Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.
UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
(5 / 5)
BehavesLike.Win32.Autorun.tc also known as Trojan.Generic.13115040, Suspicious_GEN.F47V0403.
Malware Analysis of BehavesLike.Win32.Autorun.tc – EYEWSGUARD_345.EXE
Created files:
%Temp%\7.tmp
%Temp%\adb.log
%Temp%\eyeWSGuard_345.exe
%Temp%\is-39H9S.tmp\setup_sc150015.tmp
%Temp%\is-UBVKH.tmp\botva2.dll
Autostart registry keys:
HKLM\Software\Classes\CLSID\{09571A4B-F1FE-4C60-9760-DE6D310C7C31}\InprocServer32\: “%Program Files%\kuwo\kuwomusic\bin\CoreAVC0.ax”
HKLM\Software\Classes\CLSID\{345CAA15-4F12-4A28-AFE9-383625563A83}\InprocServer32\: “%Program Files%\kuwo\kuwomusic\bin\CoreAVC0.ax”
HKLM\Software\Classes\CLSID\{40D1050C-16B1-445B-80CE-5E172A92A851}\InprocServer32\: “%Program Files%\kuwo\kuwomusic\bin\Kuwo.QuickLaunch.dll”
HKLM\Software\Classes\CLSID\{F23B1F18-CB1A-47ED-A1FE-B60494A626D0}\InprocServer32\: “%Program Files%\kuwo\kuwomusic\bin\CoreAVC0.ax”
HKLM\Software\Classes\kuwo\Shell\open\command\: “”%Program Files%\kuwo\kuwomusic\KwMusic.exe” “%1″”
HKLM\Software\Classes\kwfile_AAC\shell\open\command\: “”%Program Files%\kuwo\kuwomusic\KwMusic.exe” “%1″”
HKLM\Software\Classes\kwfile_dks\shell\open\command\: “”%Program Files%\kuwo\kuwomusic\KwMusic.exe” “%1″”
HKLM\Software\Classes\kwfile_lrc\shell\open\command\: “”%Program Files%\kuwo\kuwomusic\KwMusic.exe” “%1″”
HKLM\Software\Classes\kwfile_lrcx\shell\open\command\: “”%Program Files%\kuwo\kuwomusic\KwMusic.exe” “%1″”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MySoftware: “%WinDir%\tanchishe.exe auto”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kwmusic: “”%Program Files%\kuwo\kuwomusic\Kwmusic.exe” /autorun”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\xckzx: “%Appdata%\xckzx\xckzx.exe /start”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SimnyNews: “%Appdata%\SimnyNews\SimnyNews.exe /ZiqiD”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\aidian\DisplayName: “aidian 1”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\aidian\UninstallString: “%Program Files%\aidian\uninst.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KwMusic7\UninstallString: “%Program Files%\kuwo\kuwomusic\uninstall.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KwMusic7\DisplayName: “?aIOOoAO 2014”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\mile: “%Program Files%\mile\mile.exe autostart”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\pseerun: “%Program Files%\SeCaiKanKan\PSeeSpeed.exe apprun”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\EyeAnti345181742: “”%Appdata%\GreenEye\1.3.0.1305\GreenEye.exe” /deamon”
HKLM\Software\Classes\CLSID\{82d353df-90bd-4382-8bc2-3f6192b76e34}\InprocServer32\: “%SysDir%\wmvdecod.dll”
Detected by UnHackMe:
EYEWSGUARD_345.EXE
Default location: %TEMP%\EYEWSGUARD_345.EXE
Dropper hash(md5): 8b7cda3b3036bcb243feaf210095c6ff
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.