Generic_r.DJR

malware No Comments

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

Generic_r.DJR also known as WS.Reputation.1, Gen:Variant.Kazy.320552.

Malware Analysis of Generic_r.DJR

Created files:

%Temp%\__tmp_3c23ef57
%Common Appdata%\KeepnBrowse\KeepnBrowse.dll
%Common Appdata%\KeepnBrowse\KeepnBrowseSvc.dll

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{615eb58f}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\DOCUME~1\ALLUSE~1\APPLIC~1\KEEPNB~1\KEEPNB~1.DLL”,_uninstall /un”
HKLM\System\CurrentControlSet\Services\615eb58f\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\System\CurrentControlSet\Services\615eb58f\Type: 0x00000010
HKLM\System\CurrentControlSet\Services\615eb58f\Start: 0x00000002
HKLM\System\CurrentControlSet\Services\615eb58f\ErrorControl: 0x00000000
HKLM\System\CurrentControlSet\Services\615eb58f\ImagePath: “”%SysDir%\rundll32.exe” “c:\docume~1\alluse~1\applic~1\keepnb~1\KeepnBrowseSvc.dll”,service”
HKLM\System\CurrentControlSet\Services\615eb58f\DisplayName: “KeepnBrowse”
HKLM\System\CurrentControlSet\Services\615eb58f\ObjectName: “LocalSystem”
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\docume~1\alluse~1\applic~1\keepnb~1\keepnb~1.dll”

Detected by UnHackMe:

KEEPNBROWSE.DLL
Default location: %COMMON APPDATA%\KEEPNBROWSE\KEEPNBROWSE.DLL

Dropper hash(md5): ea55d61fbc0f20cc7a080945e4a5331c

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

1
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera