mhxu9m1.exe - Dangerous

mhxu9m1.exe

Manual removal instructions:

Antivirus Report of mhxu9m1.exe:
mhxu9m1.exe Malware
mhxu9m1.exeDangerous
mhxu9m1.exeHigh Risk
mhxu9m1.exe
We suggest you to remove mhxu9m1.exe from your computer as soon as possible.
Mhxu9m1.exe is Trojan/Backdoor.
Kill the process mhxu9m1.exe and remove mhxu9m1.exe from Windows startup.

File: mhxu9m1.exe
-------------------------------------------------------------------------------------

Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.08 Win32:Agent-ACMH
AVG 8.5.0.406 2009.08.09 Packed.Rolex
BitDefender 7.2 2009.08.09 Generic.Onlinegames.14.4FB23764
Comodo 1920 2009.08.09 TrojWare.Win32.Magania.~awds
DrWeb 5.0.0.12182 2009.08.09 Trojan.PWS.Wsgame.12326
F-Secure 8.0.14470.0 2009.08.09 Trojan-GameThief.Win32.Magania.biht
Kaspersky 7.0.0.125 2009.08.09 Trojan-GameThief.Win32.Magania.biht
Microsoft 1.4903 2009.08.09 PWS:Win32/OnLineGames.AQ
NOD32 4319 2009.08.09 Win32/PSW.OnLineGames.NRD
Symantec 1.4.4.12 2009.08.09 Infostealer.Gampass

Additional information
File size: 28276 bytes
MD5 : a55a74f0ed8d24d3224ce6d17b95cc29
SHA1 : c0f52e4e81a9d24ffeba9ae97db1bf2ef35e7bb5

-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:


----------------------------------
Keys added:2
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{69B265A2-A172-4D27-BDF1-917E6D8B1DCC}
HKLM\SOFTWARE\Classes\CLSID\{69B265A2-A172-4D27-BDF1-917E6D8B1DCC}\InprocServer32

----------------------------------
Values added:4
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{69B265A2-A172-4D27-BDF1-917E6D8B1DCC}\InprocServer32\: "C:\WINDOWS\fonts\jUxfqJDwmfQEHcy2.fon"
HKLM\SOFTWARE\Classes\CLSID\{69B265A2-A172-4D27-BDF1-917E6D8B1DCC}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{69B265A2-A172-4D27-BDF1-917E6D8B1DCC}: ""
HKCU\Software\Microsoft\CTF\MSUTB\ShowDeskBand: 0x00000001

----------------------------------
Values modified:24
----------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}: FC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1C 87 81 4A 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 ED 8D 81 4A C0 A8 AE 01 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 ED 8D 81 4A 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 ED 8D 81 4A FF FF FF 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 ED 8D 81 4A 00 00 07 08 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 ED 8D 81 4A C0 A8 AE FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ED 8D 81 4A 05 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}: 06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 5C 61 82 4A C0 A8 AE 01 0F 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 5C 61 82 4A 6C 6F 63 61 6C 64 6F 6D 61 69 6E 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 5C 61 82 4A FF FF FF 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 5C 61 82 4A 00 00 07 08 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 5C 61 82 4A C0 A8 AE FE 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 5C 61 82 4A 05 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\LeaseObtainedTime: 0x4A8186E5
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\LeaseObtainedTime: 0x4A825A54
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\T1: 0x4A818A69
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\T1: 0x4A825DD8
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\T2: 0x4A818D0C
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\T2: 0x4A82607B
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\LeaseTerminatesTime: 0x4A818DED
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\LeaseTerminatesTime: 0x4A82615C
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\LeaseObtainedTime: 0x4A8186E5
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\LeaseObtainedTime: 0x4A825A54
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\T1: 0x4A818A69
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\T1: 0x4A825DD8
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\T2: 0x4A818D0C
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\T2: 0x4A82607B
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\LeaseTerminatesTime: 0x4A818DED
HKLM\SYSTEM\CurrentControlSet\Services\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}\Parameters\Tcpip\LeaseTerminatesTime: 0x4A82615C
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags: 0x00000004
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags: 0x00000005
HKCU\Software\Microsoft\Windows\CurrentVersion\NetCache\AdminPinStartTime: E2 9A 62 AB 93 1A CA 01
HKCU\Software\Microsoft\Windows\CurrentVersion\NetCache\AdminPinStartTime: D6 D5 9D 21 12 1B CA 01
HKCU\Software\Microsoft\Windows\CurrentVersion\NetCache\AdminPinFinishTime: E2 9A 62 AB 93 1A CA 01
HKCU\Software\Microsoft\Windows\CurrentVersion\NetCache\AdminPinFinishTime: 30 38 A0 21 12 1B CA 01

----------------------------------
Files added:2
----------------------------------
C:\WINDOWS\Fonts\CcKKcpwJmND4.Ttf
C:\WINDOWS\Fonts\jUxfqJDwmfQEHcy2.fon

----------------------------------
Files deleted:2
----------------------------------
C:\sand-box\mhxu9m1.exe
C:\WINDOWS\system32\verclsid.exe

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:0
----------------------------------

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:34
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: {69B265A2-A172-4D27-BDF1-917E6D8B1DCC}
Author: Unknown
Related File: C:\WINDOWS\fonts\jUxfqJDwmfQEHcy2.fon
Type: Shell Execute Hooks

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
jUxfqJDwmfQEHcy2.fon

Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.07.17 Win32:Agent-ACMH
AVG 8.5.0.387 2009.07.18 PSW.Generic7.RGY
BitDefender 7.2 2009.07.18 Generic.Onlinegames.14.F6F584CD
Comodo 1670 2009.07.18 TrojWare.Win32.Magania.~awds
DrWeb 5.0.0.12182 2009.07.18 Trojan.PWS.Wsgame.12116
F-Secure 8.0.14470.0 2009.07.17 Trojan-GameThief.Win32.Magania.bnpe
Kaspersky 7.0.0.125 2009.07.18 Trojan-GameThief.Win32.Magania.bnpe
Microsoft 1.4803 2009.07.18 PWS:Win32/OnLineGames.AQ
NOD32 4256 2009.07.18 probably a variant of Win32/PSW.OnLineGames.NRD
Symantec 1.4.4.12 2009.07.18 Infostealer.Gampass

Additional information
File size: 21596 bytes
MD5 : 67b6b7bf7697201dc4dc3371e73b509b
SHA1 : 16f728a236f4ad7492cc7ba45fd461a8936d04bf
-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove mhxu9m1.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.