virus.win32.sality.am also known as W32/S-d53108b6!Eldorado, Gen:Variant.Adware.MultiPlug, MultiPlug (PUA). Malware Analysis of virus.win32.sality.am – 86AEDD5ABC380CA10C3D1F9E21F5AC08.EXE Created files: %COMMON APPDATA%\{59B7EBA3-BD1A-F14D-59B7-7EBA3BD1AE8E}\5B869C92DD20A1E1 %COMMON APPDATA%\{59B7EBA3-BD1A-F14D-59B7-7EBA3BD1AE8E}\86AEDD5ABC380CA10C3D1F9E21F5AC08.DAT %COMMON APPDATA%\{59B7EBA3-BD1A-F14D-59B7-7EBA3BD1AE8E}\86AEDD5ABC380CA10C3D1F9E21F5AC08.EXE %COMMON APPDATA%\{59B7EBA3-BD1A-F14D-59B7-7EBA3BD1AE8E}\967B3AC7FAF44635 %SYSDIR%\TASKS\EASYPARK Detected by UnHackMe: 86AEDD5ABC380CA10C3D1F9E21F5AC08.EXE DEFAULT LOCATION: %COMMON APPDATA%\{59B7EBA3-BD1A-F14D-59B7-7EBA3BD1AE8E}\86AEDD5ABC380CA10C3D1F9E21F5AC08.EXE Dropper hash(md5): 86aedd5abc380ca10c3d1f9e21f5ac08 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

virus.win32.jadtre.l also known as not-a-virus:HEUR:AdWare.Win32.MultiPlug.heur, PUP.Optional.MultiPlug, Gen:Variant.Adware.MultiPlug.18. Malware Analysis of virus.win32.jadtre.l – 85A41DC9F800E48D3EE6B585DA939714.EXE Created files: %COMMON APPDATA%\{F15E1EE7-A47A-BA5A-F15E-E1EE7A477B9E}\4B41CFE25C9B81BC %COMMON APPDATA%\{F15E1EE7-A47A-BA5A-F15E-E1EE7A477B9E}\85A41DC9F800E48D3EE6B585DA939714.DAT %COMMON APPDATA%\{F15E1EE7-A47A-BA5A-F15E-E1EE7A477B9E}\85A41DC9F800E48D3EE6B585DA939714.EXE %COMMON APPDATA%\{F15E1EE7-A47A-BA5A-F15E-E1EE7A477B9E}\86BC69B77B4F6668 %SYSDIR%\TASKS\MRFIXER Detected by UnHackMe: 85A41DC9F800E48D3EE6B585DA939714.EXE DEFAULT LOCATION: %COMMON APPDATA%\{F15E1EE7-A47A-BA5A-F15E-E1EE7A477B9E}\85A41DC9F800E48D3EE6B585DA939714.EXE Dropper hash(md5): 85a41dc9f800e48d3ee6b585da939714 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

RiskTool.SiteHelp.gb (Not a Virus) also known as Trojan.Win32.Generic!BT, Mal/Generic-S, GenPack:Trojan.Agent.AVDY. Malware Analysis of RiskTool.SiteHelp.gb (Not a Virus) – WVCE.EXE Created files: %WINDIR%\WNTLDR.EXE %WINDIR%\INSTALLER\MCOS.EXE %WINDIR%\INSTALLER\WVCE.EXE %WINDIR%\SECURITY.EXE %WINDIR%\SRCHASST.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\wvzader: “%WinDir%\Installer\mcos.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\gwqver: “%WinDir%\Installer\wvce.exe” HKLM\System\CurrentControlSet\services\str Pqqwormance Adauuis\ImagePath: “%WinDir%\srchasst.exe” HKLM\System\CurrentControlSet\services\str Pqqwormance Adauuis\DisplayName: “str Pqqwormance Adauuis” HKLM\System\CurrentControlSet\services\str Pqrformance Adauuis\ImagePath: “%WinDir%\security.exe” HKLM\System\CurrentControlSet\services\str Pqrformance Adauuis\DisplayName: “str Pqrformance Adauuis” Detected by…

Continue reading →

not-a-virus:RiskTool.Win32.SiteHelp.a also known as W32/GenPua.AFEFFCBD!Olympus, GenPack:Trojan.Agent.AVDY, GenPack:Trojan.Agent.AVDY. Malware Analysis of not-a-virus:RiskTool.Win32.SiteHelp.a – WVCE.EXE Created files: %WINDIR%\WNTLDR.EXE %WINDIR%\INSTALLER\MCOS.EXE %WINDIR%\INSTALLER\WVCE.EXE %WINDIR%\SECURITY.EXE %WINDIR%\SRCHASST.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\wvzader: “%WinDir%\Installer\mcos.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\gwqver: “%WinDir%\Installer\wvce.exe” HKLM\System\CurrentControlSet\services\str Pqqwormance Adauuis\ImagePath: “%WinDir%\srchasst.exe” HKLM\System\CurrentControlSet\services\str Pqqwormance Adauuis\DisplayName: “str Pqqwormance Adauuis” HKLM\System\CurrentControlSet\services\str Pqrformance Adauuis\ImagePath: “%WinDir%\security.exe” HKLM\System\CurrentControlSet\services\str Pqrformance Adauuis\DisplayName: “str Pqrformance Adauuis” Detected by UnHackMe: WVCE.EXE Default location: %WinDir%\INSTALLER\WVCE.EXE Dropper…

Continue reading →

virus.win32.icogon.a also known as Win32:Malware-gen, Trojan.Win32.Injector, Trojan:Win32/Dynamer!ac. Malware Analysis of virus.win32.icogon.a – OPENCANDY.DLL Created files: %APPDATA%\FOOTNOTE.NUMBER.FORMAT.XML %APPDATA%\GOURL_LR_PHOTOSHOP_DK.CSV %APPDATA%\OPENCANDY.DLL %APPDATA%\WEARABSORBATE.D Detected by UnHackMe: OPENCANDY.DLL DEFAULT LOCATION: %APPDATA%\OPENCANDY.DLL Dropper hash(md5): 66df740a6f338f0e103d815964222bbb UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

Win32/Virus.WebToolbar.5bb also known as Win32.Adware.Mindspark.E, PUP.WebToolbar.MyWebSearch. Malware Analysis of Win32/Virus.WebToolbar.5bb – TOOLTABEXTENSION.DLL Created files: %Program Files%\PremierDownloadManager\RegAsm.exe %Program Files%\PremierDownloadManager\t8MedInt.exe %Program Files%\PremierDownloadManager\TooltabExtension.dll %Program Files%\PremierDownloadManager\TooltabExtension.ini %Program Files%\PremierDownloadManager\Uninstall\IRIMG1.PNG Autostart registry keys: HKLM\Software\Classes\CLSID\{819D045F-E9A2-39E0-B495-D615AD1A9471}\InprocServer32\: “mscoree.dll” HKLM\Software\Classes\CLSID\{87D1BD5F-0174-4AB2-FFC4-9E3A451F17EB}\InprocServer32\: “mscoree.dll” HKLM\Software\Classes\CLSID\{DA024AE8-AE02-4D90-ACCA-573716C04C39}\InprocServer32\: “%Program Files%\PremierDownloadManager\TooltabExtension.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mindspark PremierDownloadManager\DisplayName: “Premier Download Manager” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mindspark PremierDownloadManager\UninstallString: “”%Program Files%\PremierDownloadManager\\UninstallSF.exe” “/U:%Program Files%\PremierDownloadManager\Uninstall\uninstall.xml”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Premier Download Manager\DisplayName: “” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Premier Download Manager\UninstallString: “%Program Files%\PremierDownloadManager\uninstall.exe” Detected…

Continue reading →

not-a-virus:HEUR:WebToolbar.Win32.Agent.gen also known as HEUR/QVM20.1.Malware.Gen, PUP.WebToolbar.MyWebSearch, Adware.MyWebSearch.120. Malware Analysis of not-a-virus:HEUR:WebToolbar.Win32.Agent.gen – T8MEDINT.EXE Created files: %Program Files%\PremierDownloadManager\pdmanager_ie.tlb %Program Files%\PremierDownloadManager\RegAsm.exe %Program Files%\PremierDownloadManager\t8MedInt.exe %Program Files%\PremierDownloadManager\TooltabExtension.dll %Program Files%\PremierDownloadManager\TooltabExtension.ini Autostart registry keys: HKLM\Software\Classes\CLSID\{819D045F-E9A2-39E0-B495-D615AD1A9471}\InprocServer32\: “mscoree.dll” HKLM\Software\Classes\CLSID\{87D1BD5F-0174-4AB2-FFC4-9E3A451F17EB}\InprocServer32\: “mscoree.dll” HKLM\Software\Classes\CLSID\{DA024AE8-AE02-4D90-ACCA-573716C04C39}\InprocServer32\: “%Program Files%\PremierDownloadManager\TooltabExtension.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mindspark PremierDownloadManager\DisplayName: “Premier Download Manager” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mindspark PremierDownloadManager\UninstallString: “”%Program Files%\PremierDownloadManager\\UninstallSF.exe” “/U:%Program Files%\PremierDownloadManager\Uninstall\uninstall.xml”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Premier Download Manager\DisplayName: “” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Premier Download Manager\UninstallString: “%Program Files%\PremierDownloadManager\uninstall.exe”…

Continue reading →

RiskWare[WebToolbar:not-a-virus,HEUR]/Win32.Agent also known as not-a-virus:HEUR:WebToolbar.Win32.Agent.gen, BehavesLike.Win32.BadFile.ch, Webtoolbar.W32.Agent!c. Malware Analysis of RiskWare[WebToolbar:not-a-virus,HEUR]/Win32.Agent – TOOLTABEXTENSION.DLL Created files: %Program Files%\PremierDownloadManager\RegAsm.exe %Program Files%\PremierDownloadManager\t8MedInt.exe %Program Files%\PremierDownloadManager\TooltabExtension.dll %Program Files%\PremierDownloadManager\TooltabExtension.ini %Program Files%\PremierDownloadManager\Uninstall\IRIMG1.PNG Autostart registry keys: HKLM\Software\Classes\CLSID\{819D045F-E9A2-39E0-B495-D615AD1A9471}\InprocServer32\: “mscoree.dll” HKLM\Software\Classes\CLSID\{87D1BD5F-0174-4AB2-FFC4-9E3A451F17EB}\InprocServer32\: “mscoree.dll” HKLM\Software\Classes\CLSID\{DA024AE8-AE02-4D90-ACCA-573716C04C39}\InprocServer32\: “%Program Files%\PremierDownloadManager\TooltabExtension.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mindspark PremierDownloadManager\DisplayName: “Premier Download Manager” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mindspark PremierDownloadManager\UninstallString: “”%Program Files%\PremierDownloadManager\\UninstallSF.exe” “/U:%Program Files%\PremierDownloadManager\Uninstall\uninstall.xml”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Premier Download Manager\DisplayName: “” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Premier Download Manager\UninstallString: “%Program Files%\PremierDownloadManager\uninstall.exe”…

Continue reading →

virus.win32.sality.at also known as Adware.Mutabaha.1089, PUP.MPC/Variant, Artemis!CEBB1F7E5451. Malware Analysis of virus.win32.sality.at – MPCDOWNLOAD.EXE Created files: %TEMP%\MPCONLINE\MICROSOFT.VC90.CRT\MSVCP90.DLL %TEMP%\MPCONLINE\MICROSOFT.VC90.CRT\MSVCR90.DLL %TEMP%\MPCONLINE\MPCDOWNLOAD.EXE %TEMP%\MPCONLINE\MPCSETUP_4.3.TORRENT %TEMP%\MPCONLINE\P2PCONFIG.INI Detected by UnHackMe: MPCDOWNLOAD.EXE DEFAULT LOCATION: %TEMP%\MPCONLINE\MPCDOWNLOAD.EXE Dropper hash(md5): 9d8d4b97acced40cdb11d6cbb9320f07 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

virus.win32.virut.bn also known as Trojan.Adware.MultiPlug.18, BehavesLike.Win32.MultiPlug.fh. Malware Analysis of virus.win32.virut.bn – 0CAA5A0BBADFFDCADAD1C95A73FDDCFF.EXE Created files: %COMMON APPDATA%\{04258CF4-140A-ADBF-0425-58CF414033D0}\0CAA5A0BBADFFDCADAD1C95A73FDDCFF.DAT %COMMON APPDATA%\{04258CF4-140A-ADBF-0425-58CF414033D0}\0CAA5A0BBADFFDCADAD1C95A73FDDCFF.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\0CCCC242-E077-4D96-9733-FD8A0120E6CA %SYSDIR%\TASKS\MILECALC %WINDIR%\TASKS\MILECALC.JOB Detected by UnHackMe: 0CAA5A0BBADFFDCADAD1C95A73FDDCFF.EXE DEFAULT LOCATION: %COMMON APPDATA%\{04258CF4-140A-ADBF-0425-58CF414033D0}\0CAA5A0BBADFFDCADAD1C95A73FDDCFF.EXE Dropper hash(md5): 0caa5a0bbadffdcadad1c95a73fddcff UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

W32.eHeur.DTVirus also known as Trojan ( 0040f5041 ), Trojan/Win32.Tepfer.N919484874, BehavesLike.Win32.PWSZbot.fc. Malware Analysis of W32.eHeur.DTVirus – BOBUS.EXE Created files: %TEMP%\PPCRLUI_3244_2 %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\C9AC1FB9-D5F6-4651-BB64-C422F4E29FCA %APPDATA%\IJRI\BOBUS.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BOBUS: “%APPDATA%\IJRI\BOBUS.EXE” Detected by UnHackMe: BOBUS.EXE DEFAULT LOCATION: %APPDATA%\IJRI\BOBUS.EXE Dropper hash(md5): 022dfefb877ab14a37782d49ab01299b UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

not-a-virus:HEUR:Monitor.Win32.Ardamax.gen also known as Monitoringtool.Arda.21623, a variant of Win32/KeyLogger.Ardamax.NBP, BehavesLike.Win32.PUP.vc. Malware Analysis of not-a-virus:HEUR:Monitor.Win32.Ardamax.gen – DTL.EXE Created files: %COMMON APPDATA%\GTYFFP\DTL.01 %COMMON APPDATA%\GTYFFP\DTL.02 %COMMON APPDATA%\GTYFFP\DTL.EXE %SYSTEMDRIVE%\SAND-BOX\FOLDER.JPG %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016082820160829\CONTAINER.DAT Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DTL START: “%COMMON APPDATA%\GTYFFP\DTL.EXE” Detected by UnHackMe: DTL.EXE DEFAULT LOCATION: %COMMON APPDATA%\GTYFFP\DTL.EXE Dropper hash(md5): f41ed991a51182e82fc811201c42deee UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading →

virus.win32.ramnit.i!remnants also known as Gen:Variant.Buzy.248 (B), TR/ATRAPS.Gen. Malware Analysis of virus.win32.ramnit.i!remnants – FPNTNI.DLL Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\3B0670BC-12EB-4727-88F4-1A4A37855BBE %SYSTEMDRIVE%\RECYCLER\ITSS.EXE %Program Files Common%\fpntni.dll %Program Files Common%\TabIt.exe %COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\ITSS.LNK Detected by UnHackMe: FPNTNI.DLL Default location: %PROGRAM FILES COMMON%\FPNTNI.DLL Dropper hash(md5): 0105334ddb81846da2a15ec96a25b4d5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Win32/Virus.Monitor.e5b also known as Monitor.W32.Ardamax!c, Riskware.Win32.Ardamax.ebobcs. Malware Analysis of Win32/Virus.Monitor.e5b – DTL.EXE Created files: %COMMON APPDATA%\GTYFFP\DTL.01 %COMMON APPDATA%\GTYFFP\DTL.02 %COMMON APPDATA%\GTYFFP\DTL.EXE %SYSTEMDRIVE%\SAND-BOX\FOLDER.JPG %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016082820160829\CONTAINER.DAT Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DTL START: “%COMMON APPDATA%\GTYFFP\DTL.EXE” Detected by UnHackMe: DTL.EXE DEFAULT LOCATION: %COMMON APPDATA%\GTYFFP\DTL.EXE Dropper hash(md5): f41ed991a51182e82fc811201c42deee UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software.…

Continue reading →

virus.win32.virut.ab also known as Adware/DirectDownloader, Trojan.Win32.Generic!BT, Adware.Downware.580. Malware Analysis of virus.win32.virut.ab – PREINSTALLER.EXE Created files: %TEMP%\DC4760A6A7003C4749DA4B3F2588B9F5\DOWNLOADERSTUB.EXE %TEMP%\DC4760A6A7003C4749DA4B3F2588B9F5\OPENCL.DLL %TEMP%\DC4760A6A7003C4749DA4B3F2588B9F5\PREINSTALLER.EXE %TEMP%\DC4760A6A7003C4749DA4B3F2588B9F5\UPDATER.EXE %TEMP%\NSAFED3.TMP\NSISDL.DLL Detected by UnHackMe: PREINSTALLER.EXE DEFAULT LOCATION: %TEMP%\DC4760A6A7003C4749DA4B3F2588B9F5\PREINSTALLER.EXE Dropper hash(md5): 4a62630d5add7f6b505ea1d41f638099 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Virus.Win32.DelfInject also known as Trojan.GenericKD.3242527, TROJ_GEN.R023C0REI16, Trojan.GenericKD.3242527. Malware Analysis of Virus.Win32.DelfInject – WINDIWS.EXE Created files: %TEMP%\WINDIWS\WINDIWS %TEMP%\WINDIWS\WINDIWS.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\2F0FD999-E8C4-4D3E-9D5F-0B00187112C4 Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{EE4F24BA-BEBB-7FB6-A16E-A5CAD2D9FCF1}\STUBPATH: “%TEMP%\WINDIWS\WINDIWS.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{EE4F24BA-BEBB-7FB6-A16E-A5CAD2D9FCF1}\STUBPATH: “%TEMP%\WINDIWS\WINDIWS.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%TEMP%\WINDIWS\WINDIWS.EXE” Detected by UnHackMe: WINDIWS.EXE DEFAULT LOCATION: %TEMP%\WINDIWS\WINDIWS.EXE Dropper hash(md5): 09f5e24e4e6791b4368018f653119211 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading →

not-a-virus:WebToolbar.Win32.CrossRider.apai also known as SAPE.Heur.977E7, Application.Win32.CrossRider.ABK, Gen:Application.Heur.zy5@myyJNjei. Malware Analysis of not-a-virus:WebToolbar.Win32.CrossRider.apai – SUPREME SAVINGS-BUTTONUTIL.DLL Created files: %Program Files%\Supreme Savings\Supreme Savings-bg.exe %Program Files%\Supreme Savings\Supreme Savings-bho.dll %Program Files%\Supreme Savings\Supreme Savings-buttonutil.dll %Program Files%\Supreme Savings\Supreme Savings-buttonutil.exe %Program Files%\Supreme Savings\Supreme Savings-codedownloader.exe Autostart registry keys: HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110111991162}\InprocServer32\: “%Program Files%\Supreme Savings\Supreme Savings-bho.dll” HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220122992262}\InprocServer32\: “%Program Files%\Supreme Savings\Supreme Savings-bho.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Supreme Savings\DisplayName: “Supreme Savings” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Supreme Savings\UninstallString:…

Continue reading →

not-a-virus:Monitor.Win32.ActualSpy also known as Win32.Trojan.Hider.c, not-a-virus:Monitor.Win32.ActualSpy.27. Malware Analysis of not-a-virus:Monitor.Win32.ActualSpy – BQJEJC.DLL Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\8407652C-E45A-4A42-AF80-5D6595EA9EA4 %SYSTEMDRIVE%\RECYCLER\ITSS.EXE %Program Files Common%\bqjejc.dll %Program Files Common%\TabIt.exe %COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\ITSS.LNK Detected by UnHackMe: BQJEJC.DLL Default location: %PROGRAM FILES COMMON%\BQJEJC.DLL Dropper hash(md5): 0105334ddb81846da2a15ec96a25b4d5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

not-a-virus:HEUR:WebToolbar.Win32.CrossRider.gen also known as Riskware.Win32.Agent.doofwx, Malware.Generic!0SAk8hyKXK@5 (Thunder), Trojan.Crossrider1.27002. Malware Analysis of not-a-virus:HEUR:WebToolbar.Win32.CrossRider.gen – SUPREME SAVINGS-BUTTONUTIL.EXE Created files: %Program Files%\Supreme Savings\Supreme Savings-bho.dll %Program Files%\Supreme Savings\Supreme Savings-buttonutil.dll %Program Files%\Supreme Savings\Supreme Savings-buttonutil.exe %Program Files%\Supreme Savings\Supreme Savings-codedownloader.exe %Program Files%\Supreme Savings\Supreme Savings-firefoxinstaller.exe Autostart registry keys: HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110111991162}\InprocServer32\: “%Program Files%\Supreme Savings\Supreme Savings-bho.dll” HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220122992262}\InprocServer32\: “%Program Files%\Supreme Savings\Supreme Savings-bho.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Supreme Savings\DisplayName: “Supreme Savings” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Supreme…

Continue reading →

not-a-virus:Monitor.Win32.ActualSpy.27 also known as BackDoor-CCT.dll, Trojan.PWS.Qqpass.5216, Gen:Variant.Buzy.248. Malware Analysis of not-a-virus:Monitor.Win32.ActualSpy.27 – BQJEJC.DLL Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\8407652C-E45A-4A42-AF80-5D6595EA9EA4 %SYSTEMDRIVE%\RECYCLER\ITSS.EXE %Program Files Common%\bqjejc.dll %Program Files Common%\TabIt.exe %COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\ITSS.LNK Detected by UnHackMe: BQJEJC.DLL Default location: %PROGRAM FILES COMMON%\BQJEJC.DLL Dropper hash(md5): 0105334ddb81846da2a15ec96a25b4d5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

GrayWare[:not-a-virus]/Win32.StartPage.gen also known as Adware ( 004f59bf1 ), Artemis. Malware Analysis of GrayWare[:not-a-virus]/Win32.StartPage.gen – ZHINENG.EXE Created files: %APPDATA%\2345SOFT\2345COMPUTERTOOLS\TEMPLATE\TEMPLATE.EXE %APPDATA%\2345SOFT\2345COMPUTERTOOLS\XUNLEI\XUNLEI.PNG %APPDATA%\2345SOFT\2345COMPUTERTOOLS\ZHINENG\ZHINENG.EXE %APPDATA%\2345SOFT\2345COMPUTERTOOLS\ZHINENG\ZHINENG.PNG %PROFILE%\DESKTOP\P7_K11548207_BBSEV373PYVKMGSL0JBKNV47D0HXM.EXE Detected by UnHackMe: ZHINENG.EXE DEFAULT LOCATION: %APPDATA%\2345SOFT\2345COMPUTERTOOLS\ZHINENG\ZHINENG.EXE Dropper hash(md5): 17b5be2945063ac077fd64b7aa37a173 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

not-a-virus:Dialer.Win32.E-Group.1046 also known as Porndialer.Gen (fs), Application.Dialer.E.Group.A, RiskWare.Dialer.E-Group.c. Malware Analysis of not-a-virus:Dialer.Win32.E-Group.1046 – EXEDIALER.EXE Created files: %START MENU%\INSTANT ACCESS.LNK %SYSDIR%\EGDACCESS_1058.DLL %WINDIR%\EXEDIALER.EXE Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}\INPROCSERVER32\: “%SYSDIR%\EGDACCESS_1058.DLL” Detected by UnHackMe: EXEDIALER.EXE Default location: %WinDir%\EXEDIALER.EXE Dropper hash(md5): 038243a1f241e4ebcb83617f7677b709 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

RiskWare[Dialer:not-a-virus]/Win32.E-Group also known as Application.Dialer.E.Group.A, Riskware/RAS, W32/Dialer.FTZ. Malware Analysis of RiskWare[Dialer:not-a-virus]/Win32.E-Group – EXEDIALER.EXE Created files: %START MENU%\INSTANT ACCESS.LNK %SYSDIR%\EGDACCESS_1058.DLL %WINDIR%\EXEDIALER.EXE Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}\INPROCSERVER32\: “%SYSDIR%\EGDACCESS_1058.DLL” Detected by UnHackMe: EXEDIALER.EXE Default location: %WinDir%\EXEDIALER.EXE Dropper hash(md5): 038243a1f241e4ebcb83617f7677b709 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

not-a-virus:Porn-Dialer.Win32.EgroupDial also known as Dialer.ANS, Trojan.Wintrim.BH, TROJ_COLLECTOR.A. Malware Analysis of not-a-virus:Porn-Dialer.Win32.EgroupDial – EGDACCESS_1058.DLL Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\A3796A63-5D84-4C36-AD83-7A7202A6C66D %START MENU%\INSTANT ACCESS.LNK %SYSDIR%\EGDACCESS_1058.DLL %WINDIR%\EXEDIALER.EXE Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}\INPROCSERVER32\: “%SYSDIR%\EGDACCESS_1058.DLL” Detected by UnHackMe: EGDACCESS_1058.DLL Default location: %SYSDIR%\EGDACCESS_1058.DLL Dropper hash(md5): 038243a1f241e4ebcb83617f7677b709 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

not-a-virus:Porn-Dialer.Win32.InstantAccess also known as Dialer.ANS, Trojan.Wintrim.BH, Trojan.Wintrim.BH. Malware Analysis of not-a-virus:Porn-Dialer.Win32.InstantAccess – EGDACCESS_1058.DLL Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\A3796A63-5D84-4C36-AD83-7A7202A6C66D %START MENU%\INSTANT ACCESS.LNK %SYSDIR%\EGDACCESS_1058.DLL %WINDIR%\EXEDIALER.EXE Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}\INPROCSERVER32\: “%SYSDIR%\EGDACCESS_1058.DLL” Detected by UnHackMe: EGDACCESS_1058.DLL Default location: %SYSDIR%\EGDACCESS_1058.DLL Dropper hash(md5): 038243a1f241e4ebcb83617f7677b709 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

Virus.Bd5.Gen!c also known as Adware ( 004d714b1 ), Artemis, a variant of MSIL/WebBar.A potentially unwanted. Malware Analysis of Virus.Bd5.Gen!c – WINWB.EXE Created files: %Program Files%\WebBarMedia\5.5.5995.17222\Newtonsoft.Json.dll %Program Files%\WebBarMedia\5.5.5995.17222\System.Threading.dll %Program Files%\WebBarMedia\5.5.5995.17222\winwb.exe %Program Files%\WebBarMedia\5.5.5995.17222\winwb.exe.config %Program Files%\WebBarMedia\unins000.dat Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WebBar Toolbar: “%Program Files%\WebBarMedia\5.5.5995.17222\winwb.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1\DisplayName: “WebBar Toolbar 5.5.5995.17222” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1\UninstallString: “”%Program Files%\WebBarMedia\unins000.exe”” Detected by UnHackMe: WINWB.EXE Default location: %PROGRAM FILES%\WEBBARMEDIA\5.5.5995.17222\WINWB.EXE…

Continue reading →

Virus.Win32.VB.JGL also known as Artemis!BA8F89CAA12A, Mal/Generic-S, W32/Backdoor2.CXBV. Malware Analysis of Virus.Win32.VB.JGL – 066673B42E11B14BD57D5745BB220581.EXE Created files: %WINDIR%\066673B42E11B14BD57D5745BB220581.EXE Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TESTSERVICE2\IMAGEPATH: “%WINDIR%\066673B42E11B14BD57D5745BB220581.EXE” HKLM\System\CurrentControlSet\services\testservice2\DisplayName: “testservice2” Detected by UnHackMe: 066673B42E11B14BD57D5745BB220581.EXE Default location: %WinDir%\066673B42E11B14BD57D5745BB220581.EXE Dropper hash(md5): 066673b42e11b14bd57d5745bb220581 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

not-a-virus:Dialer.Win32.E-Group also known as Backdoor.Poison.Win32.41410, EGroup.SexDialer, PE:Trojan.Win32.Generic.13B563FD!330654717. Malware Analysis of not-a-virus:Dialer.Win32.E-Group – EGDIAL.DLL Created files: %START MENU%\VIZITUS.LNK %SYSDIR%\EGDHTML_1020.DLL %SYSDIR%\EGDIAL.DLL %WINDIR%\EXEDIALER.EXE Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{2ABE804B-4D3A-41BF-A172-304627874B45}\INPROCSERVER32\: “%SYSDIR%\EGDHTML_1020.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}\INPROCSERVER32\: “%SYSDIR%\EGDIAL.DLL” Detected by UnHackMe: EGDIAL.DLL Default location: %SYSDIR%\EGDIAL.DLL Dropper hash(md5): 2694e7e866aad8ba9f05c3dcb1d065c7 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

not-a-virus:Dialer.Win32.E-Group.1017 also known as Win32:Dialer-gen [Dialer], Dialer.OM, Dialer.Egroup. Malware Analysis of not-a-virus:Dialer.Win32.E-Group.1017 – EGDIAL.DLL Created files: %START MENU%\VIZITUS.LNK %SYSDIR%\EGDHTML_1020.DLL %SYSDIR%\EGDIAL.DLL %WINDIR%\EXEDIALER.EXE Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{2ABE804B-4D3A-41BF-A172-304627874B45}\INPROCSERVER32\: “%SYSDIR%\EGDHTML_1020.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}\INPROCSERVER32\: “%SYSDIR%\EGDIAL.DLL” Detected by UnHackMe: EGDIAL.DLL Default location: %SYSDIR%\EGDIAL.DLL Dropper hash(md5): 2694e7e866aad8ba9f05c3dcb1d065c7 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

not-a-virus:RiskTool.Win32.HideProc.da also known as W32/HideProc.DA!tr, RiskTool.Win32.HideProc!O, W32/Trojan.NSBY-8083. Malware Analysis of not-a-virus:RiskTool.Win32.HideProc.da – UORTTBCSPPTC.DLL Created files: %SYSDIR%\TTAO.ICO %SYSDIR%\UORTTBCSPPTC\EXPLORER.EXE %SYSDIR%\UORTTBCSPPTC\UORTTBCSPPTC.DLL %SYSTEMDRIVE%\F10S\CTFMON.EXE %SYSTEMDRIVE%\F10S\SVCHOST.EXE Autostart registry keys: HKLM\Software\Classes\CLSID\{899D1206-B170-46C9-93D1-8B79C5109280}\InProcServer32\: “%SystemRoot%\system32\shdocvw.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{899D1206-B170-46C9-93D1-8B79C5109280}\InProcServer32\: “” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\BVHRREAKFONB: “”%SYSDIR%\BVHRREAKFONB\SMSS.EXE” -L” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\UORTTBCSPPTC: “”%SYSDIR%\UORTTBCSPPTC\EXPLORER.EXE” -L” HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL: “EXPLORER.EXE %SYSTEMDRIVE%\F10S\CTFMON.EXE” Detected by UnHackMe: UORTTBCSPPTC.DLL Default location: %SYSDIR%\UORTTBCSPPTC\UORTTBCSPPTC.DLL Dropper hash(md5): fd0e32f838e75933e21394d135346ca5 UnHackMe removes malware invisible for your antivirus! UnHackMe…

Continue reading →