BackDoor-FDGG!637BA113688A also known as Troj.W32.Generic!c, Trojan.Generic.pxlb, Gen:Win32.ExplorerHijack.nuW@aejoR8ei. Malware Analysis of BackDoor-FDGG!637BA113688A – SECURITY.EXE Created files: %APPDATA%\SECURITY.EXE %APPDATA%\TMP227.TMP Detected by UnHackMe: SECURITY.EXE DEFAULT LOCATION: %APPDATA%\SECURITY.EXE Dropper hash(md5): 637ba113688a744094a8e69948d87954 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

BackDoor.Agent.BBKH also known as TROJ_GEN.R00JC0DEF16, Trojan/Win32.Farfli.N1993804903, Trojan.Farfli.Win32.25373. Malware Analysis of BackDoor.Agent.BBKH – E241A105.EXE Created files: %WINDIR%\E241A105.EXE Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MNOPQR TUVWXYAB DEF\IMAGEPATH: “%WINDIR%\E241A105.EXE” HKLM\System\CurrentControlSet\services\Mnopqr Tuvwxyab Def\DisplayName: “Mnopqr Tuvwxyab Defghijk Mnop” Detected by UnHackMe: E241A105.EXE Default location: %WinDir%\E241A105.EXE Dropper hash(md5): 5848e68c33dcbeff04396de17771a913 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading →

Backdoor.Androm!kD6FoS6JaSc also known as W32/Trojan.BMLG-1744, Trojan.GenericKD.3242527, W32/Injector.CYIA!tr. Malware Analysis of Backdoor.Androm!kD6FoS6JaSc – WINDIWS.EXE Created files: %TEMP%\WINDIWS\WINDIWS %TEMP%\WINDIWS\WINDIWS.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\2F0FD999-E8C4-4D3E-9D5F-0B00187112C4 Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{EE4F24BA-BEBB-7FB6-A16E-A5CAD2D9FCF1}\STUBPATH: “%TEMP%\WINDIWS\WINDIWS.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{EE4F24BA-BEBB-7FB6-A16E-A5CAD2D9FCF1}\STUBPATH: “%TEMP%\WINDIWS\WINDIWS.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” Detected by UnHackMe: WINDIWS.EXE DEFAULT LOCATION: %TEMP%\WINDIWS\WINDIWS.EXE Dropper hash(md5): 09f5e24e4e6791b4368018f653119211 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading →

Backdoor.W32.DarkKomet.mzOX also known as BKDR_FYNLOS.SMM, Trojan.Fynloski.Win32.742, Backdoor.Win32.DarkKomet. Malware Analysis of Backdoor.W32.DarkKomet.mzOX – HACKER CS.EXE Created files: %TEMP%\ABITSMARTER[ V8.3.6].EXE %TEMP%\HACKER CS.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-3826439297-2269405635-17600287-1000\C5DFB9E2-7594-4BE9-A810-699028EF67F3 %APPDATA%\GODMODE.{ED7BA470-8E54-465E-825C-99712043E01C}\GODMODE.EXE Detected by UnHackMe: HACKER CS.EXE DEFAULT LOCATION: %TEMP%\HACKER CS.EXE Dropper hash(md5): 4ac1c0bc74a5c2558c2fbdb6a75090b2 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

Backdoor.Kirts!8.5853-gTFUn2T5vTP (Cloud) also known as Trojan.Generic.D33A024, Msil.Trojan.Agent.Pdcq, Trojan.GenericKD.3383332 (B). Malware Analysis of Backdoor.Kirts!8.5853-gTFUn2T5vTP (Cloud) – WINSTRSP.EXE Created files: %TEMP%\WINOPEN.EXEWINOPEN.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-3826439297-2269405635-17600287-1000\9AE9C6C7-6D94-4277-9217-B30EB7FCA38B %APPDATA%\WINSTRSP.EXE %SYSDIR%\TASKS\UPDATE\WVGTPMEULXDWVGTPMEULXDHUSPCPQZGMUTRLHUSPCPQZGMUTRL Detected by UnHackMe: WINSTRSP.EXE DEFAULT LOCATION: %APPDATA%\WINSTRSP.EXE Dropper hash(md5): 4b38a2387e5afd75891d8124fab8dec8 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

BackDoor.Generic19.ASHC also known as Trojan.Win32.FakeLpk.aad, W32/Farfli.PZ!tr, Gen:Variant.Razy.73930. Malware Analysis of BackDoor.Generic19.ASHC – VNFVN.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\AE53C677-92B1-482B-9B66-795217779F77 %SYSDIR%\VNFVN.EXE %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_VNFVN.EXE_154BC419BB4FC3B934131FD2868DE1E5F38373_CAB_0EF2D43E\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_VNFVN.EXE_154BC419BB4FC3B934131FD2868DE1E5F38373_CAB_0EF2D43E\WERCB83.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_VNFVN.EXE_154BC419BB4FC3B934131FD2868DE1E5F38373_CAB_0EF2D43E\WERCBF2.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VNFVNF WOFWO\IMAGEPATH: “%SYSDIR%\VNFVN.EXE” HKLM\System\CurrentControlSet\services\Vnfvnf Wofwo\DisplayName: “Skcskb Tlctlctk Dulduldt Meum” Detected by UnHackMe: VNFVN.EXE Default location: %SYSDIR%\VNFVN.EXE Dropper hash(md5): 0829ba237ae7fa9390bfd2677b47a22a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading →

Backdoor.Kirts also known as Trojan.MSIL.dfsg, Ransom-DelAll!4B38A2387E5A, Backdoor/Win32.Kirts.N2041844235. Malware Analysis of Backdoor.Kirts – WINSTRSP.EXE Created files: %TEMP%\WINOPEN.EXEWINOPEN.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-3826439297-2269405635-17600287-1000\9AE9C6C7-6D94-4277-9217-B30EB7FCA38B %APPDATA%\WINSTRSP.EXE %SYSDIR%\TASKS\UPDATE\WVGTPMEULXDWVGTPMEULXDHUSPCPQZGMUTRLHUSPCPQZGMUTRL Detected by UnHackMe: WINSTRSP.EXE DEFAULT LOCATION: %APPDATA%\WINSTRSP.EXE Dropper hash(md5): 4b38a2387e5afd75891d8124fab8dec8 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

Backdoor.Win32.Androm.jucc also known as Riskware ( 0040eff71 ), BehavesLike.Win32.Backdoor.jh, Win32.Backdoor.Androm.Jcn. Malware Analysis of Backdoor.Win32.Androm.jucc – WINDIWS.EXE Created files: %TEMP%\WINDIWS\WINDIWS %TEMP%\WINDIWS\WINDIWS.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\2F0FD999-E8C4-4D3E-9D5F-0B00187112C4 Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{EE4F24BA-BEBB-7FB6-A16E-A5CAD2D9FCF1}\STUBPATH: “%TEMP%\WINDIWS\WINDIWS.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{EE4F24BA-BEBB-7FB6-A16E-A5CAD2D9FCF1}\STUBPATH: “%TEMP%\WINDIWS\WINDIWS.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” Detected by UnHackMe: WINDIWS.EXE DEFAULT LOCATION: %TEMP%\WINDIWS\WINDIWS.EXE Dropper hash(md5): 09f5e24e4e6791b4368018f653119211 UnHackMe removes malware invisible for your antivirus!…

Continue reading →

Backdoor.Win32.DarkKomet.gvls also known as TrojanDownloader.Fynloski.AM, Backdoor.Win32.DarkKomet!O, Gen:Trojan.Heur.pmKfru5!IJmS. Malware Analysis of Backdoor.Win32.DarkKomet.gvls – HACKER CS.EXE Created files: %TEMP%\ABITSMARTER[ V8.3.6].EXE %TEMP%\HACKER CS.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-3826439297-2269405635-17600287-1000\C5DFB9E2-7594-4BE9-A810-699028EF67F3 %APPDATA%\GODMODE.{ED7BA470-8E54-465E-825C-99712043E01C}\GODMODE.EXE Detected by UnHackMe: HACKER CS.EXE DEFAULT LOCATION: %TEMP%\HACKER CS.EXE Dropper hash(md5): 4ac1c0bc74a5c2558c2fbdb6a75090b2 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

Backdoor.W32.Androm!c also known as Trojan.GenericKD.3242527, Trojan.Gen.2, RDN/Generic BackDoor. Malware Analysis of Backdoor.W32.Androm!c – WINDIWS.EXE Created files: %TEMP%\WINDIWS\WINDIWS %TEMP%\WINDIWS\WINDIWS.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\2F0FD999-E8C4-4D3E-9D5F-0B00187112C4 Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{EE4F24BA-BEBB-7FB6-A16E-A5CAD2D9FCF1}\STUBPATH: “%TEMP%\WINDIWS\WINDIWS.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{EE4F24BA-BEBB-7FB6-A16E-A5CAD2D9FCF1}\STUBPATH: “%TEMP%\WINDIWS\WINDIWS.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” Detected by UnHackMe: WINDIWS.EXE DEFAULT LOCATION: %TEMP%\WINDIWS\WINDIWS.EXE Dropper hash(md5): 09f5e24e4e6791b4368018f653119211 UnHackMe removes malware invisible for your antivirus! UnHackMe is…

Continue reading →

Backdoor.Androm.r8 also known as Trojan.Win32.Generic!BT, Riskware ( 0040eff71 ), Trj/GdSda.A. Malware Analysis of Backdoor.Androm.r8 – WINDIWS.EXE Created files: %TEMP%\WINDIWS\WINDIWS %TEMP%\WINDIWS\WINDIWS.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\2F0FD999-E8C4-4D3E-9D5F-0B00187112C4 Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{EE4F24BA-BEBB-7FB6-A16E-A5CAD2D9FCF1}\STUBPATH: “%TEMP%\WINDIWS\WINDIWS.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{EE4F24BA-BEBB-7FB6-A16E-A5CAD2D9FCF1}\STUBPATH: “%TEMP%\WINDIWS\WINDIWS.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” Detected by UnHackMe: WINDIWS.EXE DEFAULT LOCATION: %TEMP%\WINDIWS\WINDIWS.EXE Dropper hash(md5): 09f5e24e4e6791b4368018f653119211 UnHackMe removes malware invisible for your antivirus!…

Continue reading →

Backdoor/Win32.Kirts.N2041844235 also known as Trojan.Dropper.MSIL, Troj/Ransom-DJC, Trojan.Fakeransomdel. Malware Analysis of Backdoor/Win32.Kirts.N2041844235 – WINSTRSP.EXE Created files: %TEMP%\WINOPEN.EXEWINOPEN.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-3826439297-2269405635-17600287-1000\9AE9C6C7-6D94-4277-9217-B30EB7FCA38B %APPDATA%\WINSTRSP.EXE %SYSDIR%\TASKS\UPDATE\WVGTPMEULXDWVGTPMEULXDHUSPCPQZGMUTRLHUSPCPQZGMUTRL Detected by UnHackMe: WINSTRSP.EXE DEFAULT LOCATION: %APPDATA%\WINSTRSP.EXE Dropper hash(md5): 4b38a2387e5afd75891d8124fab8dec8 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

backdoor.win32.pirpi.f!dha also known as Win32.Adware.Kryptik.j, malicious_confidence_100% (D), TR/Crypt.XPACK.Gen. Malware Analysis of backdoor.win32.pirpi.f!dha – 058806A16A9629AF26A70DBAB48A6598.EXE Created files: %WINDIR%\TASKS\CLOCKSHOCK.JOB %COMMON APPDATA%\{AC9ACC4C-CEB1-5AEF-AC9A-ACC4CCEB3133}\058806A16A9629AF26A70DBAB48A6598.DAT %COMMON APPDATA%\{AC9ACC4C-CEB1-5AEF-AC9A-ACC4CCEB3133}\058806A16A9629AF26A70DBAB48A6598.EXE %COMMON APPDATA%\{AC9ACC4C-CEB1-5AEF-AC9A-ACC4CCEB3133}\1A71D9C67D3EEEF1 %COMMON APPDATA%\{AC9ACC4C-CEB1-5AEF-AC9A-ACC4CCEB3133}\D78C7F935AEA0925 Detected by UnHackMe: 058806A16A9629AF26A70DBAB48A6598.EXE DEFAULT LOCATION: %COMMON APPDATA%\{AC9ACC4C-CEB1-5AEF-AC9A-ACC4CCEB3133}\058806A16A9629AF26A70DBAB48A6598.EXE Dropper hash(md5): 058806a16a9629af26a70dbab48a6598 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

Win32.Backdoor.Androm.Jcn also known as Trojan.Win32.Delphi.ecmmpa, Backdoor.Androm.r8, TROJ_GEN.R023C0REI16. Malware Analysis of Win32.Backdoor.Androm.Jcn – WINDIWS.EXE Created files: %TEMP%\WINDIWS\WINDIWS %TEMP%\WINDIWS\WINDIWS.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\2F0FD999-E8C4-4D3E-9D5F-0B00187112C4 Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{EE4F24BA-BEBB-7FB6-A16E-A5CAD2D9FCF1}\STUBPATH: “%TEMP%\WINDIWS\WINDIWS.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{EE4F24BA-BEBB-7FB6-A16E-A5CAD2D9FCF1}\STUBPATH: “%TEMP%\WINDIWS\WINDIWS.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” Detected by UnHackMe: WINDIWS.EXE DEFAULT LOCATION: %TEMP%\WINDIWS\WINDIWS.EXE Dropper hash(md5): 09f5e24e4e6791b4368018f653119211 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading →

Backdoor:Win32/Zegost.AD also known as HEUR:Trojan.Win32.Generic, Gen:Variant.Razy.73930 (B), a variant of Win32/ServStart.F. Malware Analysis of Backdoor:Win32/Zegost.AD – VNFVN.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\AE53C677-92B1-482B-9B66-795217779F77 %SYSDIR%\VNFVN.EXE %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_VNFVN.EXE_154BC419BB4FC3B934131FD2868DE1E5F38373_CAB_0EF2D43E\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_VNFVN.EXE_154BC419BB4FC3B934131FD2868DE1E5F38373_CAB_0EF2D43E\WERCB83.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_VNFVN.EXE_154BC419BB4FC3B934131FD2868DE1E5F38373_CAB_0EF2D43E\WERCBF2.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VNFVNF WOFWO\IMAGEPATH: “%SYSDIR%\VNFVN.EXE” HKLM\System\CurrentControlSet\services\Vnfvnf Wofwo\DisplayName: “Skcskb Tlctlctk Dulduldt Meum” Detected by UnHackMe: VNFVN.EXE Default location: %SYSDIR%\VNFVN.EXE Dropper hash(md5): 0829ba237ae7fa9390bfd2677b47a22a UnHackMe removes malware invisible for your…

Continue reading →

Backdoor.Androm.Win32.35091 also known as TROJ_GEN.R023C0REI16, TROJ_GEN.R023C0REI16, W32/Injector.CYIA!tr. Malware Analysis of Backdoor.Androm.Win32.35091 – WINDIWS.EXE Created files: %TEMP%\WINDIWS\WINDIWS %TEMP%\WINDIWS\WINDIWS.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\2F0FD999-E8C4-4D3E-9D5F-0B00187112C4 Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{EE4F24BA-BEBB-7FB6-A16E-A5CAD2D9FCF1}\STUBPATH: “%TEMP%\WINDIWS\WINDIWS.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{EE4F24BA-BEBB-7FB6-A16E-A5CAD2D9FCF1}\STUBPATH: “%TEMP%\WINDIWS\WINDIWS.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” Detected by UnHackMe: WINDIWS.EXE DEFAULT LOCATION: %TEMP%\WINDIWS\WINDIWS.EXE Dropper hash(md5): 09f5e24e4e6791b4368018f653119211 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading →

Backdoor/W32.DarkKomet.258048.P also known as Win32.Backdoor.Agent.l, Malware.Radar02.Gen, W32/Generic.AC.DB56!tr. Malware Analysis of Backdoor/W32.DarkKomet.258048.P – HACKER CS.EXE Created files: %TEMP%\ABITSMARTER[ V8.3.6].EXE %TEMP%\HACKER CS.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-3826439297-2269405635-17600287-1000\C5DFB9E2-7594-4BE9-A810-699028EF67F3 %APPDATA%\GODMODE.{ED7BA470-8E54-465E-825C-99712043E01C}\GODMODE.EXE Detected by UnHackMe: HACKER CS.EXE DEFAULT LOCATION: %TEMP%\HACKER CS.EXE Dropper hash(md5): 4ac1c0bc74a5c2558c2fbdb6a75090b2 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

backdoor.win32.hupigon.fi also known as Trojan.VIZ.Gen.1, PWS-Zbot, TROJ_RANSOM.SM05. Malware Analysis of backdoor.win32.hupigon.fi – BOBUS.EXE Created files: %TEMP%\PPCRLUI_3244_2 %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\C9AC1FB9-D5F6-4651-BB64-C422F4E29FCA %APPDATA%\IJRI\BOBUS.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BOBUS: “%APPDATA%\IJRI\BOBUS.EXE” Detected by UnHackMe: BOBUS.EXE DEFAULT LOCATION: %APPDATA%\IJRI\BOBUS.EXE Dropper hash(md5): 022dfefb877ab14a37782d49ab01299b UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Backdoor/W32.Agent.61952.P also known as Win32/PcClient.JX, Backdoor/Win32.Nbdd, Backdoor/Agent.cpdt. Malware Analysis of Backdoor/W32.Agent.61952.P – RGMXTGC.DLL Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\F429AA47-BE62-4AFA-B9F5-F8FB38F5715F %SYSDIR%\RGMXTGC.DLL Detected by UnHackMe: RGMXTGC.DLL Default location: %SYSDIR%\RGMXTGC.DLL Dropper hash(md5): 025c2195a2e28d89fe8f543aaae21cb5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

Backdoor:Win32/VB.AVD also known as Generic.Keylogger.F045BA0C, Backdoor.VB.YVS, Backdoor.Win32.VB!O. Malware Analysis of Backdoor:Win32/VB.AVD – TYPE32.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\69B259F9-E08E-4590-8442-343261DDC66C %SYSDIR%\MSWINSCK.OCX %SYSDIR%\OPTRVES.DLL %SYSDIR%\TYPE32.EXE Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\INPROCSERVER32\: “%SYSDIR%\MSWINSCK.OCX” HKLM\SOFTWARE\CLASSES\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\INPROCSERVER32\: “%SYSDIR%\MSWINSCK.OCX” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\GCSERV: “%SYSDIR%\TYPE32.EXE” Detected by UnHackMe: TYPE32.EXE Default location: %SYSDIR%\TYPE32.EXE Dropper hash(md5): 018b3c5f31905d7a6dadb36b5e7a7a56 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Backdoor/Agent.akfg also known as TrojWare.Win32.Agent.PDSB, BKDR_PCCLIE.SMA, Backdoor.Pcclient.Zl5. Malware Analysis of Backdoor/Agent.akfg – RGMXTGC.DLL Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\F429AA47-BE62-4AFA-B9F5-F8FB38F5715F %SYSDIR%\RGMXTGC.DLL Detected by UnHackMe: RGMXTGC.DLL Default location: %SYSDIR%\RGMXTGC.DLL Dropper hash(md5): 025c2195a2e28d89fe8f543aaae21cb5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

Backdoor.VB.YVS also known as PSW.Generic11.FYD, W32/BackdoorP.BK, Generic.Keylogger.F045BA0C. Malware Analysis of Backdoor.VB.YVS – TYPE32.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\69B259F9-E08E-4590-8442-343261DDC66C %SYSDIR%\MSWINSCK.OCX %SYSDIR%\OPTRVES.DLL %SYSDIR%\TYPE32.EXE Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\INPROCSERVER32\: “%SYSDIR%\MSWINSCK.OCX” HKLM\SOFTWARE\CLASSES\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\INPROCSERVER32\: “%SYSDIR%\MSWINSCK.OCX” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\GCSERV: “%SYSDIR%\TYPE32.EXE” Detected by UnHackMe: TYPE32.EXE Default location: %SYSDIR%\TYPE32.EXE Dropper hash(md5): 018b3c5f31905d7a6dadb36b5e7a7a56 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Backdoor.CPEX.Win32.21499 also known as Gen:Variant.Buzy.248, W32/Esfury.A.worm, Gen:Variant.Buzy.248. Malware Analysis of Backdoor.CPEX.Win32.21499 – BQJEJC.DLL Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\8407652C-E45A-4A42-AF80-5D6595EA9EA4 %SYSTEMDRIVE%\RECYCLER\ITSS.EXE %Program Files Common%\bqjejc.dll %Program Files Common%\TabIt.exe %COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\ITSS.LNK Detected by UnHackMe: BQJEJC.DLL Default location: %PROGRAM FILES COMMON%\BQJEJC.DLL Dropper hash(md5): 0105334ddb81846da2a15ec96a25b4d5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Backdoor.Win32.PcClient.zl (v) also known as BKDR_PCCLIE.SMA, Win32:PcClient-ZE [Trj], Trojan.Backdoor. Malware Analysis of Backdoor.Win32.PcClient.zl (v) – RGMXTGC.DLL Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\F429AA47-BE62-4AFA-B9F5-F8FB38F5715F %SYSDIR%\RGMXTGC.DLL Detected by UnHackMe: RGMXTGC.DLL Default location: %SYSDIR%\RGMXTGC.DLL Dropper hash(md5): 025c2195a2e28d89fe8f543aaae21cb5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Backdoor.Win32.Dokstormac also known as DR/Delphi.A.3295, Trojan.Generic, Trojan/Injector.bulg. Malware Analysis of Backdoor.Win32.Dokstormac – 2923.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS\WER\REPORTARCHIVE\APPCRASH_FIREFOX.EXE_32BB5FC8E332D945A08D7C15EFC4EA816A04B1_0954F161\REPORT.WER %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-3826439297-2269405635-17600287-1000\0FF32117-2CA9-41A2-B73D-C2746A200271 %APPDATA%\SPFS\2923.EXE %APPDATA%\SPFS\3024.EXE %APPDATA%\SPFS\CPM.DLL Detected by UnHackMe: 2923.EXE DEFAULT LOCATION: %APPDATA%\SPFS\2923.EXE Dropper hash(md5): 240600688420b304b01e291f54afa506 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Backdoor ( 04c4bbee1 ) also known as Gen:Variant.Graftor.22170, Trojan-Downloader.Win32.Agent.cgrr, Win32:Agent-AEIX [Trj]. Malware Analysis of Backdoor ( 04c4bbee1 ) – 04AE73AA9FDDDC6C53F5BD6F3B67302B.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\4469F26B-764A-4176-9EF5-D47F78F576FD %SYSDIR%\04AE73AA9FDDDC6C53F5BD6F3B67302B.EXE Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTESTORAGE\IMAGEPATH: “%SYSDIR%\04AE73AA9FDDDC6C53F5BD6F3B67302B.EXE” HKLM\System\CurrentControlSet\services\RemoteStorage\DisplayName: “Windows Accounts Driver” Detected by UnHackMe: 04AE73AA9FDDDC6C53F5BD6F3B67302B.EXE Default location: %SYSDIR%\04AE73AA9FDDDC6C53F5BD6F3B67302B.EXE Dropper hash(md5): 04ae73aa9fdddc6c53f5bd6f3b67302b UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most…

Continue reading →

Backdoor.W32.VB.lgj3 also known as Generic.Keylogger.F045BA0C, TScope.Trojan.VB, TrojWare.Win32.Spy.VB.NBU. Malware Analysis of Backdoor.W32.VB.lgj3 – TYPE32.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\69B259F9-E08E-4590-8442-343261DDC66C %SYSDIR%\MSWINSCK.OCX %SYSDIR%\OPTRVES.DLL %SYSDIR%\TYPE32.EXE Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\INPROCSERVER32\: “%SYSDIR%\MSWINSCK.OCX” HKLM\SOFTWARE\CLASSES\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\INPROCSERVER32\: “%SYSDIR%\MSWINSCK.OCX” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\GCSERV: “%SYSDIR%\TYPE32.EXE” Detected by UnHackMe: TYPE32.EXE Default location: %SYSDIR%\TYPE32.EXE Dropper hash(md5): 018b3c5f31905d7a6dadb36b5e7a7a56 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

BackDoor-CCT.dll also known as Gen:Variant.Buzy.248, Trojan ( 0000f63b1 ), Gen:Variant.Buzy.248. Malware Analysis of BackDoor-CCT.dll – BQJEJC.DLL Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\8407652C-E45A-4A42-AF80-5D6595EA9EA4 %SYSTEMDRIVE%\RECYCLER\ITSS.EXE %Program Files Common%\bqjejc.dll %Program Files Common%\TabIt.exe %COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\ITSS.LNK Detected by UnHackMe: BQJEJC.DLL Default location: %PROGRAM FILES COMMON%\BQJEJC.DLL Dropper hash(md5): 0105334ddb81846da2a15ec96a25b4d5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software.…

Continue reading →

Backdoor.Win32.Nbdd.61440 also known as Backdoor:Win32/PcClient.ZL, Backdoor/Agent.akfg, Backdoor.PcClient.TFU. Malware Analysis of Backdoor.Win32.Nbdd.61440 – RGMXTGC.DLL Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\F429AA47-BE62-4AFA-B9F5-F8FB38F5715F %SYSDIR%\RGMXTGC.DLL Detected by UnHackMe: RGMXTGC.DLL Default location: %SYSDIR%\RGMXTGC.DLL Dropper hash(md5): 025c2195a2e28d89fe8f543aaae21cb5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

BackDoor.Generic12.AVTW also known as TrojWare.Win32.Agent.PDSB, Backdoor/W32.Agent.61952.P, Backdoor.Win32.PcClient.zl (v). Malware Analysis of BackDoor.Generic12.AVTW – RGMXTGC.DLL Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\F429AA47-BE62-4AFA-B9F5-F8FB38F5715F %SYSDIR%\RGMXTGC.DLL Detected by UnHackMe: RGMXTGC.DLL Default location: %SYSDIR%\RGMXTGC.DLL Dropper hash(md5): 025c2195a2e28d89fe8f543aaae21cb5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →