Spyware.Perfect!sd6 also known as Trojan/JmGenGeneric.oh, Trojan.Perflog-36. Malware Analysis of Spyware.Perfect!sd6 – SVCHOOS.EXE Created files: %SysDir%\inst.dat %SysDir%\pk.bin %SysDir%\svchoos.exe %SysDir%\svchooshk.dll %SysDir%\svchoosr.exe Autostart registry keys: HKLM\Software\Classes\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\: “%SysDir%\svchooswb.dll” HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe: SVCHOOS.EXE Default location: %SYSDIR%\SVCHOOS.EXE Dropper hash(md5): 6a446b6a77d04091cb505f677568b17d…

Continue reading →

Spyware.Perfect also known as Trojan.Perflog-36, Trojan-Spy.PerfKey.c, DR/Perflogger.AH. Malware Analysis of Spyware.Perfect – SVCHOOS.EXE Created files: %SysDir%\inst.dat %SysDir%\pk.bin %SysDir%\svchoos.exe %SysDir%\svchooshk.dll %SysDir%\svchoosr.exe Autostart registry keys: HKLM\Software\Classes\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\: “%SysDir%\svchooswb.dll” HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe: SVCHOOS.EXE Default location: %SYSDIR%\SVCHOOS.EXE Dropper hash(md5):…

Continue reading →

Spyware.Gen also known as TrojWare.Win32.Spy.PerfKey.NAA, malicious, Generic.Perfloger.80ACE920. Malware Analysis of Spyware.Gen – SVCHOOSHK.DLL Created files: %SysDir%\pk.bin %SysDir%\svchoos.exe %SysDir%\svchooshk.dll %SysDir%\svchoosr.exe %SysDir%\svchooswb.dll Autostart registry keys: HKLM\Software\Classes\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\: “%SysDir%\svchooswb.dll” HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe: SVCHOOSHK.DLL Default location: %SYSDIR%\SVCHOOSHK.DLL Dropper hash(md5):…

Continue reading →

Spyware ( 003c66c71 ) also known as Trojan[Dropper]/Win32.Injector, TrojanDropper.Injector, Gen:Variant.Graftor.106695. Malware Analysis of Spyware ( 003c66c71 ) – WTMPS.EXE Created files: %Temp%\tmp4.tmp %Temp%\tmp6.tmp %Temp%\wtmps.exe %Program Files%\Google\Chrome\Application\46.0.2490.86\46.0.2490.86.manifest %Program Files%\Google\Chrome\Application\46.0.2490.86\chrome.dll Autostart registry keys: HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe:…

Continue reading →

Spyware.Perfect!sd6 also known as Trojan/JmGenGeneric.oh, Trojan.Perflog-36. Malware Analysis of Spyware.Perfect!sd6 – SVCHOOS.EXE Created files: %SysDir%\inst.dat %SysDir%\pk.bin %SysDir%\svchoos.exe %SysDir%\svchooshk.dll %SysDir%\svchoosr.exe Autostart registry keys: HKLM\Software\Classes\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\: “%SysDir%\svchooswb.dll” HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe: SVCHOOS.EXE Default location: %SYSDIR%\SVCHOOS.EXE Dropper hash(md5): 6a446b6a77d04091cb505f677568b17d…

Continue reading →

Spyware.Perfect!sd6 also known as Trojan/JmGenGeneric.oh, Trojan.Perflog-36. Malware Analysis of Spyware.Perfect!sd6 – SVCHOOS.EXE Created files: %SysDir%\inst.dat %SysDir%\pk.bin %SysDir%\svchoos.exe %SysDir%\svchooshk.dll %SysDir%\svchoosr.exe Autostart registry keys: HKLM\Software\Classes\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\: “%SysDir%\svchooswb.dll” HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe: SVCHOOS.EXE Default location: %SYSDIR%\SVCHOOS.EXE Dropper hash(md5): 6a446b6a77d04091cb505f677568b17d…

Continue reading →

Spyware.Perfect also known as Trojan.Perflog-36, Trojan-Spy.PerfKey.c, DR/Perflogger.AH. Malware Analysis of Spyware.Perfect – SVCHOOS.EXE Created files: %SysDir%\inst.dat %SysDir%\pk.bin %SysDir%\svchoos.exe %SysDir%\svchooshk.dll %SysDir%\svchoosr.exe Autostart registry keys: HKLM\Software\Classes\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\: “%SysDir%\svchooswb.dll” HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe: SVCHOOS.EXE Default location: %SYSDIR%\SVCHOOS.EXE Dropper hash(md5):…

Continue reading →

Spyware.Gen also known as TrojWare.Win32.Spy.PerfKey.NAA, malicious, Generic.Perfloger.80ACE920. Malware Analysis of Spyware.Gen – SVCHOOSHK.DLL Created files: %SysDir%\pk.bin %SysDir%\svchoos.exe %SysDir%\svchooshk.dll %SysDir%\svchoosr.exe %SysDir%\svchooswb.dll Autostart registry keys: HKLM\Software\Classes\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\: “%SysDir%\svchooswb.dll” HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe: SVCHOOSHK.DLL Default location: %SYSDIR%\SVCHOOSHK.DLL Dropper hash(md5):…

Continue reading →

Spyware.Gen also known as TrojWare.Win32.Spy.PerfKey.NAA, malicious, Generic.Perfloger.80ACE920. Malware Analysis of Spyware.Gen – SVCHOOSHK.DLL Created files: %SysDir%\pk.bin %SysDir%\svchoos.exe %SysDir%\svchooshk.dll %SysDir%\svchoosr.exe %SysDir%\svchooswb.dll Autostart registry keys: HKLM\Software\Classes\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\: “%SysDir%\svchooswb.dll” HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe: SVCHOOSHK.DLL Default location: %SYSDIR%\SVCHOOSHK.DLL Dropper hash(md5):…

Continue reading →

Spyware.Ardamax.484864[h] also known as PE:Trojan.Win32.Generic.12828CF1!310545649, Program.Ardamax, TROJ_GEN.R0CBC0EA215. Malware Analysis of Spyware.Ardamax.484864[h] – VECS.EXE Created files: %SysDir%\28463\VECS.009.tmp %SysDir%\28463\VECS.chm %SysDir%\28463\VECS.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VECS Agent: “%SysDir%\28463\VECS.exe” HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe: VECS.EXE Default location: %SYSDIR%\28463\VECS.EXE Dropper hash(md5): 6a762deb162375245b6792f8638299b0…

Continue reading →

Spyware ( 0000ac651 ) also known as Infostealer.Bancos!gen, TrojanSpy:Win32/Bancos.gen!A, TrojWare.Win32.Spy.Banker.Gen. Malware Analysis of Spyware ( 0000ac651 ) – SYSTEMINI.EXE Created files: %Program Files%\Google\Chrome\Application\46.0.2490.86\widevinecdmadapter.dll %Program Files%\Google\Chrome\Application\46.0.2490.86\xinput1_3.dll %SysDir%\systemIni.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WindowsSystemLocal: “%SysDir%\systemIni.exe” HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe:…

Continue reading →

Win32:Spyware-gen [Spy] also known as Generic.Ranky.C4F5A53A, Win-Trojan/Ranky.46017.B, Trojan-Proxy.Win32.Ranky.gen. Malware Analysis of Win32:Spyware-gen [Spy] – MSLL32.EXE Created files: %SysDir%\MSLL32.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\msll: “%SysDir%\MSLL32.exe” Detected by UnHackMe: MSLL32.EXE Default location: %SYSDIR%\MSLL32.EXE Dropper hash(md5): 6a949d587820218eca62aa635ad227d9 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Spyware/Win32.CuteQQ also known as W32.QvodSetupQKBQ.Fam.Trojan, Trojan.Agent!IOHduXqsOPs, Trojan.Agent.AOMW. Malware Analysis of Spyware/Win32.CuteQQ – QQQSSQ~1.EXE Created files: %SysDir%\system.exe %Temp%\2.tmp %Temp%\IXP000.TMP\QQQSSQ~1.EXE %Temp%\IXP000.TMP\QvodSetupPlus.exe %Temp%\nsb4.tmp Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\system: “%SysDir%\system.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0: “rundll32.exe %SysDir%\advpack.dll,DelNodeRunDLL32 “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\”” Detected by UnHackMe: QQQSSQ~1.EXE Default location: %TEMP%\IXP000.TMP\QQQSSQ~1.EXE Dropper hash(md5): 6a1e0a0ff1755db2bddfdacf57338a76 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading →

Win-Spyware/CuteQQ.152968.B also known as Trojan.Win32.Agent.abzlz, Win32.Trojan.Agent.5KCY7W. Malware Analysis of Win-Spyware/CuteQQ.152968.B – QVODSETUP3.5.EXE_C7E5F6E074C6A2656468B9F0A14E6CF2AF527E4F.EXE Created files: %Temp%\nsf3.tmp\System.dll %Program Files%\Me application\log.txt %Program Files%\Me application\QvodSetup3.5.exe_C7E5F6E074C6A2656468B9F0A14E6CF2AF527E4F.exe Detected by UnHackMe: QVODSETUP3.5.EXE_C7E5F6E074C6A2656468B9F0A14E6CF2AF527E4F.EXE Default location: %PROGRAM FILES%\ME APPLICATION\QVODSETUP3.5.EXE_C7E5F6E074C6A2656468B9F0A14E6CF2AF527E4F.EXE Dropper hash(md5): 4eec3c48a827ba90c1fb253feea7da80 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Spyware ( 0040f2501 ) also known as Backdoor.Simda.B14, Dropper.Demp.Win32.93, Gen:Variant.Kazy.61998. Malware Analysis of Spyware ( 0040f2501 ) – GJJJTU.EXE Created files: %Temp%\1.tmp %WinDir%\AppPatch\gjjjtu.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\userinit: “%WinDir%\apppatch\gjjjtu.exe” HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “%SysDir%\userinit.exe,%WinDir%\apppatch\gjjjtu.exe,” HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: “%WinDir%\apppatch\gjjjtu.exe” HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run: “%WinDir%\apppatch\gjjjtu.exe” Detected by UnHackMe: GJJJTU.EXE Default location: %WinDir%\APPPATCH\GJJJTU.EXE Dropper hash(md5): 056359ef8c0c452a56b124b24925f2cc UnHackMe removes malware invisible for your antivirus! UnHackMe…

Continue reading →

PE:Spyware.Shiz!6.2E0 [F] also known as Backdoor.Bot, HEUR:Trojan.Win32.Generic, Win32.MalOb. Malware Analysis of PE:Spyware.Shiz!6.2E0 [F] – GJJJTU.EXE Created files: %Temp%\1.tmp %WinDir%\AppPatch\gjjjtu.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\userinit: “%WinDir%\apppatch\gjjjtu.exe” HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “%SysDir%\userinit.exe,%WinDir%\apppatch\gjjjtu.exe,” HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: “%WinDir%\apppatch\gjjjtu.exe” HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run: “%WinDir%\apppatch\gjjjtu.exe” Detected by UnHackMe: GJJJTU.EXE Default location: %WinDir%\APPPATCH\GJJJTU.EXE Dropper hash(md5): 056359ef8c0c452a56b124b24925f2cc UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most…

Continue reading →

Spyware[Server-Proxy:not-a-virus]/Win32.Sock4Proxy also known as Gen:Trojan.Heur.PT.eGW@bKMc!9kc, W32/Tool.ILMP-6533, Backdoor/W32.MondayLot.72704. Malware Analysis of Spyware[Server-Proxy:not-a-virus]/Win32.Sock4Proxy – WINXCFG.EXE Created files: %SysDir%\macromd\trio having hardcore fucking fun.mpg.pif %SysDir%\macromd\yahoo hacker.exe %SysDir%\winxcfg.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe: “%SysDir%\winxcfg.exe” Detected by UnHackMe: WINXCFG.EXE Default location: %SYSDIR%\WINXCFG.EXE Dropper hash(md5): 5e78108f94e61aa9e2920a3a9d1440d5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

PE:Spyware.CardSpy!1.A1A8 [F] also known as Trojan.Generic.10123405, Generic_r.DFV, Trojan/Wecod.pk. Malware Analysis of PE:Spyware.CardSpy!1.A1A8 [F] – JUORG.EXE Created files: %Temp%\golfinfo.ini %Temp%\ICACHE-04044202.tmp %Temp%\ILIST-00000000.tmp %Temp%\juorg.exe %SysDir%\pozuy.exe Autostart registry keys: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run: “%SysDir%\pozuy.exe” Detected by UnHackMe: JUORG.EXE Default location: %TEMP%\JUORG.EXE Dropper hash(md5): 071604b2a68d9e2e22d388dbf58ae020 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Spyware ( 0048c72d1 ) also known as Backdoor.Trojan, Trojan.Win32.Generic.cudmyk, W32/CardSpy.NAF!tr. Malware Analysis of Spyware ( 0048c72d1 ) – JUORG.EXE Created files: %Temp%\golfinfo.ini %Temp%\ICACHE-04044202.tmp %Temp%\ILIST-00000000.tmp %Temp%\juorg.exe %SysDir%\pozuy.exe Autostart registry keys: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run: “%SysDir%\pozuy.exe” Detected by UnHackMe: JUORG.EXE Default location: %TEMP%\JUORG.EXE Dropper hash(md5): 071604b2a68d9e2e22d388dbf58ae020 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus…

Continue reading →

Spyware ( 0040f2501 ) also known as BehavesLike.Win32.Dropper.dc, Backdoor.Shiz!PXcuIRuw9LQ, W32/Shiz.WOAD-7507. Malware Analysis of Spyware ( 0040f2501 ) – WTSJNOE.EXE Created files: %Temp%\84.tmp %Temp%\85.tmp %WinDir%\AppPatch\wtsjnoe.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\userinit: “%WinDir%\apppatch\wtsjnoe.exe” HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “%SysDir%\userinit.exe,%WinDir%\apppatch\wtsjnoe.exe,” HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: “%WinDir%\apppatch\wtsjnoe.exe” HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run: “%WinDir%\apppatch\wtsjnoe.exe” Detected by UnHackMe: WTSJNOE.EXE Default location: %WinDir%\APPPATCH\WTSJNOE.EXE Dropper hash(md5): 4f3c85ebf4c12c761c42e068a549f860 UnHackMe removes malware invisible for your antivirus!…

Continue reading →

Spyware/Win32.SpyEyes also known as Trojan.Ransom.BC, Trojan.Ransom.BC, W32/PackedJkXtoobr.B!tr. Malware Analysis of Spyware/Win32.SpyEyes – 376813896.EXE Created files: %Temp%\~DF4F37.tmp %Profile%\376813896.exe %Profile%\r Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\376813896: “%Profile%\376813896.exe” Detected by UnHackMe: 376813896.EXE Default location: %PROFILE%\376813896.EXE Dropper hash(md5): 051fb22a35f04f1b8eba7a1e3f94e678 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Spyware ( 0042b08b1 ) also known as DeepScan:Generic.Malware.SP!YdPk!.17FB44A7, Trojan-Downloader.Win32.Agent (A). Malware Analysis of Spyware ( 0042b08b1 ) – ENTENG.EXE Created files: %Program Files Common%\msbuildnt32\enteng.exe Autostart registry keys: HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445a}\: “msbuildnt32 (VML)” HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445a}\StubPath: “%Program Files Common%\msbuildnt32\enteng.exe /starta” HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445a}\ComponentID: “msbuildnt32” HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445a}\Version: “3,0,214,01” HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445a}\Locale: “EN” HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445b}\: “msbuildnt32…

Continue reading →

Spyware[Server-Proxy:not-a-virus]/Win32.Sock4Proxy also known as Trojan ( 00002cfa1 ), BehavesLike.Win32.Malware.ssc (mx-v). Malware Analysis of Spyware[Server-Proxy:not-a-virus]/Win32.Sock4Proxy – WINXCFG.EXE Created files: %SysDir%\macromd\slutty japanese babe giving blowjob.mpg.pif %SysDir%\macromd\two studs gangbanging a hot little sluts holes.mpg.pif %SysDir%\winxcfg.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe: “%SysDir%\winxcfg.exe” Detected by UnHackMe: WINXCFG.EXE Default location: %SYSDIR%\WINXCFG.EXE Dropper hash(md5): 000a3d39f5802cb1b57b3bd7dce35d6c UnHackMe removes malware invisible for your antivirus! UnHackMe…

Continue reading →

Spyware.ErrorSafe.R[h] also known as Adware.ErrorSafe.F, ErrorSafe, Application/Winfixer2005. Malware Analysis of Spyware.ErrorSafe.R[h] – FLFXR15.DLL Created files: %Program Files%\ErrorSafe Free\ESSPChck.dll %Program Files%\ErrorSafe Free\flash.ini %Program Files%\ErrorSafe Free\FlFxr15.dll %Program Files%\ErrorSafe Free\FRec.dll %Program Files%\ErrorSafe Free\FWraper.dll Autostart registry keys: HKLM\Software\Classes\CLSID\{06170642-FA65-4FB6-AC79-5F235CB99BC2}\InProcServer32\: “%Program Files%\ErrorSafe Free\FxCore.dll” HKLM\Software\Classes\CLSID\{1640DE0E-75E4-4a83-B5D1-2492BC7EBA8F}\InprocServer32\: “%Program Files%\ErrorSafe Free\MMFx.dll” HKLM\Software\Classes\CLSID\{647B8364-79E0-48e2-A4CA-233ABADA0C2D}\InprocServer32\: “%Program Files%\ErrorSafe Free\ESSPChck.dll” HKLM\Software\Classes\CLSID\{9E87077C-380C-407d-8DAB-EEDAD95C0A5D}\InprocServer32\: “%Program Files%\ErrorSafe Free\FWraper.dll” HKLM\Software\Classes\CLSID\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}\InProcServer32\: “%Program Files%\ErrorSafe Free\MMFx.dll” HKLM\Software\Classes\CLSID\{CCAABCDD-7C16-4215-B12E-150BFB994CF0}\InprocServer32\: “%Program…

Continue reading →

Spyware.ErrorSafe.R also known as Riskware/WinFixer, Adware.ErrorSafe, Adware.Errorsafe.K. Malware Analysis of Spyware.ErrorSafe.R – EMTERSF.EXE Created files: %Program Files%\ErrorSafe Free\bnlink.dat %Program Files%\ErrorSafe Free\DataBase.sav %Program Files%\ErrorSafe Free\EmtERSF.exe %Program Files%\ErrorSafe Free\ESSPChck.dll %Program Files%\ErrorSafe Free\flash.ini Autostart registry keys: HKLM\Software\Classes\CLSID\{06170642-FA65-4FB6-AC79-5F235CB99BC2}\InProcServer32\: “%Program Files%\ErrorSafe Free\FxCore.dll” HKLM\Software\Classes\CLSID\{1640DE0E-75E4-4a83-B5D1-2492BC7EBA8F}\InprocServer32\: “%Program Files%\ErrorSafe Free\MMFx.dll” HKLM\Software\Classes\CLSID\{647B8364-79E0-48e2-A4CA-233ABADA0C2D}\InprocServer32\: “%Program Files%\ErrorSafe Free\ESSPChck.dll” HKLM\Software\Classes\CLSID\{9E87077C-380C-407d-8DAB-EEDAD95C0A5D}\InprocServer32\: “%Program Files%\ErrorSafe Free\FWraper.dll” HKLM\Software\Classes\CLSID\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}\InProcServer32\: “%Program Files%\ErrorSafe Free\MMFx.dll” HKLM\Software\Classes\CLSID\{CCAABCDD-7C16-4215-B12E-150BFB994CF0}\InprocServer32\: “%Program…

Continue reading →

High Risk Spyware also known as Trojan.Win32.Generic!BT, TrojWare.Win32.TrojanDownloader.VB.~KE, Trojan-Downloader.Win32.VB.iri. Malware Analysis of High Risk Spyware – NVC.EXE Created files: %Appdata%\Microsoft\2048 %Appdata%\Microsoft\Desktop.ini %Appdata%\Microsoft\nvc.exe %Appdata%\Desktop.ini %Temp%\~DFB66B.tmp Autostart registry keys: HKLM\Software\Classes\.Msd\Shell\Open\Command\: “%1” HKLM\Software\Classes\.sysm\Shell\Open\Command\: “%1” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VisualStyle: “c:\windows\system32\Desktop.sysm” HKLM\Software\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32\: “”%Program Files%\Google\Chrome\Application\46.0.2490.80\delegate_execute.exe”” HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\46.0.2490.80\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected…

Continue reading →

RogueAntiSpyware.ErrorSafe!rem also known as Adware.Generic.18929, ErrorSafe, Generic.Win32.Malware.WinFixer. Malware Analysis of RogueAntiSpyware.ErrorSafe!rem – FREC.DLL Created files: %Program Files%\ErrorSafe Free\flash.ini %Program Files%\ErrorSafe Free\FlFxr15.dll %Program Files%\ErrorSafe Free\FRec.dll %Program Files%\ErrorSafe Free\FWraper.dll %Program Files%\ErrorSafe Free\FxCore.dll Autostart registry keys: HKLM\Software\Classes\CLSID\{06170642-FA65-4FB6-AC79-5F235CB99BC2}\InProcServer32\: “%Program Files%\ErrorSafe Free\FxCore.dll” HKLM\Software\Classes\CLSID\{1640DE0E-75E4-4a83-B5D1-2492BC7EBA8F}\InprocServer32\: “%Program Files%\ErrorSafe Free\MMFx.dll” HKLM\Software\Classes\CLSID\{647B8364-79E0-48e2-A4CA-233ABADA0C2D}\InprocServer32\: “%Program Files%\ErrorSafe Free\ESSPChck.dll” HKLM\Software\Classes\CLSID\{9E87077C-380C-407d-8DAB-EEDAD95C0A5D}\InprocServer32\: “%Program Files%\ErrorSafe Free\FWraper.dll” HKLM\Software\Classes\CLSID\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2}\InProcServer32\: “%Program Files%\ErrorSafe Free\MMFx.dll” HKLM\Software\Classes\CLSID\{CCAABCDD-7C16-4215-B12E-150BFB994CF0}\InprocServer32\: “%Program…

Continue reading →

FakeAlert-SpywareGuard.gen.b also known as Trojan.Win32.Alureon.jaa (v), Trojan.Packed.365, W32/Troj_Obfusc.G.gen!Eldorado. Malware Analysis of FakeAlert-SpywareGuard.gen.b – KDFWY.EXE Created files: %SysDir%\kdfwy.exe Detected by UnHackMe: KDFWY.EXE Default location: %SYSDIR%\KDFWY.EXE Dropper hash(md5): 2cc67af257132340cc38ca632e092728 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

PE:Spyware.Zbot!6.270C[F1] also known as Trojan.Agent/Gen-MalPE, W32.UsticosLTAZ.Trojan, Trojan.Zbot.Win32.188098. Malware Analysis of PE:Spyware.Zbot!6.270C[F1] – OKHE.EXE Created files: %Appdata%\Bebop\okhe.exe %Local Appdata%\Identities\{FD9F837C-5851-47A2-A9B3-B6680CCE76B7}\Microsoft\Outlook Express\Sent Items.dbx Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\okhe.exe: “”%Appdata%\Bebop\okhe.exe”” Detected by UnHackMe: OKHE.EXE Default location: %APPDATA%\BEBOP\OKHE.EXE Dropper hash(md5): 1506ae9c9b546175485f196d75f419ad UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Spyware ( 0049b8aa1 ) also known as Trojan.Agent.BKRZ (B), Trojan-Spy.Zbot, Trojan.Win32.Zbot.n (v). Malware Analysis of Spyware ( 0049b8aa1 ) – OKHE.EXE Created files: %Appdata%\Bebop\okhe.exe %Local Appdata%\Identities\{FD9F837C-5851-47A2-A9B3-B6680CCE76B7}\Microsoft\Outlook Express\Sent Items.dbx Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\okhe.exe: “”%Appdata%\Bebop\okhe.exe”” Detected by UnHackMe: OKHE.EXE Default location: %APPDATA%\BEBOP\OKHE.EXE Dropper hash(md5): 1506ae9c9b546175485f196d75f419ad UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most…

Continue reading →