Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

Alex NightWatcher: Solved! (5 / 5)

Malware Analysis of TROJ_GEN.F47V0325

Created files:

%Common Startmenu%\Programs\PDFCreator\Translation Tool.lnk
%Program Files%\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml
%Program Files%\GamesRS\GUpdater.exe
%Program Files%\GamesRS\msvcp100.dll
%Program Files%\GamesRS\msvcr100.dll

Autostart registry keys:

HKLM\Software\Classes\sdp\shell\open\command\: “”%Local Appdata%\FilesFrog Update Checker\update_checker.exe” /protocol %1″
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{d82e4a1b-8ba4-4c85-895c-05e6d3e49e2e}\DisplayName: “Search Protect Search”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1place.org Games_is1\DisplayName: “1place.org Games version 1.4”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1place.org Games_is1\UninstallString: “”%Local Appdata%\1place.org Games\unins000.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BaseFlash\DisplayName: “BaseFlash”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BaseFlash\UninstallString: “%Appdata%\BaseFlash\uninstallkit.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker\DisplayName: “FilesFrog Update Checker”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker\UninstallString: “%Local Appdata%\FilesFrog Update Checker\uninstall.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer\DisplayName: “SpeedUpMyComputer”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer\UninstallString: “%Program Files%\SmartTweak\SpeedUpMyComputer\uninst.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage\DisplayName: “VO Package”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage\UninstallString: “”%Appdata%\VOPackage\uninstall.exe””
HKLM\System\CurrentControlSet\Services\GamesRS\ImagePath: “%Program Files%\GamesRS\GUpdater.exe”
HKLM\System\CurrentControlSet\Services\GamesRS\DisplayName: “GamesRS”
HKLM\System\CurrentControlSet\Services\srvProtectExtension\ImagePath: “%Appdata%\BaseFlash\protect\ProtectExtension.exe”
HKLM\System\CurrentControlSet\Services\srvProtectExtension\DisplayName: “Protect your browser’s extensions and plugins”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d82e4a1b-8ba4-4c85-895c-05e6d3e49e2e}\DisplayName: “Search Protect Search”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SDP: “%Local Appdata%\FilesFrog Update Checker\update_checker.exe /auto ”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SpeedUpMyComputer: “%Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as”

Detected by UnHackMe:

GUPDATER.EXE
Default location: %PROGRAM FILES%\GAMESRS\GUPDATER.EXE

Dropper hash(md5): 4def86e1354d17a8d0f8fb4684416857

Written by NightWatcher

Malware Hunter.
Google+

UnHackMe removes malware invisible for your antivirus!

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.