-5C81-6846-31FD-D6E615C8B985}\VIRUSSHARE_56D6CB6456427EC66268803D654BD2E2.EXE Dropper hash(md5): 56d6cb6456427ec66268803d654bd2e2 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Adware/Agent.imy also known as Application.InstallShare (A). Malware Analysis of Adware/Agent.imy – CATALINAUPDATEBROKER.EXE Created files: %LOCAL APPDATA%\CATALINAGROUP\UPDATE\1.3.25.225\CATALINACRASHHANDLER.EXE %LOCAL APPDATA%\CATALINAGROUP\UPDATE\1.3.25.225\CATALINAUPDATE.EXE %LOCAL APPDATA%\CATALINAGROUP\UPDATE\1.3.25.225\CATALINAUPDATEBROKER.EXE %LOCAL APPDATA%\CATALINAGROUP\UPDATE\1.3.25.225\CATALINAUPDATEHELPER.MSI %LOCAL APPDATA%\CATALINAGROUP\UPDATE\1.3.25.225\CATALINAUPDATEONDEMAND.EXE Autostart registry keys: HKLM\SOFTWARE\CLASSES\CITRIODOC.5H2QR4GU3NYWVL3TJ6VO2JWGTI\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\CATALINAGROUP\CITRIO\APPLICATION\CITRIO.EXE” — “%1″” HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CITRIO.5H2QR4GU3NYWVL3TJ6VO2JWGTI\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\CATALINAGROUP\CITRIO\APPLICATION\CITRIO.EXE”” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CATALINAGROUP UPDATE: “”%LOCAL APPDATA%\CATALINAGROUP\UPDATE\CATALINAUPDATE.EXE” /C” HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio\DisplayName: “Citrio” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CITRIO\UNINSTALLSTRING: “”%LOCAL APPDATA%\CATALINAGROUP\CITRIO\APPLICATION\50.0.2661.274\INSTALLER\SETUP.EXE” –UNINSTALL” HKCU\SOFTWARE\CATALINAGROUP\UPDATE\CLIENTSTATE\{92F8A219-E740-49D5-B785-B962AD819724}\UNINSTALLSTRING: “%LOCAL APPDATA%\CATALINAGROUP\CITRIO\APPLICATION\50.0.2661.274\INSTALLER\SETUP.EXE” Detected by UnHackMe: CATALINAUPDATEBROKER.EXE DEFAULT LOCATION:…

Continue reading →

GrayWare[AdWare]/MSIL.BrowseFox.gg also known as Adware.Msil.Kranet!c, Gen:Variant.Razy.102382, Win32:Adware-gen [Adw]. Malware Analysis of GrayWare[AdWare]/MSIL.BrowseFox.gg – VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Detected by UnHackMe: VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE DEFAULT LOCATION: %TEMP%\VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Dropper hash(md5): 8227d26d0a1efc200626a356f90cca67 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

Win32.Risk.Adware.Dxcp also known as PUP.Optional.Yontoo, Gen:Variant.Razy.102382, ML.Relationship.HighConfidence [Trojan.Gen.2]. Malware Analysis of Win32.Risk.Adware.Dxcp – VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Detected by UnHackMe: VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE DEFAULT LOCATION: %TEMP%\VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Dropper hash(md5): 8227d26d0a1efc200626a356f90cca67 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

Adware.Outbrowse.116224.AR[h] also known as Trojan ( 004b1bd81 ), PUA/Outbrowse.Gen, a variant of Win32/OutBrowse.BK potentially unwanted. Malware Analysis of Adware.Outbrowse.116224.AR[h] – CC.DLL Created files: %TEMP%\WER548B.TMP.MDMP %TEMP%\BACFCABEBBBFH.EXE %TEMP%\NSMCF57.TMP\CC.DLL %TEMP%\NSMCF57.TMP\NSISUNZ.DLL %TEMP%\WER15E4.TMP.WERINTERNALMETADATA.XML Detected by UnHackMe: CC.DLL DEFAULT LOCATION: %TEMP%\NSMCF57.TMP\CC.DLL Dropper hash(md5): 56af7e769a911dc130f3f382a5b4eaf7 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Win32/Virus.Adware.650 also known as PUP.SmarterPower/Variant, ML.Relationship.HighConfidence [Trojan.Gen.2], Trj/CI.A. Malware Analysis of Win32/Virus.Adware.650 – VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Detected by UnHackMe: VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE DEFAULT LOCATION: %TEMP%\VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Dropper hash(md5): 8227d26d0a1efc200626a356f90cca67 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

not-a-virus:AdWare.MSIL.Kranet.clf also known as W32/Trojan.FNZI-7440, Artemis!8227D26D0A1E, Artemis!PUP. Malware Analysis of not-a-virus:AdWare.MSIL.Kranet.clf – VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Detected by UnHackMe: VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE DEFAULT LOCATION: %TEMP%\VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Dropper hash(md5): 8227d26d0a1efc200626a356f90cca67 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

W32.HfsAdware.9A0C also known as Win32:InstalleRex-CK [PUP], Trojan.Crossrider1.19812. Malware Analysis of W32.HfsAdware.9A0C – VIRUSSHARE_5D8972AB5C56C2DC02DBCF006217F4D3.EXE Created files: %TEMP%\1F2C\IMAGES\LOADER.GIF %TEMP%\1F2C\IMAGES\PROGRESSBAR.GIF %TEMP%\1F2C\TEMP\BG.CA %TEMP%\1F2C\TEMP\VIRUSSHARE_5D8972AB5C56C2DC02DBCF006217F4D3.EXE Detected by UnHackMe: VIRUSSHARE_5D8972AB5C56C2DC02DBCF006217F4D3.EXE DEFAULT LOCATION: %TEMP%\1F2C\TEMP\VIRUSSHARE_5D8972AB5C56C2DC02DBCF006217F4D3.EXE Dropper hash(md5): 5d8972ab5c56c2dc02dbcf006217f4d3 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

Adware.Msil.Kranet!c also known as ADWARE/BrowseFox.Gen4, Artemis!PUP, TROJ_GEN.R002C0EA817. Malware Analysis of Adware.Msil.Kranet!c – VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Detected by UnHackMe: VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE DEFAULT LOCATION: %TEMP%\VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Dropper hash(md5): 8227d26d0a1efc200626a356f90cca67 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

Adware.BrowseFoxCRTD.Win32.3561 also known as TROJ_GEN.R002C0EA817, GrayWare[AdWare]/MSIL.BrowseFox.gg, PUP.Optional.Yontoo. Malware Analysis of Adware.BrowseFoxCRTD.Win32.3561 – VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Detected by UnHackMe: VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE DEFAULT LOCATION: %TEMP%\VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Dropper hash(md5): 8227d26d0a1efc200626a356f90cca67 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

Adware/Kranet also known as ADWARE/BrowseFox.Gen4, Trojan.Win32.Generic!BT, PUA.MSIL.BrowseFox. Malware Analysis of Adware/Kranet – VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Detected by UnHackMe: VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE DEFAULT LOCATION: %TEMP%\VIRUSSHARE_8227D26D0A1EFC200626A356F90CCA67TEMP.EXE Dropper hash(md5): 8227d26d0a1efc200626a356f90cca67 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

Adware.Downware.17750 also known as Riskware.Catalina!, not-a-virus:RiskTool.Catalina, Trojan.MBro.ad. Malware Analysis of Adware.Downware.17750 – CATALINACRASHHANDLER.EXE Created files: %LOCAL APPDATA%\CATALINAGROUP\CITRIO\USER DATA\SAFE BROWSING COOKIES %LOCAL APPDATA%\CATALINAGROUP\CITRIO\USER DATA\SAFE BROWSING COOKIES-JOURNAL %LOCAL APPDATA%\CATALINAGROUP\UPDATE\1.3.25.225\CATALINACRASHHANDLER.EXE %LOCAL APPDATA%\CATALINAGROUP\UPDATE\1.3.25.225\CATALINAUPDATE.EXE %LOCAL APPDATA%\CATALINAGROUP\UPDATE\1.3.25.225\CATALINAUPDATEBROKER.EXE Autostart registry keys: HKLM\SOFTWARE\CLASSES\CITRIODOC.5H2QR4GU3NYWVL3TJ6VO2JWGTI\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\CATALINAGROUP\CITRIO\APPLICATION\CITRIO.EXE” — “%1″” HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CITRIO.5H2QR4GU3NYWVL3TJ6VO2JWGTI\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\CATALINAGROUP\CITRIO\APPLICATION\CITRIO.EXE”” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CATALINAGROUP UPDATE: “”%LOCAL APPDATA%\CATALINAGROUP\UPDATE\CATALINAUPDATE.EXE” /C” HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio\DisplayName: “Citrio” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CITRIO\UNINSTALLSTRING: “”%LOCAL APPDATA%\CATALINAGROUP\CITRIO\APPLICATION\50.0.2661.274\INSTALLER\SETUP.EXE” –UNINSTALL” HKCU\SOFTWARE\CATALINAGROUP\UPDATE\CLIENTSTATE\{92F8A219-E740-49D5-B785-B962AD819724}\UNINSTALLSTRING: “%LOCAL…

Continue reading →

AdWare/MultiPlug.hppt also known as Application.Win32.MultiPlug.AOAC, Installerex/WebPick (fs), Unwanted-Program ( 0040f9be1 ). Malware Analysis of AdWare/MultiPlug.hppt – VIRUSSHARE_58F84167CE451B97C128AE228B234F4A.EXE Created files: %COMMON APPDATA%\{C36E9FD2-B6AF-FFF6-C36E-E9FD2B6A7F4A}\VIRUSSHARE_58F84167CE451B97C128AE228B234F4A.DAT %COMMON APPDATA%\{C36E9FD2-B6AF-FFF6-C36E-E9FD2B6A7F4A}\VIRUSSHARE_58F84167CE451B97C128AE228B234F4A.EXE %SYSDIR%\TASKS\BIDAILY SYNCHRONIZE TASK[973B] %WINDIR%\TASKS\BIDAILY SYNCHRONIZE TASK[973B].JOB Detected by UnHackMe: VIRUSSHARE_58F84167CE451B97C128AE228B234F4A.EXE DEFAULT LOCATION: %COMMON APPDATA%\{C36E9FD2-B6AF-FFF6-C36E-E9FD2B6A7F4A}\VIRUSSHARE_58F84167CE451B97C128AE228B234F4A.EXE Dropper hash(md5): 58f84167ce451b97c128ae228b234f4a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading →

Adware.MultiPlug.GE (B) also known as GrayWare[AdWare:not-a-virus]/Win32.MultiPlug.bwof, Adware.MultiPlug.GE. MALWARE ANALYSIS OF ADWARE.MULTIPLUG.GE (B) – F84ED26C2B3EAF47194499D7A9576903.EXE Created files: %TEMP%\BF78\IMAGES\PROGRESSBAR.GIF %TEMP%\BF78\TEMP\BG.CA %TEMP%\BF78\TEMP\F84ED26C2B3EAF47194499D7A9576903.EXE %PROFILE%\DESKTOP\F84ED26C2B3EAF47194499D7A9576903.LNK Detected by UnHackMe: F84ED26C2B3EAF47194499D7A9576903.EXE DEFAULT LOCATION: %TEMP%\BF78\TEMP\F84ED26C2B3EAF47194499D7A9576903.EXE Dropper hash(md5): f84ed26c2b3eaf47194499d7a9576903 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

W32.HfsAdware.F4E7 also known as Adware.MultiPlug.GE, W32/S-1f722880!Eldorado, Adware.Multiplug.D6. MALWARE ANALYSIS OF W32.HFSADWARE.F4E7 – F84ED26C2B3EAF47194499D7A9576903.EXE Created files: %TEMP%\BF78\IMAGES\PROGRESSBAR.GIF %TEMP%\BF78\TEMP\BG.CA %TEMP%\BF78\TEMP\F84ED26C2B3EAF47194499D7A9576903.EXE %PROFILE%\DESKTOP\F84ED26C2B3EAF47194499D7A9576903.LNK Detected by UnHackMe: F84ED26C2B3EAF47194499D7A9576903.EXE DEFAULT LOCATION: %TEMP%\BF78\TEMP\F84ED26C2B3EAF47194499D7A9576903.EXE Dropper hash(md5): f84ed26c2b3eaf47194499d7a9576903 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

Adware.MultiPlug.Win32.512338 also known as PUP.Optional.MultiPlug, Adware.Installerex.A8, Unwanted-Program ( 004c93fb1 ). MALWARE ANALYSIS OF ADWARE.MULTIPLUG.WIN32.512338 – 57ADDE8451FF906E0D28E79106B88742.EXE Created files: %COMMON APPDATA%\{EC2316E2-CE82-4F30-EC23-316E2CE85B8B}\9FCE812C0067733D %COMMON APPDATA%\{EC2316E2-CE82-4F30-EC23-316E2CE85B8B}\57ADDE8451FF906E0D28E79106B88742.DAT %COMMON APPDATA%\{EC2316E2-CE82-4F30-EC23-316E2CE85B8B}\57ADDE8451FF906E0D28E79106B88742.EXE %SYSDIR%\TASKS\EYEPRODUCTIVE %WINDIR%\TASKS\EYEPRODUCTIVE.JOB Detected by UnHackMe: 57ADDE8451FF906E0D28E79106B88742.EXE DEFAULT LOCATION: %COMMON APPDATA%\{EC2316E2-CE82-4F30-EC23-316E2CE85B8B}\57ADDE8451FF906E0D28E79106B88742.EXE Dropper hash(md5): 57adde8451ff906e0d28e79106b88742 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Adware.MultiPlug.GE also known as MultiPlug, Win32:Agent-AUVV [Trj], W32/S-1f722880!Eldorado. MALWARE ANALYSIS OF ADWARE.MULTIPLUG.GE – F84ED26C2B3EAF47194499D7A9576903.EXE Created files: %TEMP%\BF78\IMAGES\PROGRESSBAR.GIF %TEMP%\BF78\TEMP\BG.CA %TEMP%\BF78\TEMP\F84ED26C2B3EAF47194499D7A9576903.EXE %PROFILE%\DESKTOP\F84ED26C2B3EAF47194499D7A9576903.LNK Detected by UnHackMe: F84ED26C2B3EAF47194499D7A9576903.EXE DEFAULT LOCATION: %TEMP%\BF78\TEMP\F84ED26C2B3EAF47194499D7A9576903.EXE Dropper hash(md5): f84ed26c2b3eaf47194499d7a9576903 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

AdWare/MultiPlug.corx also known as BehavesLike.Win32.MultiPlug.fh, AdLoad, AdWare.Adload. MALWARE ANALYSIS OF ADWARE/MULTIPLUG.CORX – F84DE400F7DA92A6C6518866E381E4E4.EXE Created files: %COMMON APPDATA%\{6A1B8BC8-CC08-D39A-6A1B-B8BC8CC02F23}\ABC421E9D9542A4D %COMMON APPDATA%\{6A1B8BC8-CC08-D39A-6A1B-B8BC8CC02F23}\F84DE400F7DA92A6C6518866E381E4E4.DAT %COMMON APPDATA%\{6A1B8BC8-CC08-D39A-6A1B-B8BC8CC02F23}\F84DE400F7DA92A6C6518866E381E4E4.EXE %SYSDIR%\TASKS\BRILLIANTART %WINDIR%\TASKS\BRILLIANTART.JOB Detected by UnHackMe: F84DE400F7DA92A6C6518866E381E4E4.EXE DEFAULT LOCATION: %COMMON APPDATA%\{6A1B8BC8-CC08-D39A-6A1B-B8BC8CC02F23}\F84DE400F7DA92A6C6518866E381E4E4.EXE Dropper hash(md5): f84de400f7da92a6c6518866e381e4e4 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →