Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.
UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
(5 / 5)
PUP.Optional.SoundPlusPro also known as HEUR:Trojan.Win32.Generic, PE:Malware.Generic/QRS!1.9E2D [F], HEUR/QVM03.0.Malware.Gen.
Malware Analysis of PUP.Optional.SoundPlusPro – WIZZUPDATER.EXE
Created files:
%Local Appdata%\Amigo\User Data\Safe Browsing UwS List
%Local Appdata%\Amigo\User Data\Safe Browsing UwS List Prefix Set
%Local Appdata%\gmsd_ru_006010228\Download\wizzupdater.exe
%Local Appdata%\gmsd_ru_006010228\gmsd_ru_006010228\1.10\cnf.cyl
%Local Appdata%\gmsd_ru_006010228\gmsd_ru_006010228\1.10\eorezo.cyl
Autostart registry keys:
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\: “%Program Files%\7-Zip\7-zip.dll”
HKLM\Software\Classes\AmigoHTML.NARYC4MAR452DWMECJZECYNNAA\shell\open\command\: “”%Local Appdata%\Amigo\Application\amigo.exe” — “%1″”
HKLM\Software\Clients\StartMenuInternet\amigo.exe\shell\open\command\: “”%Local Appdata%\Amigo\Application\amigo.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\gmsd_ru_006010228: “”%Program Files%\gmsd_ru_006010228\gmsd_ru_006010228.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\upgmsd_ru_006010228.exe: “%Local Appdata%\gmsd_ru_006010228\upgmsd_ru_006010228.exe -runhelper”
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\network_inmedia_1: “”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName: “7-Zip 9.20”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\UninstallString: “”%Program Files%\7-Zip\Uninstall.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_ru_006010228_is1\DisplayName: “GamesDesktop 033.006010228”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_ru_006010228_is1\UninstallString: “”%Program Files%\gmsd_ru_006010228\unins000.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Uninstall sto\UninstallString: “”%Program Files%\SearchesToYesbnd\unIns.exe” /cf={A16B1AF7-982D-40C3-B5C1-633E1A6A6678}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Uninstall sto\DisplayName: “yessearches Uninstall”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}\DisplayName: “Setup”
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_ru_006010228_is1\UninstallString: “”%Program Files%\gmsd_ru_006010228\gmsd_ru_006010228 – uninstall.exe””
HKLM\System\CurrentControlSet\Services\ggbugreport\ImagePath: “”%Program Files%\SearchesToYesbnd\bugreport.exe” {154DFF63-3402-4815-941A-AAD63AE8B428}”
HKLM\System\CurrentControlSet\Services\ggbugreport\DisplayName: “ggbugreport”
HKLM\System\CurrentControlSet\Services\Updater.Mail.Ru\ImagePath: “%Program Files%\Mail.Ru\MailRuUpdater\MailRuUpdater.exe –s”
HKLM\System\CurrentControlSet\Services\Updater.Mail.Ru\DisplayName: “Updater.Mail.Ru”
HKLM\System\CurrentControlSet\Services\Winsere\ImagePath: “”%Program Files%\Winsere\Winsere\Winsere.exe” {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678}”
HKLM\System\CurrentControlSet\Services\Winsere\DisplayName: “Winsere”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\amigo: “%Local Appdata%\Amigo\Application\amigo.exe –no-startup-window”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MailRuUpdater: “%Local Appdata%\Mail.Ru\MailRuUpdater.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer\UninstallString: “%Local Appdata%\Unity\WebPlayer\Uninstall.exe /CurrentUser”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer\DisplayName: “Unity Web Player”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater\UninstallString: “%Local Appdata%\Mail.Ru\MailRuUpdater.exe uninstall”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo\UninstallString: “”%Local Appdata%\Amigo\Application\44.4.2403.3\Installer\setup.exe” –uninstall”
HKCU\Software\Amigo\UninstallString: “%Local Appdata%\Amigo\Application\44.4.2403.3\Installer\setup.exe”
Detected by UnHackMe:
WIZZUPDATER.EXE
Default location: %LOCAL APPDATA%\GMSD_RU_006010228\DOWNLOAD\WIZZUPDATER.EXE
Dropper hash(md5): f375353f47113765a519ad499c17b5f7
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.