Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.
UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
(5 / 5)
Email-Worm.Ridnu also known as Worm/Ridnu.E, Riskware, probably unknown NewHeur_PE.
Malware Analysis of Email-Worm.Ridnu – TCVHJ.EXE
Created files:
%Profile%\Local Settings\AKGNAB_UALUP.exe.FrontMission3
%Profile%\Local Settings\Mr_CF_Mutation.SaveTheQueen
%Profile%\Local Settings\tcvhj.exe
%Personal%\Mutation.htm
%Personal%\Mutation.scr
Autostart registry keys:
HKLM\Software\Classes\VBSFile\Shell\Open\Command\: 22 43 3A 5C 65 78 70 6C 6F 72 65 72 2E 65 78 65 22 20 22 25 31 22 20 25 2A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Alumni_Smoensa_Pangkalpinang: 4D 72 5F 43 6F 6F 6C 46 61 63 65 00 44 69 64 20 59 6F 75 20 4D 69 73 73 20 4D 65 2E 2E 2E 20 4D 79 20 50 72 69 6E 63 65 73 73 00 00 54 68 65 20 50 72 69 6E 63 65 20 69 73 20 41 73 6B 69 6E 67 20 61 20 51 75 65 73 74 69 6F 6E 00 49 72 6D 61 20 54 72 69 61 6E 61 00 69 6E 66 34 44 32 2E 74 6D 70 00
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\My_Old_Class: 33 49 50 41 32 2E 53 4D 41 4E 53 41 2E 50 4B 50 2E 65 78 65 00 00 00 00 41 6C 75 6D 6E 69 5F 53 6D 6F 65 6E 73 61 5F 50 61 6E 67 6B 61 6C 70 69 6E 61 6E 67 00 00 00 00 5C 33 49 50 41 32 2E 53 4D 41 4E 53 41 2E 50 4B 50 2E 65 78 65 00 00 00 57 69 6E 64 6F 77 73 53 65 63 75 72 69 74 79 53 65 72 76
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WindowsSecurityService: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 65 72 76 69 63 65 73 2E 65 78 65 00 32 2E 53 4D 41 4E 53 41 2E 50 4B 50 2E 65 78 65 00 00 00 00 AE 2C 91 7C 61 2C 91 7C 51 2D 91 7C 58 2D 91 7C 00 00 00 00 08 02 00 00 00 02 00 00 08 02 00 00 6C 3F 12 00 70 3F 12 00 55 3F 12 00 00 00 00 00 40 42 14 00 79 79 79
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\gaa: 75 72 6A 2E 65 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 67 61 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 00 65 77 77 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 77 70 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 75 78 63 00 00 00 00 00 00 00 00 00 00 00 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Penylethylamine: 43 3A 5C 44 6F 63 75 6D 65 6E 74 73 20 61 6E 64 20 53 65 74 74 69 6E 67 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 4C 6F 63 61 6C 20 53 65 74 74 69 6E 67 73 5C 41 70 70 6C 69 63 61 74 69 6F 6E 20 44 61 74 61 5C 45 6D 6D 61 2E 65 78 65 00 75 79 7F 15 04 91 7C 1E 04 91 7C 02 00 00 00 88 55 12 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Paradiso_Perduto: 53 4D 55 4E 53 41 5F 50 41 4E 47 4B 41 4C 50 49 4E 41 4E 47 5F 42 41 4E 47 4B 41 00 50 65 6E 79 6C 65 74 68 79 6C 61 6D 69 6E 65 00 4D 72 5F 43 6F 6F 6C 46 61 63 65 2E 73 63 72 00 65 78 70 6C 6F 72 65 72 2E 65 78 65 00 00 00 00 5C 4D 72 5F 43 6F 6F 6C 46 61 63 65 2E 73 63 72 00 00 00 00 2F 2F 4E
HKLM\Software\Classes\batfile\shell\open\command\: 22 43 3A 5C 65 78 70 6C 6F 72 65 72 2E 65 78 65 22 20 22 25 31 22 20 25 2A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\Software\Classes\comfile\shell\open\command\: 22 43 3A 5C 65 78 70 6C 6F 72 65 72 2E 65 78 65 22 20 22 25 31 22 20 25 2A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\Software\Classes\piffile\shell\open\command\: 22 43 3A 5C 65 78 70 6C 6F 72 65 72 2E 65 78 65 22 20 22 25 31 22 20 25 2A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: 65 78 70 6C 6F 72 65 72 2E 65 78 65 20 22 43 3A 5C 65 78 70 6C 6F 72 65 72 2E 65 78 65 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “%SysDir%\userinit.exe, C:\explorer.exe”
HKCU\Control Panel\Desktop\SCRNSAVE.EXE: 4D 52 5F 43 4F 4F 7E 31 2E 53 43 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Detected by UnHackMe:
TCVHJ.EXE
Default location: %PROFILE%\LOCAL SETTINGS\TCVHJ.EXE
Dropper hash(md5): d716812f9b89441f3e6dc1024352f4a7
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.