PUA.InstallCore!

malware No Comments

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

PUA.InstallCore! also known as a variant of Win32/InstallCore.FJ, PUP.Optional.InstallCore.A.

Malware Analysis of PUA.InstallCore!

Created files:

%Personal%\Downloads\p90x.exe
%Personal%\Downloads\skype.exe
%Personal%\Downloads\skype_en.exe
%Sendto%\Skype.lnk
%Common Appdata%\Skype\Apps\login\css\login.css

Autostart registry keys:

HKLM\Software\Classes\CLSID\{10DD084E-A5AE-456F-A3BE-DA67EBE6B090}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{15B6FEE5-5FB3-4071-AC1F-7AEDC0E2A6BB}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{1BCA4635-F1FC-44C8-B829-48229AEB32E3}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{222C0F35-3D78-4570-9F6D-BAEE289D0304}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{29DCD339-D184-469B-8BFB-199A2CCF014E}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{2DBCDA9F-1248-400B-A382-A56D71BF7B15}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{2EEAB6D0-491E-4962-BBA1-FF1CCA6D4DD0}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{3506CDB7-8BC6-40C0-B108-CEA0B9480130}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{3D3E7C1B-79A7-4CC7-8925-41FA813E9913}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{3E01D8E0-A72B-4C9F-99BD-8A6E7B97A48D}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{42FE718B-A148-41D6-885B-01A0AFAE8723}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{452CCB69-6A95-4370-9E5A-B3EFB06A7651}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{4B42750B-57A1-47E7-B340-8EAE0E3126A4}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{52071016-E648-4D3B-B57E-2B46CC993CE0}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{5792FC7D-5E1D-4F1A-BD4F-A7A50F92BC6E}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{5E541E71-A474-4EAD-8FCB-24D400D023B7}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{61F8FAF0-82D0-407C-AE97-31441483AE40}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{6AC51E9C-7947-4B46-A978-0AD601C4EFC9}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{6FA10A39-4760-4C94-A210-2398848618EC}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{7ACDC5B4-76A1-4BDF-918D-6962FCABBAD3}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{7B030003-037D-490D-9169-A4F391B3D831}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{830690FC-BF2F-47A6-AC2D-330BCB402664}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{89DD2F9D-C325-48BF-A615-96BD039BBC83}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{9017071A-2E34-4C3A-9BBB-688CBB5A9FF2}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{95028000-A6DE-493B-B253-9E18B19610A2}\InprocServer32\: “%Program Files%\Skype\Updater\Updater.dll”
HKLM\Software\Classes\CLSID\{9D073235-D787-497D-8D1F-929559F1C621}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{A7DF2611-D752-4C9F-A90A-B56F18485EE9}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{A8109DB9-88E0-42FE-98EA-8A12BE5394C6}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{A983C9EC-D73E-4364-B89B-ACD1E405674F}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{B09AC3FF-0D5D-41C6-A34E-7C3F58A3127C}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{B0FE88F0-C92F-46D6-878F-31599BEA944C}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{CC461FC3-C9BE-41FB-8E47-E0115CBC01CC}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{CC957078-B838-47C4-A7CF-626E7A82FC58}\LocalServer32\: “”%Program Files%\Skype\Updater\Updater.exe””
HKLM\Software\Classes\CLSID\{D1C8C854-223A-4716-B670-C21918E8207E}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{D26B1D42-9C42-4E7B-BB73-86384C4B4345}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{DD0E8ED5-1494-4B87-A35C-39F6ED4B1153}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{E1BC9147-C3E3-4E8A-8304-5E6B5C1C0774}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{F278D870-7AF7-4957-96EE-E6AC72D0B109}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{F3188CF3-EF22-4C5B-92CB-605964761C3B}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\InprocServer32\: “C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL”
HKLM\Software\Classes\skype\shell\open\command\: “”%Program Files%\Skype\Phone\Skype.exe” “/uri:%1″”
HKLM\Software\Classes\skype.callto\shell\open\command\: “”C:\PROGRA~1\Skype\Phone\Skype.exe” “/callto:%l””
HKLM\Software\Classes\Skype.Content\shell\open\command\: “”%Program Files%\Skype\Phone\Skype.exe” /file:”%1″”
HKLM\Software\Clients\Internet Call\Skype\Protocols\callto\shell\open\command\: “”C:\PROGRA~1\Skype\Phone\Skype.exe” “/callto:%l””
HKLM\Software\Clients\Internet Call\Skype\shell\open\command\: “”C:\PROGRA~1\Skype\Phone\Skype.exe” “/callto:%l””
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E7FF67E4ABEA78C47B88DC745E24B5D9\InstallProperties\UninstallString: “MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E7FF67E4ABEA78C47B88DC745E24B5D9\InstallProperties\DisplayName: “Skype

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

4
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

Tatva WordPress theme by IdeaBox

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera