Trojan.Win32.Generic.deaipi

Trojan No Comments

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

Trojan.Win32.Generic.deaipi also known as a variant of Win32/SweetIM.L, Sweetpacks/SweetIM (fs), Sweetpacks/SweetIM (fs).

Malware Analysis of Trojan.Win32.Generic.deaipi – MGLOGGER.DLL

Created files:

%Program Files%\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
%Program Files%\SweetIM\Toolbars\Internet Explorer\mghooking.dll
%Program Files%\SweetIM\Toolbars\Internet Explorer\mglogger.dll
%Program Files%\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
%Program Files%\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

Autostart registry keys:

HKLM\Software\Classes\CLSID\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}\InprocServer32\: “%Program Files%\Updater By SweetPacks\Extension32.dll”
HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\InprocServer32\: “%Program Files%\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll”
HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\InprocServer32\: “%Program Files%\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll”
HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\InprocServer32\: “%Program Files%\SweetIM\Toolbars\Internet Explorer\mgHelper.dll”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9\InstallProperties\UninstallString: “MsiExec.exe /X{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9\InstallProperties\DisplayName: “Internet Explorer Toolbar 4.9 by SweetPacks”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1\DisplayName: “Updater By SweetPacks 2.0.0.608”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1\UninstallString: “”%Program Files%\Updater By SweetPacks\unins000.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}\UninstallString: “MsiExec.exe /X{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}\DisplayName: “Internet Explorer Toolbar 4.9 by SweetPacks”
HKLM\System\CurrentControlSet\Services\Updater By SweetPacks\ImagePath: “%Program Files%\Updater By SweetPacks\ExtensionUpdaterService.exe”
HKLM\System\CurrentControlSet\Services\Updater By SweetPacks\DisplayName: “Updater By SweetPacks”

Detected by UnHackMe:

MGLOGGER.DLL
Default location: %PROGRAM FILES%\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGLOGGER.DLL

Dropper hash(md5): 4a29443900c8f242e517a2a51b79ac33

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

4
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

Tatva WordPress theme by IdeaBox

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera