Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

Alex NightWatcher: Solved! (5 / 5)

Win32.Trojan.Falsesign.Ljka also known as Win32:Mindspark-A [PUP], Adware.Toolbar.Win32.958.

Malware Analysis of Win32.Trojan.Falsesign.Ljka – BFFEEDMG.DLL

Created files:

%Program Files%\SnapMyScreen_bf\bar\1.bin\bfdlghk.dll
%Program Files%\SnapMyScreen_bf\bar\1.bin\bfdlghk64.dll
%Program Files%\SnapMyScreen_bf\bar\1.bin\bffeedmg.dll
%Program Files%\SnapMyScreen_bf\bar\1.bin\bfhighin.exe
%Program Files%\SnapMyScreen_bf\bar\1.bin\bfhtmlmu.dll

Autostart registry keys:

HKLM\Software\Classes\CLSID\{2bd24259-5294-4e0d-8469-27ce1158c272}\InprocServer32\: “%Program Files%\SnapMyScreen_bf\bar\1.bin\bfSrcAs.dll”
HKLM\Software\Classes\CLSID\{3e991f5f-77b8-4e48-ba4e-7ba426ffb036}\InprocServer32\: “C:\PROGRA~1\SNAPMY~1\bar\1.bin\bfbar.dll”
HKLM\Software\Classes\CLSID\{56c33cec-cd9d-4656-8900-379b4bfe3190}\InprocServer32\: “%Program Files%\SnapMyScreen_bf\bar\1.bin\bfskin.dll”
HKLM\Software\Classes\CLSID\{6c7b31f7-a830-4c86-a7a1-b2e1b1253547}\InprocServer32\: “%Program Files%\SnapMyScreen_bf\bar\1.bin\T8HTML.DLL”
HKLM\Software\Classes\CLSID\{8032b822-5453-479b-ae28-47d2b62de44d}\InprocServer32\: “%Program Files%\SnapMyScreen_bf\bar\1.bin\bfskin.dll”
HKLM\Software\Classes\CLSID\{82c80e87-9daa-4b04-8455-aac9ea10f2b0}\InprocServer32\: “%Program Files%\SnapMyScreen_bf\bar\1.bin\bffeedmg.dll”
HKLM\Software\Classes\CLSID\{9646c642-4bbc-49b9-b332-f1073541e3e1}\InprocServer32\: “%Program Files%\SnapMyScreen_bf\bar\1.bin\bfskin.dll”
HKLM\Software\Classes\CLSID\{a7567cad-49ed-4aed-94a8-4dcc24895222}\InprocServer32\: “%Program Files%\SnapMyScreen_bf\bar\1.bin\bfmlbtn.dll”
HKLM\Software\Classes\CLSID\{aec668ad-ff7e-46b9-b11f-4a6b297e4cd2}\InprocServer32\: “%Program Files%\SnapMyScreen_bf\bar\1.bin\bfdatact.dll”
HKLM\Software\Classes\CLSID\{b8d6859e-e323-412c-89ff-9b05d262749a}\InprocServer32\: “%Program Files%\SnapMyScreen_bf\bar\1.bin\bfhttpct.dll”
HKLM\Software\Classes\CLSID\{bd3b52cc-c53d-49b5-bceb-84b18ec2f48d}\InprocServer32\: “%Program Files%\SnapMyScreen_bf\bar\1.bin\bfdlghk.dll”
HKLM\Software\Classes\CLSID\{bdffe389-a538-42f1-b36b-cbfb78e2d7fc}\InprocServer32\: “%Program Files%\SnapMyScreen_bf\bar\1.bin\bfscript.dll”
HKLM\Software\Classes\CLSID\{c4d86c62-bcee-4886-9fb9-34b1db677726}\InprocServer32\: “%Program Files%\SnapMyScreen_bf\bar\1.bin\bfbprtct.dll”
HKLM\Software\Classes\CLSID\{CAA1A27E-E33D-4D25-A24F-618D516FB671}\InprocServer32\: “%Program Files%\SnapMyScreen_bf\bar\1.bin\bfhtmlmu.dll”
HKLM\Software\Classes\CLSID\{cd2389ad-e520-4db8-b436-fc082ee7d98c}\InprocServer32\: “%Program Files%\SnapMyScreen_bf\bar\1.bin\bfbar.dll”
HKLM\Software\Classes\CLSID\{f3b5e712-c267-49e0-8dfd-5b182ff08d90}\InprocServer32\: “%Program Files%\SnapMyScreen_bf\bar\1.bin\bfbar.dll”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SnapMyScreen: “%Program Files%\Mindspark\SnapMyScreen\SnapMyScreen.exe /hidden”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mindspark SnapMyScreen\DisplayName: “”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mindspark SnapMyScreen\UninstallString: “”%Program Files%\Mindspark\SnapMyScreen\uninstall.exe” “/U:%Program Files%\Mindspark\SnapMyScreen\Uninstall\uninstall.xml””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SnapMyScreen_bfbar Uninstall Internet Explorer\DisplayName: “SnapMyScreen Toolbar & Supporting Application”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SnapMyScreen_bfbar Uninstall Internet Explorer\UninstallString: “rundll32 “%Program Files%\SnapMyScreen_bf\bar\1.bin\bfBar.dll”,O mindsparktoolbarkey=”SnapMyScreen_bf” uninstalltype=IE”
HKLM\Software\SnapMyScreen_bf\bar\UninstallString: “”%Program Files%\SnapMyScreen_bf\bar\1.bin\bfhighin.exe” bfbar.dll,O uninstalltype=IE”
HKLM\System\CurrentControlSet\Services\SnapMyScreen_bfService\ImagePath: “C:\PROGRA~1\SNAPMY~1\bar\1.bin\bfbarsvc.exe”
HKLM\System\CurrentControlSet\Services\SnapMyScreen_bfService\DisplayName: “SnapMyScreen Service”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1f0dedf9-40da-40ad-ab2f-e538573fa7fc}\DisplayName: “Ask Web Search”

Detected by UnHackMe:

BFFEEDMG.DLL
Default location: %PROGRAM FILES%\SNAPMYSCREEN_BF\BAR\1.BIN\BFFEEDMG.DLL

Dropper hash(md5): bca5bb7895fd3197d4080781ce8a8fe8

Written by NightWatcher

Malware Hunter.
Google+

UnHackMe removes malware invisible for your antivirus!

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.