Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.
UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
(5 / 5)
a variant of Win32/ELEX.Y potentially unwanted also known as Gen:Variant.Application.Graftor.184919, Trojan.Win32.Generic!BT, PUA_ProtManager.
Malware Analysis of a variant of Win32/ELEX.Y potentially unwanted – WPM_V20.0.0.2227.EXE
Created files:
%Temp%\tmp-RunningMan\tmp\ClearnC.exe
%Temp%\tmp-RunningMan\tmp\RegWrite.exe
%Temp%\tmp-RunningMan\tmp\wpm_v20.0.0.2227.exe
%Temp%\tmp-RunningMan\tmp\XTab_Setup2253.exe
%Temp%\tmp-RunningMan\uninstallDlg2.xml
Autostart registry keys:
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\shell\Play\command\: “”%Program Files%\MixVideoPlayer\MixVideoPlayer.exe” /m “%1″”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\SupportedTypes\.mp3: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\SupportedTypes\.aac: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\SupportedTypes\.wav: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\SupportedTypes\.aif: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\SupportedTypes\.wma: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\SupportedTypes\.mp4: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\SupportedTypes\.avi: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\SupportedTypes\.mpg: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\SupportedTypes\.mpeg: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\SupportedTypes\.3gp: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\SupportedTypes\.mov: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\SupportedTypes\.wmv: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\SupportedTypes\.divx: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\SupportedTypes\.mkv: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\SupportedTypes\.flv: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\: “”
HKLM\Software\Classes\Applications\MixVideoPlayer.exe\FriendlyAppName: “MixVideoPlayer”
HKLM\Software\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InprocServer32\: “%Program Files%\XTab\SupTab.dll”
HKLM\Software\Classes\CLSID\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}\InprocServer32\: “%Program Files%\WebProtector\WebProtector.dll”
HKLM\Software\Classes\driverscanner\shell\open\command\: “”%Program Files%\Uniblue\DriverScanner\driverscanner.exe” –serial=”%1″”
HKLM\Software\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko\update_url: “http://clients2.google.com/service/update2/crx”
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “istartsurf”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\gmsd_ru_229: “”%Program Files%\gmsd_ru_229\gmsd_ru_229.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\upgmsd_ru_229.exe: “%Local Appdata%\gmsd_ru_229\upgmsd_ru_229.exe -runhelper”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Web Protector Plus Agent: “”%Program Files%\WebProtectorPlus\WebProtectorPlus.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_ru_229_is1\DisplayName: “GamesDesktop 033.229”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_ru_229_is1\UninstallString: “”%Program Files%\gmsd_ru_229\unins000.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall\DisplayName: “istartsurf uninstall”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall\UninstallString: “%Appdata%\istartsurf\UninstallManager.exe -ptid=tugs”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdateWPP\DisplayName: “LiveUpdateWPP”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdateWPP\UninstallString: “”%Program Files%\LiveUpdateWPP\LiveUpdateWPP_uninstaller.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayerVid2.4\DisplayName: “MediaPlayerVid2.4”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayerVid2.4\UninstallString: “%Program Files%\MediaPlayerVid2.4\Uninstall.exe /fcp=1 ”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer\DisplayName: “MixVideoPlayer”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer\UninstallString: “%Program Files%\MixVideoPlayer\uninstall.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre\DisplayName: “MyPC Backup ”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre\UninstallString: “%Program Files%\OLBPre\uninst.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1\DisplayName: “Super Optimizer v3.2”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1\UninstallString: “”%Program Files%\Super Optimizer\unins000.exe” /VERYSILENT”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WebProtector\DisplayName: “Web Protector IE”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WebProtector\UninstallString: “%Program Files%\WebProtector\webprotector_uninstaller.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WebProtectorPlus\DisplayName: “Web Protector Plus (uninstall only)”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WebProtectorPlus\UninstallString: “”%Program Files%\WebProtectorPlus\uninstall.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1\DisplayName: “DriverScanner”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1\UninstallString: “”%Program Files%\Uniblue\DriverScanner\unins000.exe””
HKLM\System\CurrentControlSet\Services\22134214\ImagePath: “”%SysDir%\rundll32.exe” “c:\Program Files\Super Optimizer\SupOptStats.dll”,ENT”
HKLM\System\CurrentControlSet\Services\22134214\DisplayName: “SuperOptimizer Stats”
HKLM\System\CurrentControlSet\Services\IHProtect Service\ImagePath: “%Program Files%\XTab\ProtectService.exe”
HKLM\System\CurrentControlSet\Services\IHProtect Service\DisplayName: “IHProtect Service”
HKLM\System\CurrentControlSet\Services\LiveUpdateWPP Manager\ImagePath: “%Program Files%\LiveUpdateWPP\LiveUpdateWPP.exe”
HKLM\System\CurrentControlSet\Services\LiveUpdateWPP Manager\DisplayName: “LiveUpdateWPP Manager”
HKLM\System\CurrentControlSet\Services\MixVideoPlayerUpdaterService\ImagePath: “”%Program Files%\MixVideoPlayer\MixVideoPlayerUpdaterService.exe””
HKLM\System\CurrentControlSet\Services\MixVideoPlayerUpdaterService\DisplayName: “MixVideoPlayer Updater Service”
HKCU\Software\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko\update_url: “http://clients2.google.com/service/update2/crx”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}\DisplayName: “e”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “istartsurf”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}\DisplayName: “Google”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Super Optimizer: “%Program Files%\Super Optimizer\SupOptLauncher.exe”
HKCU\Software\Super Optimizer\DisplayName: “Super Optimizer”
HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\: “”%Program Files%\Mozilla Firefox\firefox.exe” http://www.istartsurf.com/?type=sc&ts=1430548529&from=tugs&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command\: “”%Program Files%\Google\Chrome\Application\chrome.exe” http://www.istartsurf.com/?type=sc&ts=1430548529&from=tugs&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\: “%Program Files%\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1430548529&from=tugs&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001”
HKLM\Software\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command\: “”%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe” http://www.istartsurf.com/?type=sc&ts=1430548529&from=tugs&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName: “Bing”
Detected by UnHackMe:
WPM_V20.0.0.2227.EXE
Default location: %TEMP%\TMP-RUNNINGMAN\TMP\WPM_V20.0.0.2227.EXE
Dropper hash(md5): ad76a0da89eb14e23e974cf0ed10c83a
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.