Category Archives: Virus

virus.win32.ramnit.a

October 20, 2016

Virus No Comments

virus.win32.ramnit.a also known as Conduit (fs), Conduit (fs), PUA.Conduit!8.122-6a3Y31XoOLS (cloud). Malware Analysis of virus.win32.ramnit.a – CONDUITENGINE.DLL Created files: %Program Files%\Conduit\Community Alerts\Alert.dll %Program Files%\ConduitEngine\appContextMenu.xml %Program Files%\ConduitEngine\ConduitEngine.dll %Program Files%\ConduitEngine\ConduitEngineHelper.exe %Program Files%\ConduitEngine\ConduitEngineUninstall.exe Autostart registry keys: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\DisplayName: “programascom Customized Web Search” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine\DisplayName: “Conduit Engine” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CONDUITENGINE\UNINSTALLSTRING: “%SYSTEMDRIVE%\PROGRA~1\CONDUI~1\CONDUITENGINEUNINSTALL.EXE” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\programascom Toolbar\DisplayName: “programascom Toolbar” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PROGRAMASCOM TOOLBAR\UNINSTALLSTRING: “%SYSTEMDRIVE%\PROGRA~1\PROGRA~1\UNINST~1.EXE” HKLM\Software\conduitEngine\toolbar\DisplayName: “Conduit Engine” HKLM\Software\programascom\toolbar\DisplayName: “programascom”…

Continue reading →

virus.win32.parite.b

October 19, 2016

Virus No Comments

virus.win32.parite.b also known as RDN/Generic PUP.x, GrayWare[WebToolbar:not-a-virus]/JS.CroRi.b, malicious_confidence_100% (D). Malware Analysis of virus.win32.parite.b – OCNPPPEJF.EXE Created files: %TEMP%\ILIST-00000000.TMP %TEMP%\NSPE3F8.TMP\FSOAHWCTA.TMP %TEMP%\NSPE3F8.TMP\OCNPPPEJF.EXE %TEMP%\NSPE3F8.TMP\STDUTILS.DLL %TEMP%\NSPE3F8.TMP\SYSTEM.DLL Detected by UnHackMe: OCNPPPEJF.EXE DEFAULT LOCATION: %TEMP%\NSPE3F8.TMP\OCNPPPEJF.EXE Dropper hash(md5): 50702c8ec17d7153d8d658306d54738b UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

GrayWare[WebToolbar:not-a-virus]/JS.CroRi.b

October 19, 2016

Virus No Comments

GrayWare[WebToolbar:not-a-virus]/JS.CroRi.b also known as Crossrider (fs), Unwanted-Program ( 004afadf1 ), Adware.JS.Agent.AB. Malware Analysis of GrayWare[WebToolbar:not-a-virus]/JS.CroRi.b – OCNPPPEJF.EXE Created files: %TEMP%\ILIST-00000000.TMP %TEMP%\NSPE3F8.TMP\FSOAHWCTA.TMP %TEMP%\NSPE3F8.TMP\OCNPPPEJF.EXE %TEMP%\NSPE3F8.TMP\STDUTILS.DLL %TEMP%\NSPE3F8.TMP\SYSTEM.DLL Detected by UnHackMe: OCNPPPEJF.EXE DEFAULT LOCATION: %TEMP%\NSPE3F8.TMP\OCNPPPEJF.EXE Dropper hash(md5): 50702c8ec17d7153d8d658306d54738b UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

not-a-virus:WebToolbar.JS.CroRi.b

October 19, 2016

Virus No Comments

not-a-virus:WebToolbar.JS.CroRi.b also known as ADW_CROSSID, Riskware.VMDetector!, PUP.Optional.CrossRider. Malware Analysis of not-a-virus:WebToolbar.JS.CroRi.b – OCNPPPEJF.EXE Created files: %TEMP%\ILIST-00000000.TMP %TEMP%\NSPE3F8.TMP\FSOAHWCTA.TMP %TEMP%\NSPE3F8.TMP\OCNPPPEJF.EXE %TEMP%\NSPE3F8.TMP\STDUTILS.DLL %TEMP%\NSPE3F8.TMP\SYSTEM.DLL Detected by UnHackMe: OCNPPPEJF.EXE DEFAULT LOCATION: %TEMP%\NSPE3F8.TMP\OCNPPPEJF.EXE Dropper hash(md5): 50702c8ec17d7153d8d658306d54738b UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

virus.win32.madang.a

October 11, 2016

Virus No Comments

virus.win32.madang.a also known as HEUR/QVM41.1.0000.Malware.Gen, BehavesLike.Win32.Agent.wh. Malware Analysis of virus.win32.madang.a – FREEPIANO.EXE Created files: %TEMP%\SKINH.SHE %TEMP%\UPDATE.INI %WINDIR%\FREEPIANO.EXE %WINDIR%\WNUNINST.INI Detected by UnHackMe: FREEPIANO.EXE Default location: %WinDir%\FREEPIANO.EXE Dropper hash(md5): 325e31dc0cca3249d3e788244cfc2a0c UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

Virus/Win32.Parite.N2059474041

October 11, 2016

Virus No Comments

Virus/Win32.Parite.N2059474041 also known as Win32.Parite.C, Win32.Parite.C, Virus:Win32/Parite.C. Malware Analysis of Virus/Win32.Parite.N2059474041 – 338720D011797452F7D8E138D2879603.EXE Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\338720D011797452F7D8E138D2879603.EXE %TEMP%\BWADE0B.TMP %SYSDIR%\KKWGKS.EXE %WINDIR%\TEMP\NYAF993.TMP %WINDIR%\TEMP\ZYAF4FE.TMP Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NATIONALUFO\IMAGEPATH: “%SYSDIR%\KKWGKS.EXE” HKLM\System\CurrentControlSet\services\Nationalufo\DisplayName: “Nationallcg Instruments Domain Service” Detected by UnHackMe: 338720D011797452F7D8E138D2879603.EXE DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\338720D011797452F7D8E138D2879603.EXE Dropper hash(md5): 338720d011797452f7d8e138d2879603 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with…

Continue reading →

not-a-virus:WebToolbar.Win32.Asparnet.gen

October 10, 2016

Virus No Comments

Malware Analysis of not-a-virus:WebToolbar.Win32.Asparnet.gen – JAVA_SP.DLL Created files: %LOCALLOW APPDATA%\ORACLE\JAVA\JAVA_INSTALL_FLAG %LOCALLOW APPDATA%\ORACLE\JAVA\JRE1.8.0_91\AU.MSI %LOCALLOW APPDATA%\ORACLE\JAVA\JRE1.8.0_91\JAVA_SP.DLL %LOCALLOW APPDATA%\ORACLE\JAVA\JRE1.8.0_91\JRE1.8.0_91FULL.MSI %APPDATA%\MICROSOFT\WINDOWS\RECENT\CUSTOMDESTINATIONS\D93F411851D7C929.CUSTOMDESTINATIONS-MS Detected by UnHackMe: JAVA_SP.DLL DEFAULT LOCATION: %LOCALLOW APPDATA%\ORACLE\JAVA\JRE1.8.0_91\JAVA_SP.DLL Dropper hash(md5): 1a4909fe846247621b48ae9677f56bbb UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

VirusOrg.Win32.Ramnit.K

October 10, 2016

Virus No Comments

VirusOrg.Win32.Ramnit.K also known as Backdoor ( 04c4e9741 ), Trojan.Zbot.IPC, Trojan.Win32.Generic!BT. Malware Analysis of VirusOrg.Win32.Ramnit.K – TGVBGQSRV.EXE Created files: %WINDIR%\TEMP\FE8.TMP %WINDIR%\TGVBGQ.EXE %WINDIR%\TGVBGQSRV.EXE Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\.NET CLR\IMAGEPATH: “%WINDIR%\TGVBGQ.EXE” HKLM\System\CurrentControlSet\services\.Net CLR\DisplayName: “Microsoft .Net Framework COM+ Support” HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\USERINIT: “%SYSDIR%\USERINIT.EXE,,%PROGRAM FILES%\MICROSOFT\DESKTOPLAYER.EXE” Detected by UnHackMe: TGVBGQSRV.EXE Default location: %WinDir%\TGVBGQSRV.EXE Dropper hash(md5): 23f538cd097d862bbf2d9f8e25d0cb7b UnHackMe removes malware invisible for your antivirus!…

Continue reading →

Virus ( f10001f11 )

October 7, 2016

Virus No Comments

Virus ( f10001f11 ) also known as . Malware Analysis of Virus ( f10001f11 ) – VMSAFEPSTRJSCB.EXE Created files: %TEMP%\EFQKUKZIDIOMTVTE.TMP %TEMP%\EOFWXGKGHKZBGHZK\{4C14CED2-2F47-4862-A688-4D0739FDD19A}.TMP %TEMP%\FMWYQRVCNBRKOSXL\VMSAFEPSTRJSCB.EXE %TEMP%\GOOYVVMZGDZHTDTK.TMP %TEMP%\IJDDVTBHXQIOSTVU.TMP Autostart registry keys: HKLM\SOFTWARE\CLASSES\APPLICATIONS\GEEPLAYER.EXE\SHELL\OPEN\COMMAND\: “”%PROGRAM FILES%\IQIYI VIDEO\GEEPLAYER\2.3.28.2726\GEEPLAYER.EXE” “%1″” HKLM\Software\Classes\Applications\GeePlayer.exe\shell\open\: “?? ???????? ??” HKLM\Software\Classes\Applications\GeePlayer.exe\SupportedTypes\.asf: “” HKLM\Software\Classes\Applications\GeePlayer.exe\SupportedTypes\.dvr-ms: “” HKLM\Software\Classes\Applications\GeePlayer.exe\SupportedTypes\.wm: “” HKLM\Software\Classes\Applications\GeePlayer.exe\SupportedTypes\.wma: “” HKLM\Software\Classes\Applications\GeePlayer.exe\SupportedTypes\.wmp: “” HKLM\Software\Classes\Applications\GeePlayer.exe\SupportedTypes\.wmv: “” HKLM\Software\Classes\Applications\GeePlayer.exe\SupportedTypes\.ra: “” HKLM\Software\Classes\Applications\GeePlayer.exe\SupportedTypes\.ram: “” HKLM\Software\Classes\Applications\GeePlayer.exe\SupportedTypes\.rm: “” HKLM\Software\Classes\Applications\GeePlayer.exe\SupportedTypes\.rmvb:…

Continue reading →

virus.win32.chir.b@mm

October 7, 2016

Virus No Comments

virus.win32.chir.b@mm also known as a variant of Win32/DllInject.DN potentially unsafe, Trojan.Invader, Trojan.InvaderCRTD.Win32.614. Malware Analysis of virus.win32.chir.b@mm – HMCLOCKDATE32.EXE Created files: %Program Files%\Google\Chrome\Temp\source824_6768\chrome_patch.diff %Program Files%\hmrl\HmClockDate32.dll %Program Files%\hmrl\HmClockDate32.exe %Program Files%\hmrl\HmClockDate64.dll %Program Files%\hmrl\HmClockDate64.exe Detected by UnHackMe: HMCLOCKDATE32.EXE Default location: %PROGRAM FILES%\HMRL\HMCLOCKDATE32.EXE Dropper hash(md5): 2387846651285a14b4e81298fbf459ef UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software.…

Continue reading →

virus.win32.ramnit.a!remnants

October 6, 2016

Virus No Comments

virus.win32.ramnit.a!remnants also known as PUP/Win32.MultiPlug.C883890, Gen:Variant.Hibye.1, PUP.Optional.MultiPlug. Malware Analysis of virus.win32.ramnit.a!remnants – 0CF0A53EE2DAF115B8C6CAF4D35BD166.EXE Created files: %Program Files%\Google\Chrome\Application\53.0.2785.143\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll %COMMON APPDATA%\{93B72334-E996-706B-93B7-72334E998CD3}\0CF0A53EE2DAF115B8C6CAF4D35BD166.DAT %COMMON APPDATA%\{93B72334-E996-706B-93B7-72334E998CD3}\0CF0A53EE2DAF115B8C6CAF4D35BD166.EXE %SYSDIR%\TASKS\BIDAILY SYNCHRONIZE TASK[973B] %WINDIR%\TASKS\BIDAILY SYNCHRONIZE TASK[973B].JOB Autostart registry keys: HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\53.0.2785.143\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe: 0CF0A53EE2DAF115B8C6CAF4D35BD166.EXE DEFAULT LOCATION: %COMMON…

Continue reading →

virus.win32.slugin.a

October 6, 2016

Virus No Comments

virus.win32.slugin.a also known as PUA.OutBrowse!, W32/Outbrowse.D.gen!Eldorado, Trojan.Adware.Mikey.D2EA6. Malware Analysis of virus.win32.slugin.a – EBHCABFBDFCBC.EXE Created files: %WINDIR%\TEMP\CR_F4E8F.TMP\SETUP_PATCH.PACKED.7Z %TEMP%\1429272135.EBHCABFBDFCBC %TEMP%\EBHCABFBDFCBC.EXE %TEMP%\EBHCABFBDFCBC.ZIP %TEMP%\NSSDE4B.TMP\CQFZZ.DLL Detected by UnHackMe: EBHCABFBDFCBC.EXE DEFAULT LOCATION: %TEMP%\EBHCABFBDFCBC.EXE Dropper hash(md5): 0c2bfe2e6659aab8a09b65350a9239da UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

virus.win32.chir.b@mm

October 5, 2016

Virus No Comments

virus.win32.chir.b@mm also known as TROJ_GEN.R023C0EHI16, PUA.OutBrowse, Adware.W32.Outbrowse!c. Malware Analysis of virus.win32.chir.b@mm – DCFCABFCDBI.EXE Created files: %TEMP%\WER8B80.TMP.MDMP %TEMP%\WER9F4.TMP.WERINTERNALMETADATA.XML %TEMP%\DCFCABFCDBI.EXE %TEMP%\DCFCABFCDBI.ZIP %TEMP%\JJ9.DCFCABFCDBI Detected by UnHackMe: DCFCABFCDBI.EXE DEFAULT LOCATION: %TEMP%\DCFCABFCDBI.EXE Dropper hash(md5): 0d287b1b78a49085b21280f938044f79 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

virus.win32.huhk.7005

October 5, 2016

Virus No Comments

virus.win32.huhk.7005 also known as Win.Trojan.Tepfer-61, PWS:Win32/Zbot!GO, Win32.Trojan.Kryptik.du. Malware Analysis of virus.win32.huhk.7005 – OMBAUM.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS MAIL\LOCAL FOLDERS\SENT ITEMS\WINMAIL.FOL %LOCAL APPDATA%\MICROSOFT\WINDOWS MAIL\MICROSOFT COMMUNITIES\ACCOUNT{590D00F5-2783-4D8E-972C-BC334CDE86FF}.OEACCOUNT %APPDATA%\FAAT\OMBAUM.EXE %WINDIR%\TEMP\1E0D.TMP %WINDIR%\TEMP\1E3D.TMP Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OMBAUM: “%APPDATA%\FAAT\OMBAUM.EXE” Detected by UnHackMe: OMBAUM.EXE DEFAULT LOCATION: %APPDATA%\FAAT\OMBAUM.EXE Dropper hash(md5): 1b0eb6a955338f5f27049376139cb7ad UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus…

Continue reading →

Virus.W32.Dh!c

October 3, 2016

Virus No Comments

Virus.W32.Dh!c also known as Win32/DH.FF840097{Mw}, Mal/Generic-S, Backdoor/W32.Agent.921600.AE. Malware Analysis of Virus.W32.Dh!c – MSOIA.EXE Created files: %Program Files%\Google\Chrome\Temp\source812_30229\chrome_patch.diff %LOCAL APPDATA%\MICROSOFT\INTERNET EXPLORER\IECOMPATDATA\IELOWUTIL.EXE %LOCAL APPDATA%\MICROSOFT\OFFICE\15.0\MSOIA.EXE %TEMP%\036BAE8DD72BD70761960A90EA631FF1.EXE %WINDIR%\TEMP\55FD.TMP Detected by UnHackMe: MSOIA.EXE DEFAULT LOCATION: %LOCAL APPDATA%\MICROSOFT\OFFICE\15.0\MSOIA.EXE Dropper hash(md5): 036bae8dd72bd70761960a90ea631ff1 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

virus.win32.sality.at

September 30, 2016

Virus No Comments

virus.win32.sality.at also known as Downloader.NSIS.a, OutBrowse (fs). Malware Analysis of virus.win32.sality.at – BUTTERFLYSCR.EXE Created files: %TEMP%\{5BF0A9F9-D95F-40EF-9C54-A24BA026F53A}\SETUP.INI %TEMP%\{5BF0A9F9-D95F-40EF-9C54-A24BA026F53A}\_SETUP.DLL %WINDIR%\BUTTERFLYSCR.EXE %WINDIR%\SPRING\1.JPG %WINDIR%\SPRING\10.JPG Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{521ED2FA-5A27-242A-A349-901E43D6CC31}\UninstallString: “”%Program Files%\InstallShield Installation Information\{521ED2FA-5A27-242A-A349-901E43D6CC31}\setup.exe” -runfromtemp -l0x0009 -removeonly” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{521ED2FA-5A27-242A-A349-901E43D6CC31}\DisplayName: “Free Spring Screensaver” Detected by UnHackMe: BUTTERFLYSCR.EXE Default location: %WinDir%\BUTTERFLYSCR.EXE Dropper hash(md5): 596c2ef53d812d94bbdda2661a944651 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading →

virus.win32.sality.am

September 29, 2016

Virus No Comments

virus.win32.sality.am also known as BrowserModifier:Win32/Diplugem, Gen:Variant.Adware.MultiPlug.18, PUP/Win32.MultiPlug.R160584. Malware Analysis of virus.win32.sality.am – E7C015DA1749F582E1FC7CE97CB674FA.EXE Created files: %Program Files%\Google\Chrome\Temp\source2548_10748\chrome_patch.diff %COMMON APPDATA%\{5E571975-9749-3DE4-5E57-7197597465D6}\E7C015DA1749F582E1FC7CE97CB674FA.DAT %COMMON APPDATA%\{5E571975-9749-3DE4-5E57-7197597465D6}\E7C015DA1749F582E1FC7CE97CB674FA.EXE %SYSDIR%\TASKS\SMOOTHTRAVELS %WINDIR%\TASKS\SMOOTHTRAVELS.JOB Detected by UnHackMe: E7C015DA1749F582E1FC7CE97CB674FA.EXE DEFAULT LOCATION: %COMMON APPDATA%\{5E571975-9749-3DE4-5E57-7197597465D6}\E7C015DA1749F582E1FC7CE97CB674FA.EXE Dropper hash(md5): e7c015da1749f582e1fc7ce97cb674fa UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

virus.win32.grenam.b

September 29, 2016

Virus No Comments

virus.win32.grenam.b also known as Trojan.Agent/Generic, PUP.Adware.Outbrowse, Pua.Outbrowse.Gen!c. Malware Analysis of virus.win32.grenam.b – BACGCABEBBBAI.EXE Created files: %TEMP%\WER4F0C.TMP.APPCOMPAT.TXT %TEMP%\WER6228.TMP.MDMP %TEMP%\BACGCABEBBBAI.EXE %TEMP%\NSGD9C7.TMP\DD.DLL %TEMP%\NSGD9C7.TMP\NSISUNZ.DLL Detected by UnHackMe: BACGCABEBBBAI.EXE DEFAULT LOCATION: %TEMP%\BACGCABEBBBAI.EXE Dropper hash(md5): d4d5487154c5d090cf4537b4fc401ad2 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Win32/Virus.fe8

September 29, 2016

Virus No Comments

Win32/Virus.fe8 also known as TROJ_GEN.R0F0C0EHM16, Adware.Generic.1523053. Malware Analysis of Win32/Virus.fe8 – WINREPAIRPRO.EXE Created files: %Program Files%\WinRepair Pro\unins000.dat %Program Files%\WinRepair Pro\unins000.exe %Program Files%\WinRepair Pro\WinRepairPro.exe %Program Files%\WinRepair Pro\WRPUns.exe %Program Files%\WinRepair Pro\xmllite.dll Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRepair Pro_is1\DisplayName: “WinRepair Pro” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRepair Pro_is1\UninstallString: “”%Program Files%\WinRepair Pro\unins000.exe” /silent” HKLM\SOFTWARE\CLASSES\CLSID\{CC5BBEC3-DB4A-4BED-828D-08D78EE3E1ED}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{F414C261-6AC0-11CF-B6D1-00AA00BBBB58}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{F414C262-6AC0-11CF-B6D1-00AA00BBBB58}\INPROCSERVER32\: “%SYSDIR%\JSCRIPT.DLL” Detected by UnHackMe: WINREPAIRPRO.EXE Default…

Continue reading →

not-a-virus:RiskTool.FlyStudio

September 27, 2016

Virus No Comments

not-a-virus:RiskTool.FlyStudio also known as Gen:Variant.Strictor.105176, Gen:Variant.Strictor.105176, Win32/Oflwr.A!crypt. Malware Analysis of not-a-virus:RiskTool.FlyStudio – TSIE.EXE Created files: %WINDIR%\SPLWO32.EXE %WINDIR%\TS.DAT %WINDIR%\TSIE.EXE %SYSTEMDRIVE%\EYOOADCOFIG.INI Detected by UnHackMe: TSIE.EXE Default location: %WinDir%\TSIE.EXE Dropper hash(md5): a91454719cc396883651b566c105cf4b UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

virus.win32.ursnif.d

September 27, 2016

Virus No Comments

virus.win32.ursnif.d also known as W32/S-a83daaf9!Eldorado, MultiPlug, MultiPlug (v). Malware Analysis of virus.win32.ursnif.d – E39838EFA04E36BD4765F6457C8AF5EC.EXE Created files: %COMMON APPDATA%\{AE9A8350-D663-BC6D-AE9A-A8350D660D43}\E19F770B725A8540 %COMMON APPDATA%\{AE9A8350-D663-BC6D-AE9A-A8350D660D43}\E39838EFA04E36BD4765F6457C8AF5EC.DAT %COMMON APPDATA%\{AE9A8350-D663-BC6D-AE9A-A8350D660D43}\E39838EFA04E36BD4765F6457C8AF5EC.EXE %SYSDIR%\TASKS\MATCHUP %WINDIR%\TASKS\MATCHUP.JOB Detected by UnHackMe: E39838EFA04E36BD4765F6457C8AF5EC.EXE DEFAULT LOCATION: %COMMON APPDATA%\{AE9A8350-D663-BC6D-AE9A-A8350D660D43}\E39838EFA04E36BD4765F6457C8AF5EC.EXE Dropper hash(md5): e39838efa04e36bd4765f6457c8af5ec UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

virus.win32.gael.c

September 27, 2016

Virus No Comments

virus.win32.gael.c also known as Artemis!477ADF6C4B02, Generic.853, PUP/Win32.OutBrowse.R124846. Malware Analysis of virus.win32.gael.c – RIW.EXE Created files: %TEMP%\NSF316C.TMP\CVF.DLL %TEMP%\NSF316C.TMP\NSISUNZ.DLL %TEMP%\RIW.EXE Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\LOCALSERVER32\: “”%TEMP%\RIW.EXE”” Detected by UnHackMe: RIW.EXE DEFAULT LOCATION: %TEMP%\RIW.EXE Dropper hash(md5): ea7ebc4339adebb7b6f4af848f091756 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Virus.Gen|2|103!c

September 23, 2016

Virus No Comments

Virus.Gen|2|103!c also known as Application.Generic.1604997, PUP-XAC-YE, Trojan.Crossrider1.53683. Malware Analysis of Virus.Gen|2|103!c – VVOEF80.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016092220160923\CONTAINER.DAT %TEMP%\VVOEF80.EXE %TEMP%\VVOEF80.TMP Detected by UnHackMe: VVOEF80.EXE DEFAULT LOCATION: %TEMP%\VVOEF80.EXE Dropper hash(md5): 81338123e01db95a7097c60f1ae94411 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

Virus.Ac1.Gen!c

September 22, 2016

Virus No Comments

Virus.Ac1.Gen!c also known as Generic.AC1. Malware Analysis of Virus.Ac1.Gen!c – OLD_CHEDOT.EXE Created files: %LOCAL APPDATA%\CHEDOT\APPLICATION\SETUPMETRICS.PMA %LOCAL APPDATA%\CHEDOT\APPLICATION\UPDATE RUN %LOCAL APPDATA%\CHEDOT\TEMP\SCOPED_DIR_724_24340\OLD_CHEDOT.EXE %LOCAL APPDATA%\CHEDOT\USER DATA\CRASHPAD\METADATA %LOCAL APPDATA%\CHEDOT\USER DATA\CRASHPAD\SETTINGS.DAT Autostart registry keys: HKLM\SOFTWARE\CLASSES\CHEDOTHTML.IBKILHJPHK4A2Z3HC4Y7GXXDXU\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE” — “%1″” HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CHEDOT.IBKILHJPHK4A2Z3HC4Y7GXXDXU\SHELL\OPEN\COMMAND\: “”%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE”” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CHEDOT: “%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE” HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Chedot\DisplayName: “Chedot” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHEDOT\UNINSTALLSTRING: “”%LOCAL APPDATA%\CHEDOT\APPLICATION\51.0.2704.532\INSTALLER\SETUP.EXE” –UNINSTALL” HKCU\SOFTWARE\CHEDOT\UPDATE\CLIENTSTATE\{34C02268-5705-4894-941D-FEEB3D2308A9}\UNINSTALLSTRING: “%LOCAL APPDATA%\CHEDOT\APPLICATION\51.0.2704.532\INSTALLER\SETUP.EXE” Detected by UnHackMe: OLD_CHEDOT.EXE DEFAULT LOCATION:…

Continue reading →

Win32/Virus.9b7

September 20, 2016

Virus No Comments

Win32/Virus.9b7 also known as Win32:OutBrowse-JP [PUP], Downloader.FUG, PUA.OutBrowse. Malware Analysis of Win32/Virus.9b7 – SIHEW.DLL Created files: %TEMP%\ECBCABFBDFBGJ.ZIP %TEMP%\NSMD041.TMP\NSISUNZ.DLL %TEMP%\NSMD041.TMP\SIHEW.DLL %TEMP%\WER3AD4.TMP.APPCOMPAT.TXT %TEMP%\WER491D.TMP.MDMP Detected by UnHackMe: SIHEW.DLL DEFAULT LOCATION: %TEMP%\NSMD041.TMP\SIHEW.DLL Dropper hash(md5): cf9e2d5a0829360be02685a286fb7b2a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

virus.win32.virut.bn

September 15, 2016

Virus No Comments

virus.win32.virut.bn also known as Win.Adware.Agent-1321679, Adware.Installerex.A8, PUA.Multiplug. Malware Analysis of virus.win32.virut.bn – A4825898EF377A408EF41792B6687161.EXE Created files: %COMMON APPDATA%\{28D1C18F-1855-5E1E-28D1-1C18F185063C}\38F907D13E9731D %COMMON APPDATA%\{28D1C18F-1855-5E1E-28D1-1C18F185063C}\A4825898EF377A408EF41792B6687161.DAT %COMMON APPDATA%\{28D1C18F-1855-5E1E-28D1-1C18F185063C}\A4825898EF377A408EF41792B6687161.EXE %COMMON APPDATA%\{28D1C18F-1855-5E1E-28D1-1C18F185063C}\CE723628343D94C9 %SYSDIR%\TASKS\EASYCROP Detected by UnHackMe: A4825898EF377A408EF41792B6687161.EXE DEFAULT LOCATION: %COMMON APPDATA%\{28D1C18F-1855-5E1E-28D1-1C18F185063C}\A4825898EF377A408EF41792B6687161.EXE Dropper hash(md5): a4825898ef377a408ef41792b6687161 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

not-a-virus:Monitor.Win32

September 15, 2016

Virus No Comments

not-a-virus:Monitor.Win32 also known as Spyware.PowerSpy, Gen:Trojan.Heur.cm0@s1Qz8Geiy, Gen:Trojan.Heur.cm0@s1Qz8Geiy. Malware Analysis of not-a-virus:Monitor.Win32 – WPSPROC.EXE Created files: %SYSDIR%\TABCTL32.OCX %SYSDIR%\VIC32.DLL %SYSDIR%\WPSPROC.EXE Detected by UnHackMe: WPSPROC.EXE Default location: %SYSDIR%\WPSPROC.EXE Dropper hash(md5): a41c7ddd969d48fe24537cd0a5b2f790 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

not-a-virus:Monitor.Win32.PowerSpy

September 15, 2016

Virus No Comments

not-a-virus:Monitor.Win32.PowerSpy also known as Heur.Win32.VB.Gen, Trojan.Heur.EAEEC2, (Suspicious) – DNAScan. Malware Analysis of not-a-virus:Monitor.Win32.PowerSpy – MWSVCPS.EXE Created files: %SYSDIR%\MSCOMCT2.OCX %SYSDIR%\MSCOMCTL.OCX %SYSDIR%\MWSVCPS.EXE %SYSDIR%\P20.DAT %SYSDIR%\P21.DAT Detected by UnHackMe: MWSVCPS.EXE Default location: %SYSDIR%\MWSVCPS.EXE Dropper hash(md5): a41c7ddd969d48fe24537cd0a5b2f790 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

RiskWare[Monitor:not-a-virus]/Win32.PCSpy

September 15, 2016

Virus No Comments

RiskWare[Monitor:not-a-virus]/Win32.PCSpy also known as Power Spy (fs), Riskware.Win32.PCSpy.edypqq, Power Spy (fs). Malware Analysis of RiskWare[Monitor:not-a-virus]/Win32.PCSpy – WINPS.EXE Created files: %Program Files%\Power Spy\unins000.dat %Program Files%\Power Spy\unins000.exe %Program Files%\Power Spy\winps.exe %TEMP%\STPE1D4.TMP %TEMP%\STPE1D4_TMP.EXE Detected by UnHackMe: WINPS.EXE Default location: %PROGRAM FILES%\POWER SPY\WINPS.EXE Dropper hash(md5): a41c7ddd969d48fe24537cd0a5b2f790 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus…

Continue reading →

not-a-virus:Monitor.Win32.PCSpy.uu

September 15, 2016

Virus No Comments

not-a-virus:Monitor.Win32.PCSpy.uu also known as RiskWare[Monitor:not-a-virus]/Win32.PCSpy, HEUR/QVM03.0.0000.Malware.Gen, Riskware.Monitor!. Malware Analysis of not-a-virus:Monitor.Win32.PCSpy.uu – WINPS.EXE Created files: %Program Files%\Power Spy\unins000.dat %Program Files%\Power Spy\unins000.exe %Program Files%\Power Spy\winps.exe %TEMP%\STPE1D4.TMP %TEMP%\STPE1D4_TMP.EXE Detected by UnHackMe: WINPS.EXE Default location: %PROGRAM FILES%\POWER SPY\WINPS.EXE Dropper hash(md5): a41c7ddd969d48fe24537cd0a5b2f790 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera