Spyware/Win32.Zbot.R71682 also known as Win32.Trojan.WisdomEyes.151026.9950.9999, Trj/Genetic.gen, Packed.Generic.402. Malware Analysis of Spyware/Win32.Zbot.R71682 – EHELS.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS MAIL\TMP.EDB %TEMP%\PPCRLUI_4000_2 %APPDATA%\URJAD\EHELS.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\EHELS: “%APPDATA%\URJAD\EHELS.EXE” Detected by UnHackMe: EHELS.EXE DEFAULT LOCATION: %APPDATA%\URJAD\EHELS.EXE Dropper hash(md5): c7bdd1334c20cd73e23a8be62f44c3a0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Spyware.PSW.WOW.148992.B also known as Trojan.WOW.GHS, Trojan-GameThief.Win32.WOW.oww, W32/DelpDldr.B. Malware Analysis of Spyware.PSW.WOW.148992.B – KERNEL64.EXE Created files: %SYSDIR%\KERNEL64.EXE %WINDIR%\TEMP\KNO6BE4.TMP %WINDIR%\MFC64.EXE Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KERNEL64\IMAGEPATH: “%SYSDIR%\KERNEL64.EXE” HKLM\System\CurrentControlSet\services\kernel64\DisplayName: “kernel64” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MFC64\IMAGEPATH: “%WINDIR%\MFC64.EXE” HKLM\System\CurrentControlSet\services\mfc64\DisplayName: “mfc64” Detected by UnHackMe: KERNEL64.EXE Default location: %SYSDIR%\KERNEL64.EXE Dropper hash(md5): 39ca6d8798df95a7ad94d1ae70f3d70e UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading →

Win.Spyware.49351-2 also known as Win32:Susn-K [Trj], Win32/Treemz.AH, Trojan.PWS.OnlineGames.ZAY. Malware Analysis of Win.Spyware.49351-2 – CAOTXBK.EXE Created files: %SYSDIR%\CAOTXB.DLL %SYSDIR%\CAOTXBK.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “caotxb.dll” Detected by UnHackMe: CAOTXBK.EXE Default location: %SYSDIR%\CAOTXBK.EXE Dropper hash(md5): aab19347ddc585cb650eb37e53063343 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

Spyware/Win32.Zbot.R71682 also known as Win32.Trojan.WisdomEyes.151026.9950.9999, Trj/Genetic.gen, Packed.Generic.402. Malware Analysis of Spyware/Win32.Zbot.R71682 – EHELS.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS MAIL\TMP.EDB %TEMP%\PPCRLUI_4000_2 %APPDATA%\URJAD\EHELS.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\EHELS: “%APPDATA%\URJAD\EHELS.EXE” Detected by UnHackMe: EHELS.EXE DEFAULT LOCATION: %APPDATA%\URJAD\EHELS.EXE Dropper hash(md5): c7bdd1334c20cd73e23a8be62f44c3a0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Spyware ( 004b95a91 ) also known as Gen:Trojan.Heur.oibkrH0zZ3iiy, Win32:Dropper-NMM [Drp], Win32.Rootkit.Agent.s. Malware Analysis of Spyware ( 004b95a91 ) – NIENF.EXE Created files: %TEMP%\GOLFINFO.INI %TEMP%\NIENF.EXE %TEMP%\WIZIA.EXE Detected by UnHackMe: NIENF.EXE DEFAULT LOCATION: %TEMP%\NIENF.EXE Dropper hash(md5): c7b19f8250b70ae5bd46590749bf9660 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

RogueAntiSpyware.SecurityEssentialFraud!rem also known as Generic Trojan, Trojan.FakeAlert, SecurityEssentialFraud. Malware Analysis of RogueAntiSpyware.SecurityEssentialFraud!rem – JH.EXE Created files: %TEMP%\JH.EXE %TEMP%\OPA %APPDATA%\ASDFASFAS.BAT %APPDATA%\PALLADIUM.EXE %APPDATA%\UID_PAL Detected by UnHackMe: JH.EXE DEFAULT LOCATION: %TEMP%\JH.EXE Dropper hash(md5): c114517779d4eed078efcef29eb698f1 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Spyware.KL.Delf!1.6558 also known as Trojan.Win32.A.PSW-Lmir.68836[UPX][h], Trojan.PWS.Legmir.340, TrojanGameThief.Lmir.r3. Malware Analysis of Spyware.KL.Delf!1.6558 – IKYKY.DLL Created files: %SYSDIR%\IKYKY.DLL %SYSTEMDRIVE%\FILEDEBUG Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{8BAA7594-70F6-4895-BA1C-778C33327E83}\INPROCSERVER32\: “%SYSDIR%\IKYKY.DLL” Detected by UnHackMe: IKYKY.DLL Default location: %SYSDIR%\IKYKY.DLL Dropper hash(md5): 5e1b97e999a7f1a8cf50a24d58432dd5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

Win.Spyware.DeskAd-4 also known as Adware.WinTaskAd, Application.Win32.Adware.WUpd, Win32/Adware.WUpd. Malware Analysis of Win.Spyware.DeskAd-4 – DESKADCOMM.DLL Created files: %Program Files%\DeskAd Service\DeskAdComm.dll %Program Files%\DeskAd Service\DeskAdKeep.exe %Program Files%\DeskAd Service\DeskAdServ.exe %Program Files%\DeskAd Service\Info.txt %SYSDIR%\IDE21201.VXD Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\DeskAd Service: “%Program Files%\DeskAd Service\DeskAdServ.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DeskAd Service\UninstallString: “%Program Files%\DeskAd Service\DeskAdServ.exe /Remove” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DeskAd Service\DisplayName: “DeskAd Service” Detected by UnHackMe: DESKADCOMM.DLL Default location: %PROGRAM FILES%\DESKAD SERVICE\DESKADCOMM.DLL…

Continue reading →

FraudTool.AwolaAntiSpyware.f also known as Riskware/AwolaAntiSpyware, Tool.AwolaAntiSpyware.Win32.32. Malware Analysis of FraudTool.AwolaAntiSpyware.f – AWOLA6.EXE Created files: %START MENU%\PROGRAMS\AWOLA6\AWOLA ANTI-SPYWARE 6.0.LNK %START MENU%\PROGRAMS\AWOLA6\UNINSTALL AWOLA ANTI-SPYWARE 6.0.LNK %APPDATA%\AWOLA6\AWOLA6.EXE %APPDATA%\AWOLA6\SETTINGS.INI Detected by UnHackMe: AWOLA6.EXE DEFAULT LOCATION: %APPDATA%\AWOLA6\AWOLA6.EXE Dropper hash(md5): 005afd55fcdd5f2d600f7c15c8037aaa UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Tool.AwolaAntiSpyware.Win32.32 also known as a variant of Win32/Adware.AwolaAntiSpyware.AB, Trojan.Generic.292601. Malware Analysis of Tool.AwolaAntiSpyware.Win32.32 – AWOLA6.EXE Created files: %START MENU%\PROGRAMS\AWOLA6\AWOLA ANTI-SPYWARE 6.0.LNK %START MENU%\PROGRAMS\AWOLA6\UNINSTALL AWOLA ANTI-SPYWARE 6.0.LNK %APPDATA%\AWOLA6\AWOLA6.EXE %APPDATA%\AWOLA6\SETTINGS.INI Detected by UnHackMe: AWOLA6.EXE DEFAULT LOCATION: %APPDATA%\AWOLA6\AWOLA6.EXE Dropper hash(md5): 005afd55fcdd5f2d600f7c15c8037aaa UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Fraudtool.AwolaAntiSpyware!E6nTIEV/X1s also known as HEUR/QVM07.1.0000.Malware.Gen, Riskware.Win32.AwolaAntiSpyware.bblxj, Trojan.Generic.292601 (B). Malware Analysis of Fraudtool.AwolaAntiSpyware!E6nTIEV/X1s – AWOLA6.EXE Created files: %START MENU%\PROGRAMS\AWOLA6\AWOLA ANTI-SPYWARE 6.0.LNK %START MENU%\PROGRAMS\AWOLA6\UNINSTALL AWOLA ANTI-SPYWARE 6.0.LNK %APPDATA%\AWOLA6\AWOLA6.EXE %APPDATA%\AWOLA6\SETTINGS.INI Detected by UnHackMe: AWOLA6.EXE DEFAULT LOCATION: %APPDATA%\AWOLA6\AWOLA6.EXE Dropper hash(md5): 005afd55fcdd5f2d600f7c15c8037aaa UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Riskware.Win32.AwolaAntiSpyware.bblxj also known as Riskware/AwolaAntiSpyware, Adware ( 004db8861 ), Trojan.Win32.FakeAV. Malware Analysis of Riskware.Win32.AwolaAntiSpyware.bblxj – AWOLA6.EXE Created files: %START MENU%\PROGRAMS\AWOLA6\AWOLA ANTI-SPYWARE 6.0.LNK %START MENU%\PROGRAMS\AWOLA6\UNINSTALL AWOLA ANTI-SPYWARE 6.0.LNK %APPDATA%\AWOLA6\AWOLA6.EXE %APPDATA%\AWOLA6\SETTINGS.INI Detected by UnHackMe: AWOLA6.EXE DEFAULT LOCATION: %APPDATA%\AWOLA6\AWOLA6.EXE Dropper hash(md5): 005afd55fcdd5f2d600f7c15c8037aaa UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading →

Riskware/AwolaAntiSpyware also known as Adware/IEAntivirus, Trojan.Generic.D476F9, Trojan.Win32.Generic!BT. Malware Analysis of Riskware/AwolaAntiSpyware – AWOLA6.EXE Created files: %START MENU%\PROGRAMS\AWOLA6\AWOLA ANTI-SPYWARE 6.0.LNK %START MENU%\PROGRAMS\AWOLA6\UNINSTALL AWOLA ANTI-SPYWARE 6.0.LNK %APPDATA%\AWOLA6\AWOLA6.EXE %APPDATA%\AWOLA6\SETTINGS.INI Detected by UnHackMe: AWOLA6.EXE DEFAULT LOCATION: %APPDATA%\AWOLA6\AWOLA6.EXE Dropper hash(md5): 005afd55fcdd5f2d600f7c15c8037aaa UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

Aplicacion/AwolaAntiSpyware.ayy also known as TROJ_FAKEAV.SMAD, HEUR:Trojan.Win32.Generic, Trojan.Generic.292601 (B). Malware Analysis of Aplicacion/AwolaAntiSpyware.ayy – AWOLA6.EXE Created files: %START MENU%\PROGRAMS\AWOLA6\AWOLA ANTI-SPYWARE 6.0.LNK %START MENU%\PROGRAMS\AWOLA6\UNINSTALL AWOLA ANTI-SPYWARE 6.0.LNK %APPDATA%\AWOLA6\AWOLA6.EXE %APPDATA%\AWOLA6\SETTINGS.INI Detected by UnHackMe: AWOLA6.EXE DEFAULT LOCATION: %APPDATA%\AWOLA6\AWOLA6.EXE Dropper hash(md5): 005afd55fcdd5f2d600f7c15c8037aaa UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

PUP.Optional.AwolaAntiSpyware also known as Trojan[:HEUR]/Win32.Unknown, Adware ( 004db8861 ). Malware Analysis of PUP.Optional.AwolaAntiSpyware – AWOLA6.EXE Created files: %START MENU%\PROGRAMS\AWOLA6\AWOLA ANTI-SPYWARE 6.0.LNK %START MENU%\PROGRAMS\AWOLA6\UNINSTALL AWOLA ANTI-SPYWARE 6.0.LNK %APPDATA%\AWOLA6\AWOLA6.EXE %APPDATA%\AWOLA6\SETTINGS.INI Detected by UnHackMe: AWOLA6.EXE DEFAULT LOCATION: %APPDATA%\AWOLA6\AWOLA6.EXE Dropper hash(md5): 005afd55fcdd5f2d600f7c15c8037aaa UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

a variant of Win32/Adware.AwolaAntiSpyware.AB also known as HEUR:Trojan.Win32.Generic, Fraudtool.AwolaAntiSpyware!E6nTIEV/X1s. Malware Analysis of a variant of Win32/Adware.AwolaAntiSpyware.AB – AWOLA6.EXE Created files: %START MENU%\PROGRAMS\AWOLA6\AWOLA ANTI-SPYWARE 6.0.LNK %START MENU%\PROGRAMS\AWOLA6\UNINSTALL AWOLA ANTI-SPYWARE 6.0.LNK %APPDATA%\AWOLA6\AWOLA6.EXE %APPDATA%\AWOLA6\SETTINGS.INI Detected by UnHackMe: AWOLA6.EXE DEFAULT LOCATION: %APPDATA%\AWOLA6\AWOLA6.EXE Dropper hash(md5): 005afd55fcdd5f2d600f7c15c8037aaa UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software.…

Continue reading →

Win.Spyware.55356-2 also known as Trojan.OnLineGames.Win32.172322, Win32:Susn-K [Trj], Trojan.Onlinegames.019272. Malware Analysis of Win.Spyware.55356-2 – WOODKENK.EXE Created files: %SYSDIR%\WOODKEN.DLL %SYSDIR%\WOODKENK.EXE Detected by UnHackMe: WOODKENK.EXE Default location: %SYSDIR%\WOODKENK.EXE Dropper hash(md5): 23735c599b469716f47acb0ecdaeff66 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

Spyware.QQSpy!1.A2D6 also known as Gen:Win32.ExplorerHijack.gGX@ae6q6Ikb, Mal/Behav-001, Gen:Win32.ExplorerHijack.gGX@ae6q6Ikb. Malware Analysis of Spyware.QQSpy!1.A2D6 – 93QQ.EXE Created files: %WINDIR%\93QQ.EXE %WINDIR%\ABCD123U.TXT Detected by UnHackMe: 93QQ.EXE Default location: %WinDir%\93QQ.EXE Dropper hash(md5): 212a1bd9a1e739eb2279a5ecd9b7d8d0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

Spyware.OnlineGames.th also known as Password-Stealer ( 0005fc591 ), Mal/RootKit-A, TrojanGameThief.Magania.r5. Malware Analysis of Spyware.OnlineGames.th – B1A18A3E.SYS Created files: %WINDIR%\MINIDUMP\060616-10921-01.DMP %WINDIR%\MINIDUMP\060616-11015-01.DMP %SYSDIR%\B1A18A3E.SYS %WINDIR%\TEMP\WER-25484-0.SYSDATA.XML %WINDIR%\TEMP\WER-25953-0.SYSDATA.XML Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\*WerKernelReporting: “%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\B1A18A3E\IMAGEPATH: “\??\%SYSDIR%\B1A18A3E.SYS” HKLM\System\CurrentControlSet\services\b1a18a3e\DisplayName: “b1a18a3e” Detected by UnHackMe: B1A18A3E.SYS Default location: %SYSDIR%\B1A18A3E.SYS Dropper hash(md5): 0eb48cf096cc074fe88586a83ba9511f UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with…

Continue reading →

Spyware.PSW.Magania.23145.C also known as PWS-OnlineGames.ek, TSPY_LINEAGE.EB. Malware Analysis of Spyware.PSW.Magania.23145.C – GSFMWDWD3.DLL Created files: %WINDIR%\FONTS\QT7F3JMMJRCX.TTF %SYSDIR%\GSFMWDWD3.DLL Detected by UnHackMe: GSFMWDWD3.DLL Default location: %SYSDIR%\GSFMWDWD3.DLL Dropper hash(md5): 387d235635557daf561d6609f55a1efe UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including…

Continue reading →

Spyware.Agent.Dr.73728.F also known as 45506, TrojanDownloader:Win32/Troxen!rts, Trojan.DR.Agent!5RkwYzb8mOw. Malware Analysis of Spyware.Agent.Dr.73728.F – MAINCTL.DLL Created files: %SYSDIR%\LEFTPLUG.DLL %SYSDIR%\MAINCTL.DLL %SYSDIR%\MINORCTRL.DLL %SYSDIR%\WEB.INI %SYSDIR%\WMINOTIFY.DLL Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{7138527F-430B-45B0-B164-9AA396644263}\INPROCSERVER32\: “%SYSDIR%\LEFTPLUG.DLL” HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wminotify\DllName: “wminotify.dll” Detected by UnHackMe: MAINCTL.DLL Default location: %SYSDIR%\MAINCTL.DLL Dropper hash(md5): 146df887651265af1c3b36d33a0288d3 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Rogue:W32/SpywareGuard2008.H also known as Packed.Win32.Katusha.1!O, Trojan.Generic.4325180, Trojan[Packed]/Win32.Katusha. Malware Analysis of Rogue:W32/SpywareGuard2008.H – QEBISYSGUARD.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016052320160530\CONTAINER.DAT %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016060320160604\CONTAINER.DAT %LOCAL APPDATA%\JWLFFM\QEBISYSGUARD.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DGEIEORL: “%LOCAL APPDATA%\JWLFFM\QEBISYSGUARD.EXE” Detected by UnHackMe: QEBISYSGUARD.EXE DEFAULT LOCATION: %LOCAL APPDATA%\JWLFFM\QEBISYSGUARD.EXE Dropper hash(md5): d703bc46d5b5dca1c3d7055a92839af0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Spyware[Porn-Dialer:not-a-virus]/Win32.AdultBrowser also known as ApplicUnsaf.Win32.PornDialer.AdultBrowser.~SAA, Trojan.Dialer.drl, Dialer.Adultbrowser.M. Malware Analysis of Spyware[Porn-Dialer:not-a-virus]/Win32.AdultBrowser – CYBEREROTICA.EXE Created files: %TEMP%\WARNING_LOGO.GIF %TEMP%\WARNING_WARNING.GIF %PROFILE%\DESKTOP\CYBEREROTICA.EXE %PROFILE%\DESKTOP\REGRUNLOG.TXT Detected by UnHackMe: CYBEREROTICA.EXE DEFAULT LOCATION: %PROFILE%\DESKTOP\CYBEREROTICA.EXE Dropper hash(md5): e460c214e47d92ac4d3e455569e6e71c UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

Tool.WinSpywareProtect.Win32.186 also known as a variant of Win32/Kryptik.DJE, Trojan.Generic.4325180 (B), Trojan[Packed]/Win32.Katusha. Malware Analysis of Tool.WinSpywareProtect.Win32.186 – QEBISYSGUARD.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016052320160530\CONTAINER.DAT %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016060320160604\CONTAINER.DAT %LOCAL APPDATA%\JWLFFM\QEBISYSGUARD.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DGEIEORL: “%LOCAL APPDATA%\JWLFFM\QEBISYSGUARD.EXE” Detected by UnHackMe: QEBISYSGUARD.EXE DEFAULT LOCATION: %LOCAL APPDATA%\JWLFFM\QEBISYSGUARD.EXE Dropper hash(md5): d703bc46d5b5dca1c3d7055a92839af0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus…

Continue reading →

not-a-virus:FraudTool.Win32.WinSpywareProtect also known as Trojan/Kryptik.bbm, TR/Dldr.FakeAV.qhu. Malware Analysis of not-a-virus:FraudTool.Win32.WinSpywareProtect – QEBISYSGUARD.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016052320160530\CONTAINER.DAT %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016060320160604\CONTAINER.DAT %LOCAL APPDATA%\JWLFFM\QEBISYSGUARD.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DGEIEORL: “%LOCAL APPDATA%\JWLFFM\QEBISYSGUARD.EXE” Detected by UnHackMe: QEBISYSGUARD.EXE DEFAULT LOCATION: %LOCAL APPDATA%\JWLFFM\QEBISYSGUARD.EXE Dropper hash(md5): d703bc46d5b5dca1c3d7055a92839af0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Fake_AntiSpyware.DYS also known as TR/Dldr.FakeAV.qhu, Rogue:Win32/Fakeinit, Trojan.Generic.4325180. Malware Analysis of Fake_AntiSpyware.DYS – QEBISYSGUARD.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016052320160530\CONTAINER.DAT %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016060320160604\CONTAINER.DAT %LOCAL APPDATA%\JWLFFM\QEBISYSGUARD.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DGEIEORL: “%LOCAL APPDATA%\JWLFFM\QEBISYSGUARD.EXE” Detected by UnHackMe: QEBISYSGUARD.EXE DEFAULT LOCATION: %LOCAL APPDATA%\JWLFFM\QEBISYSGUARD.EXE Dropper hash(md5): d703bc46d5b5dca1c3d7055a92839af0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

FraudTool.WinSpywareProtect.d also known as not-a-virus:FraudTool.Win32.WinSpywareProtect, Mal/FakeAV-BT, Trojan.Generic.4325180. Malware Analysis of FraudTool.WinSpywareProtect.d – QEBISYSGUARD.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016052320160530\CONTAINER.DAT %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016060320160604\CONTAINER.DAT %LOCAL APPDATA%\JWLFFM\QEBISYSGUARD.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DGEIEORL: “%LOCAL APPDATA%\JWLFFM\QEBISYSGUARD.EXE” Detected by UnHackMe: QEBISYSGUARD.EXE DEFAULT LOCATION: %LOCAL APPDATA%\JWLFFM\QEBISYSGUARD.EXE Dropper hash(md5): d703bc46d5b5dca1c3d7055a92839af0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Spyware.StartPage.214424 also known as W32/ExKsWS.A!tr, Trojan. Malware Analysis of Spyware.StartPage.214424 – FACDAVE.EXE Created files: %COMMON APPDATA%\KINGSOFT\KWS\ASE.INI %COMMON APPDATA%\KINGSOFT\KWS\SPITESP.DAT %COMMON APPDATA%\CFEA\FACDAVE.EXE %COMMON APPDATA%\CFEA\KSWBC.DLL %COMMON APPDATA%\CFEA\KSWEBSHIELD.DLL Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DCCTQF8905ZKANTBJ5108UYECFCM6129IQNTEXR9699AZBZXJCU2668ELWLNYXO4003SNJRDXGAE8933NEQHHMRZM6755QAOQIKM0991GCPZRJN5143EDW\IMAGEPATH: “%COMMON APPDATA%\CFEA\FACDAVE.EXE” HKLM\System\CurrentControlSet\services\dcctqf8905Zkantbj5108Uyecfcm6129Iqntexr9699AZbzxjcu2668ELwlnyxo4003SNJrdxgae8933NEQhhmrzm6755Qaoqikm0991Gcpzrjn5143EDW\DisplayName: “?? IDE/ESDI ?????” Detected by UnHackMe: FACDAVE.EXE DEFAULT LOCATION: %COMMON APPDATA%\CFEA\FACDAVE.EXE Dropper hash(md5): e4ef6f9665df08b8c4a9dd205d7c3cbf UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading →

Win.Spyware.Zbot-1282 also known as Trojan[:HEUR]/Win32.Unknown, Trojan.Kazy.3, BehavesLike.Win32.VBObfus.dt. Malware Analysis of Win.Spyware.Zbot-1282 – EKFA.EXE Created files: %APPDATA%\EDCIU\YKGA.SAU %APPDATA%\EDCIU\YKGA.TMP %APPDATA%\UVEWB\EKFA.EXE Detected by UnHackMe: EKFA.EXE DEFAULT LOCATION: %APPDATA%\UVEWB\EKFA.EXE Dropper hash(md5): fa9bc64e87e8e85b01304bc5ca48c9fb UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

Spyware ( 004c0ae31 ) also known as Trojan[Spy]/Win32.Delf, QVM31.1.Malware.Gen, Trojan.BHORA.01069. Malware Analysis of Spyware ( 004c0ae31 ) – SPZNUD.DLL Created files: %SYSTEMDRIVE%\SAND-BOX\LSM.EXE %SYSDIR%\SPZNUD.DLL %SYSTEMDRIVE%\FILEDEBUG Detected by UnHackMe: SPZNUD.DLL Default location: %SYSDIR%\SPZNUD.DLL Dropper hash(md5): ea7bb29f5366c51a600eb05334bbbe72 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →