Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
Trojan.Win32.Generic.deaipi also known as a variant of Win32/SweetIM.L, Sweetpacks/SweetIM (fs), Sweetpacks/SweetIM (fs).
Malware Analysis of Trojan.Win32.Generic.deaipi – MGLOGGER.DLL
Created files:
%Program Files%\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
%Program Files%\SweetIM\Toolbars\Internet Explorer\mghooking.dll
%Program Files%\SweetIM\Toolbars\Internet Explorer\mglogger.dll
%Program Files%\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
%Program Files%\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Autostart registry keys:
HKLM\Software\Classes\CLSID\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}\InprocServer32\: “%Program Files%\Updater By SweetPacks\Extension32.dll”
HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\InprocServer32\: “%Program Files%\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll”
HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\InprocServer32\: “%Program Files%\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll”
HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\InprocServer32\: “%Program Files%\SweetIM\Toolbars\Internet Explorer\mgHelper.dll”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9\InstallProperties\UninstallString: “MsiExec.exe /X{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9\InstallProperties\DisplayName: “Internet Explorer Toolbar 4.9 by SweetPacks”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1\DisplayName: “Updater By SweetPacks 2.0.0.608”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1\UninstallString: “”%Program Files%\Updater By SweetPacks\unins000.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}\UninstallString: “MsiExec.exe /X{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}\DisplayName: “Internet Explorer Toolbar 4.9 by SweetPacks”
HKLM\System\CurrentControlSet\Services\Updater By SweetPacks\ImagePath: “%Program Files%\Updater By SweetPacks\ExtensionUpdaterService.exe”
HKLM\System\CurrentControlSet\Services\Updater By SweetPacks\DisplayName: “Updater By SweetPacks”
Detected by UnHackMe:
MGLOGGER.DLL
Default location: %PROGRAM FILES%\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGLOGGER.DLL
Dropper hash(md5): 4a29443900c8f242e517a2a51b79ac33
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.