malicious_confidence_83% (D)

malware No Comments

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

malicious_confidence_83% (D) also known as W32.HfsAdware.4B8A.

Malware Analysis of malicious_confidence_83% (D) – GGCHAT.EXE

Created files:

%Program Files%\GuaGua\GuaGua\FnncRoomUI.ocx
%Program Files%\GuaGua\GuaGua\gdiplus.dll
%Program Files%\GuaGua\GuaGua\GGChat.exe
%Program Files%\GuaGua\GuaGua\GGOle.dll
%Program Files%\GuaGua\GuaGua\IconToolTip.exe

Autostart registry keys:

HKLM\SOFTWARE\CLASSES\CLSID\{2ABA835A-91F2-4CD0-9B49-BD9472D816D3}\INPROCSERVER32\: “%SYSTEMDRIVE%\PROGRA~1\GUAGUA\GUAGUA\CHATRO~1.OCX”
HKLM\SOFTWARE\CLASSES\CLSID\{4CA44207-7A87-41B6-8EAE-8EAE0AEB9BFB}\INPROCSERVER32\: “%SYSTEMDRIVE%\PROGRA~1\GUAGUA\GUAGUA\FNNCRO~1.OCX”
HKLM\SOFTWARE\CLASSES\CLSID\{DBB1188D-ED03-4922-9FD0-DD7BB1F0A838}\INPROCSERVER32\: “%SYSTEMDRIVE%\PROGRA~1\GUAGUA\GUAGUA\FNNCRO~1.OCX”
HKLM\SOFTWARE\CLASSES\CLSID\{DC14C3A8-5EFA-47F9-B578-E00AF30098FD}\INPROCSERVER32\: “%SYSTEMDRIVE%\PROGRA~1\GUAGUA\GUAGUA\PLAYER\PLAYER~1.OCX”
HKLM\SOFTWARE\CLASSES\CLSID\{F1B937E4-CB1F-420B-9B71-04C95702531D}\INPROCSERVER32\: “%SYSTEMDRIVE%\PROGRA~1\GUAGUA\GUAGUA\PLAYER\PLAYER~1.OCX”
HKLM\Software\Classes\caijingroom\shell\open\command\: “”%Program Files%\GuaGua\GuaGua\ChatHall.exe” %1″
HKLM\Software\Classes\guaguaclub\shell\open\command\: “”%Program Files%\GuaGua\GuaGua\ChatHall.exe” %1″
HKLM\Software\Classes\guaguaplayer\shell\open\command\: “”%Program Files%\GuaGua\GuaGua\Player\GGPlayer.exe” %1″
HKLM\Software\Classes\guaguaroom\shell\open\command\: “”%Program Files%\GuaGua\GuaGua\ChatHall.exe” %1″

Detected by UnHackMe:

GGCHAT.EXE
Default location: %PROGRAM FILES%\GUAGUA\GUAGUA\GGCHAT.EXE

Dropper hash(md5): 9617dc9f3dafe714677cfbc310cb1e09

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

1
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

Tatva WordPress theme by IdeaBox

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera