Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
Trojan.GenericKDV.1049007 also known as Trojan.Win32.Generic, Trojan.Annoy.135, Generic PUA CM.
Malware Analysis of Trojan.GenericKDV.1049007
Created files:
%WinDir%\NHE\desknav\desk.ico
%WinDir%\NHE\desknav\ieconfig.ini
%WinDir%\NHE\desknav\nav.exe
%WinDir%\NHE\desknav\nav.txt
%WinDir%\NHE\desknav\qwerw.exe
Autostart registry keys:
HKLM\Software\Classes\CLSID\{9A4DDA61-1D3A-49B7-9849-DAC6CD30A393}\InprocServer32\: “%WinDir%\NHE\ads\urlnav.dll”
HKLM\System\CurrentControlSet\Services\WebNdis\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\System\CurrentControlSet\Services\WebNdis\Type: 0x00000001
HKLM\System\CurrentControlSet\Services\WebNdis\Start: 0x00000003
HKLM\System\CurrentControlSet\Services\WebNdis\ErrorControl: 0x00000001
HKLM\System\CurrentControlSet\Services\WebNdis\ImagePath: “\??\%SysDir%\drivers\WebNdis.sys”
HKLM\System\CurrentControlSet\Services\WebNdis\DisplayName: “WebNdis”
Detected by UnHackMe:
NAV.EXE
Default location: %WinDir%\NHE\DESKNAV\NAV.EXE
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.