Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

Alex NightWatcher: Solved! (5 / 5)

Generic3.ZD also known as Trojan.Stpage.Y, W32/FaceCool.F, W32/Trojan.XRD.

Malware Analysis of Generic3.ZD – EZ.EXE

Created files:

%Profile%\Local Settings\DNALSI_AKGNAB.exe
%Profile%\Local Settings\DNALSI_AKGNAB.exe.mutant
%Profile%\Local Settings\ez.exe
%Profile%\Local Settings\Mr_CF_Mutation.Excalibur
%Personal%\Mutation.htm

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\lsl: 79 71 68 2E 65 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 00 6C 73 6C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 67 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6D 72 76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 7B 6A 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Alumni_Smoensa_Pangkalpinang: 4D 72 5F 43 6F 6F 6C 46 61 63 65 00 42 69 6C 6C 69 6E 65 74 20 43 6C 69 65 6E 74 20 4C 6F 67 69 6E 00 00 00 49 72 65 6E 74 69 61 43 6C 69 65 6E 74 00 00 00 49 6E 64 6F 42 69 6C 6C 69 6E 67 43 6C 69 65 6E 74 00 00 00 43 6C 69 65 6E 74 30 31 30 00 00 00 43 6C 69 65 6E 74 30 30 38 00 00 00 50 72 6F
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\My_Old_Class: 33 49 50 41 32 2E 70 69 66 00 00 00 41 6C 75 6D 6E 69 5F 53 6D 6F 65 6E 73 61 5F 50 61 6E 67 6B 61 6C 70 69 6E 61 6E 67 00 00 00 00 5C 33 49 50 41 32 2E 70 69 66 00 00 55 73 65 72 69 6E 69 74 00 00 00 00 5C 75 73 65 72 69 6E 69 74 2E 65 78 65 2C 20 00 73 68 65 6C 6C 5C 41 75 74 6F 5C 63 6F 6D 6D
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ez.exe: 43 3A 5C 44 6F 63 75 6D 65 6E 74 73 20 61 6E 64 20 53 65 74 74 69 6E 67 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 4C 6F 63 61 6C 20 53 65 74 74 69 6E 67 73 5C 65 7A 2E 65 78 65 00 00 00 00 88 79 7F 5A 00 00 00 00 10 00 00 5C 00 00 00 0F 00 00 00 88 07 41 00 00 00 00 00 00 00 14 00 00 00 00
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: 65 78 70 6C 6F 72 65 72 2E 65 78 65 20 22 43 3A 5C 65 78 70 6C 6F 72 65 72 2E 65 78 65 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “%SysDir%\userinit.exe, C:\explorer.exe”
HKCU\Control Panel\Desktop\SCRNSAVE.EXE: 4D 52 5F 43 4F 4F 7E 31 2E 53 43 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Detected by UnHackMe:

EZ.EXE
Default location: %PROFILE%\LOCAL SETTINGS\EZ.EXE

Dropper hash(md5): 2abe1376497326eda9b043c4ebf4bf1f

Written by NightWatcher

Malware Hunter.
Google+

UnHackMe removes malware invisible for your antivirus!

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.