Item: Artemis!B3CE0FDFDCA9Malwarefixit
Rating: 5
Author: Alex

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

Alex NightWatcher: Solved! (5 / 5)

Artemis!B3CE0FDFDCA9 also known as Trojan.Adware.Graftor.D3201B, PE:Trojan.Win32.Generic.18DBCFEB!417058795, Gen:Variant.Adware.Graftor.

Malware Analysis of Artemis!B3CE0FDFDCA9 – APPENDEDIT.XYZ.EXE

Created files:

%Temp%\D340\temp\7C42E0A6FE09AF9F5EDF1AF93E09DCA5.exe
%Temp%\D340\temp\AppendEdit.xyz
%Temp%\D340\temp\AppendEdit.xyz.exe
%Temp%\D340\temp\bg.ca
%Temp%\D340\temp\task(2).ini

Autostart registry keys:

HKLM\Software\Classes\CLSID\{5E8D8639-8670-4B53-8DDB-25F941013CCF}\InprocServer32\: “%Program Files%\CutThePrice\AGGTBmXYibS7ZT.dll”
HKLM\Software\Classes\CLSID\{DB078ED6-8972-4DE1-A995-04EBB30ECB03}\InprocServer32\: “%Program Files%\bestadblocker\Ps9q7f08xTmheE.dll”
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “mystartsearch”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{c5ce621e}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\INCLUD~1\INCLUD~1.DLL”,_uninstall /un”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{c5ce621e}\DisplayName: “AppendEdit”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\DisplayName: “bestadblocker”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\UninstallString: “”%Program Files%\bestadblocker\Ps9q7f08xTmheE.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}\DisplayName: “CutThePrice”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}\UninstallString: “”%Program Files%\CutThePrice\AGGTBmXYibS7ZT.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}\DisplayName: “skyZIP Proxy”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}\UninstallString: “”%Program Files%\skyZIP Proxy\skyZIP Proxy.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “””
HKLM\System\CurrentControlSet\Services\c5ce621e\ImagePath: “”%SysDir%\rundll32.exe” “c:\Program Files\IncludeFunc\IncludeFunc.dll”,serv”
HKLM\System\CurrentControlSet\Services\c5ce621e\DisplayName: “IncludeFunc”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “mystartsearch”
HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\: “”%Program Files%\Mozilla Firefox\firefox.exe” http://www.mystartsearch.com/?type=sc&ts=1437329702&z=c22db4ea0ee69568903a5cag3z0c8m0cco5taqamco&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command\: “”%Program Files%\Google\Chrome\Application\chrome.exe” http://www.mystartsearch.com/?type=sc&ts=1437329702&z=c22db4ea0ee69568903a5cag3z0c8m0cco5taqamco&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\: “%Program Files%\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1437329702&z=c22db4ea0ee69568903a5cag3z0c8m0cco5taqamco&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001”
HKLM\Software\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command\: “”%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe” http://www.mystartsearch.com/?type=sc&ts=1437329702&z=c22db4ea0ee69568903a5cag3z0c8m0cco5taqamco&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″

Detected by UnHackMe:

APPENDEDIT.XYZ.EXE
Default location: %TEMP%\D340\TEMP\APPENDEDIT.XYZ.EXE

Dropper hash(md5): 7c42e0a6fe09af9f5edf1af93e09dca5

Written by NightWatcher

Malware Hunter.
Google+

UnHackMe removes malware invisible for your antivirus!

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.