Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
W32/Trojan.GIZN-0139 also known as Adware.Mutabaha.907.
Malware Analysis of W32/Trojan.GIZN-0139 – NPITOOLS.DLL
Created files:
%Program Files%\iTools 3\Extensions\iToolsBHO.dll
%Program Files%\iTools 3\Extensions\iToolsBHO64.dll
%Program Files%\iTools 3\Extensions\npiTools.dll
%Program Files%\iTools 3\FileExplorer.dll
%Program Files%\iTools 3\GiCloud.dll
Autostart registry keys:
HKLM\Software\Classes\CLSID\{12E6A993-AE52-4F99-8B89-41F985E6C952}\InprocServer32\: “%Program Files Common%\Apple\Mobile Device Support\OutlookChangeNotifierAddIn.dll”
HKLM\Software\Classes\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\LocalServer32\: “”%Program Files Common%\Apple\Apple Application Support\APSDaemon.exe””
HKLM\Software\Classes\CLSID\{CE6AF8E5-3A75-4AF5-BD59-C42E7228B4F4}\LocalServer32\: “%Program Files Common%\Apple\Apple Application Support\secd.exe”
HKLM\Software\Classes\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\LocalServer32\: “”%Program Files Common%\Apple\Apple Application Support\APSDaemon.exe””
HKLM\Software\Classes\CLSID\{E1499FE7-129D-4B6E-B681-DDF21E14172C}\InprocServer32\: “%Program Files%\iTools 3\Extensions\iToolsBHO.dll”
HKLM\Software\Classes\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\LocalServer32\: “”%Program Files Common%\Apple\Apple Application Support\APSDaemon.exe””
HKLM\Software\Classes\itsp\shell\open\command\: “%Program Files%\iTools 3\Extensions\..\iAppInst.exe /open “%1″”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6A9A0A510FC6EEE4E82190B6339FC27A\InstallProperties\UninstallString: “MsiExec.exe /I{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6A9A0A510FC6EEE4E82190B6339FC27A\InstallProperties\DisplayName: “Apple Mobile Device Support”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AAF2C5EFD81190545BD1F317CCE9B1E3\InstallProperties\UninstallString: “MsiExec.exe /I{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AAF2C5EFD81190545BD1F317CCE9B1E3\InstallProperties\DisplayName: “Apple Application Support (32-bit)”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iTools 3\DisplayName: “iTools 3 V3.3.4.2”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iTools 3\UninstallString: “%Program Files%\iTools 3\uninst.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}\UninstallString: “MsiExec.exe /I{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}\DisplayName: “Apple Mobile Device Support”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}\UninstallString: “MsiExec.exe /I{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}\DisplayName: “Apple Application Support (32-bit)”
HKLM\System\CurrentControlSet\services\Apple Mobile Device\ImagePath: “”%Program Files Common%\Apple\Mobile Device Support\AppleMobileDeviceService.exe””
HKLM\System\CurrentControlSet\services\Apple Mobile Device\DisplayName: “Apple Mobile Device”
Detected by UnHackMe:
NPITOOLS.DLL
Default location: %PROGRAM FILES%\ITOOLS 3\EXTENSIONS\NPITOOLS.DLL
Dropper hash(md5): 12278a18fd2130be170afb8062603716
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.