Removed: C:\Documents and Settings\All Users\Application Data\BrEaK\Break.exe (trojan Bancos)
New! Quick and easy rootkit removal! Malware: mobile5.exe
Removed: C:\Documents and Settings\All Users\Application Data\BrEaK\Break.exe
—————————————————————————————————————————-
Detected by UnHackMe:
Item Name: Break.exe Espanha
Author: Home Basic
Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BREAK\BREAK.EXE
Type: Registry Run
Item Name: Break.exe
Author: Home Basic
Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BREAK\BREAK.EXE
Type: Running Processes
Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
How to quickly detect malware presence?
Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Break.exe Espanha
Value: “C:\Documents and Settings\All Users\Application Data\BrEaK\Break.exe”
Folders: C:\Documents and Settings\All Users\Application Data\BrEaK\
Files: C:\Documents and Settings\All Users\Application Data\BrEaK\Break.exe
—————————————————————————————————————————-
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| F-Secure | 9.0.15370.0 | 2010.09.01 | - |
| Kaspersky | 7.0.0.125 | 2010.09.01 | Trojan-Downloader.Win32.Agent.ekyk |
| Microsoft | 1.6103 | 2010.09.01 | TrojanSpy:Win32/Bancos.VY |
| NOD32 | 5416 | 2010.09.01 | - |
—————————————————————————————————————————-
Additional information
Additional informationShow all
MD5 : 00166b8e72e0d962b0cbe64280575954
SHA1 : c4078ab221c7511ec2c570cce912443455ac24ea
SHA256: 64b4a999940a62e1887e78394d121f84129213936bb2806214f19ef302cea030
—————————————————————————————————————————- Read more
Popularity: 1% [?]
Comments
Joseph
Your product is the only one on the market that has found and removed rootkits from my system, three rootkits to be precise. I have used other products but they don't measure up to UnHackMe.
Bob
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!
Removed: C:\drixxxxxxx.exe\drixxxxxxx.exe (trojan SpyEyes)
Malware: C:\sand-box\W-2form.exe
Removed: C:\drixxxxxxx.exe\drixxxxxxx.exe
—————————————————————————————————————————-
Detected by UnHackMe:
Item Name: drixxxxxxx.exe
Author: elite
Related File: C:\DRIXXXXXXX.EXE\DRIXXXXXXX.EXE
Type: Registry Run
Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
How to quickly detect malware presence?
Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\drixxxxxxx.exe
Value: “C:\drixxxxxxx.exe\drixxxxxxx.exe”
Folders:
C:\drixxxxxxx.exe\
Files:
C:\drixxxxxxx.exe\config.bin
C:\drixxxxxxx.exe\drixxxxxxx.exe
—————————————————————————————————————————-
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| F-Secure | 9.0.15370.0 | 2010.08.30 | Trojan.Generic.KD.28784 |
| Kaspersky | 7.0.0.125 | 2010.08.30 | Trojan-Spy.Win32.SpyEyes.wg |
| Microsoft | 1.6103 | 2010.08.30 | Trojan:Win32/Meredrop |
| NOD32 | 5409 | 2010.08.30 | Win32/Spy.SpyEye.BX |
—————————————————————————————————————————-
Additional information
MD5 : 7b6786a3631ffc6f340b727cb32af31f
SHA1 : 1954acdd79768e580eb4a14f4b7550d273e43167
SHA256: 0cff84a7cbb40921d7259bf20f1074f041fda899e16b8b6c4c7d2ca1bee9063b
—————————————————————————————————————————- Read more
Popularity: 1% [?]
Comments
Joseph
Your product is the only one on the market that has found and removed rootkits from my system, three rootkits to be precise. I have used other products but they don't measure up to UnHackMe.
Bob
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!
Removed: C:\WINDOWS\system32\msapps\comsrvr.exe (trojan Heur)
Malware: bro.jpg
Removed: C:\WINDOWS\system32\msapps\comsrvr.exe
—————————————————————————————————————————-
Detected by UnHackMe:
Item Name: COMServer
Author: dncmc
Related File: “C:\WINDOWS\system32\msapps\comsrvr.exe” s
Type: Auto Services
Item Name: comsrvr.exe
Author:
Related File: C:\WINDOWS\SYSTEM32\MSAPPS\COMSRVR.EXE
Type: Running Processes
Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
How to quickly detect malware presence?
Registry: HKLM\System\CurrentControlSet\Services\COMServer\ImagePath
Value: “”C:\WINDOWS\system32\msapps\comsrvr.exe” s”
Folders: C:\WINDOWS\system32\msapps\
Files: C:\WINDOWS\system32\msapps\comsrvr.exe
—————————————————————————————————————————-
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| F-Secure | 9.0.15370.0 | 2010.09.02 | Gen:Trojan.Heur.RP.cuW@aCMG7dei |
| Kaspersky | 7.0.0.125 | 2010.09.02 | Trojan-Dropper.Win32.Agent.cwsh |
| Microsoft | 1.6103 | 2010.09.02 | - |
| NOD32 | 5419 | 2010.09.02 | - |
—————————————————————————————————————————-
Additional information
MD5 : 40851dc7e311d481efbe84dc6db3c6e4
SHA1 : 0942619127173ba5ebc960afe94e7d5f6e3ddcd8
SHA256: 40dfd9a454a90efb56542ce4d45c2d036c1c9d7be67810d5bcb446fdedf2d7d3
—————————————————————————————————————————- Read more
Popularity: 1% [?]
Comments
Joseph
Your product is the only one on the market that has found and removed rootkits from my system, three rootkits to be precise. I have used other products but they don't measure up to UnHackMe.
Bob
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!
Removed: asectool.exe, scan.dll (FakeAV – Advanced Security Tool 2010)
Malware: a32.exe
Removed: C:\Documents and Settings\Administrator\Application Data\asectool.exe
C:\Documents and Settings\Administrator\Application Data\scan.dll
—————————————————————————————————————————-
Detected by UnHackMe:
Item Name: {80c10400-59cb-4c79-97ce-cc693103afca}
Author: Microsoft Corporation
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SCAN.DLL
Type: Browser Helper Objects
Item Name: shell
Author: Unknown
Related File: “C:\Documents and Settings\Administrator\Application Data\asectool.exe” /sn
Type: User Shell
Item Name: AdvSecTool
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\ASECTOOL.EXE
Type: Registry Run
Item Name: asectool.exe
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\ASECTOOL.EXE
Type: Running Processes
After first reboot detected by UnHackMe:
Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
How to quickly detect malware presence?
Registry: HKLM\Software\Classes\CLSID\{80c10400-59cb-4c79-97ce-cc693103afca}\InprocServer32\
Value: “C:\Documents and Settings\Administrator\Application Data\scan.dll”
Registry: HKLM\Software\Classes\TypeLib\{58B4E0F5-F122-4C02-B038-C482D998486A}\1.0\0\win32\
Value: “C:\Documents and Settings\Administrator\Application Data\scan.dll”
Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\AdvSecTool
Value: “”C:\Documents and Settings\Administrator\Application Data\asectool.exe”"
Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Value: “”C:\Documents and Settings\Administrator\Application Data\asectool.exe” /sn”
Files:
C:\Documents and Settings\Administrator\Application Data\1tmp.bat
C:\Documents and Settings\Administrator\Application Data\asectool.exe
C:\Documents and Settings\Administrator\Application Data\scan.dll
C:\Documents and Settings\Administrator\Application Data\secmof.tmp
C:\Documents and Settings\Administrator\Desktop\Advanced Security Tool 2010.LNK
C:\Documents and Settings\Administrator\Start Menu\Advanced Security Tool 2010.LNK
—————————————————————————————————————————-
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| F-Secure | 9.0.15370.0 | 2010.08.29 | Trojan.Generic.KD.29071 |
| Kaspersky | 7.0.0.125 | 2010.08.29 | Trojan.Win32.FakeAV.dum |
| NOD32 | 5407 | 2010.08.29 | a variant of Win32/Kryptik.GJY |
—————————————————————————————————————————-
Additional information
MD5 : f1af0c9e3c6be3bc77d1e9de3bcd5914
SHA1 : ef66384faa535809c515117855440f129bfd1882
SHA256: 76e7d2139b02cd30da3757437ebca74fdebdf8883b93f892f642a7e8b2192f3b
—————————————————————————————————————————- Read more
Popularity: 1% [?]
Comments
Joseph
Your product is the only one on the market that has found and removed rootkits from my system, three rootkits to be precise. I have used other products but they don't measure up to UnHackMe.
Bob
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!
Removed: C:\WINDOWS\mstwain32.exe (trojan Turkojan)
Malware: svchosts.exe
Removed: C:\WINDOWS\mstwain32.exe
—————————————————————————————————————————-
Detected by UnHackMe:
Item Name: mstwain32.exe
Author: Unknown
Related File: C:\WINDOWS\MSTWAIN32.EXE
Type: Running Processes
After first reboot detected by UnHackMe:
Item Name: mstwain32
Author:
Related File: C:\WINDOWS\mstwain32.exe
Type: Registry Run
Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
How to quickly detect malware presence?
Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\mstwain32
Value: “C:\WINDOWS\mstwain32.exe”
Files:
C:\WINDOWS\cmsetac.dll
C:\WINDOWS\mstwain32.exe
C:\WINDOWS\ntdtcstp.dll
—————————————————————————————————————————-
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| F-Secure | 9.0.15370.0 | 2010.08.26 | Gen:Trojan.Heur.riWarz1WuZgaD |
| Kaspersky | 7.0.0.125 | 2010.08.26 | Backdoor.Win32.Turkojan.il |
| Microsoft | 1.6103 | 2010.08.26 | Backdoor:Win32/Turkojan.A |
| NOD32 | 5399 | 2010.08.26 | a variant of Win32/Turkojan |
—————————————————————————————————————————-
Additional information
MD5 : 41d09b1c99b5ad0b5cabd80f4c29c06e
SHA1 : 63b37fea5cb0cdcedc769629ca2b6e8d41791e81
SHA256: fdf7099fed9a9a894ee3ab7348d7f9cea885bacb9e3860a5d710b7303896e484
—————————————————————————————————————————- Read more
Popularity: 1% [?]
Comments
Joseph
Your product is the only one on the market that has found and removed rootkits from my system, three rootkits to be precise. I have used other products but they don't measure up to UnHackMe.
Bob
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!
Removed: dev.sys, dev.dll (trojan Tinxy)
Malware: p.exe
Removed: C:\WINDOWS\system32\drivers\dev.sys
C:\WINDOWS\system32\dev.dll
—————————————————————————————————————————-
Detected by UnHackMe:
Item Name: ddev
Author: dev
Related File: C:\WINDOWS\SYSTEM32\DEV.DLL
Type: Svchost DLLs
Item Name: dev.sys
Author: dev
Related File: C:\WINDOWS\SYSTEM32\DRIVERS\DEV.SYS
Type: Drivers
Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
How to quickly detect malware presence?
Registry: HKLM\System\CurrentControlSet\Services\ddev\parameters\servicedll
Value: “C:\WINDOWS\system32\dev.dll”
Registry: HKLM\System\CurrentControlSet\Services\dev\ImagePath
Value: “\??\C:\WINDOWS\system32\drivers\dev.sys”
Files:
C:\Documents and Settings\Administrator\Local Settings\Temp\dev.bat
C:\WINDOWS\system32\drivers\dev.sys
C:\WINDOWS\system32\dev.dll
—————————————————————————————————————————-
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| F-Secure | 9.0.15370.0 | 2010.08.31 | Trojan.Generic.KDV.29139 |
| Kaspersky | 7.0.0.125 | 2010.08.31 | Trojan-Dropper.Win32.Agent.cvvq |
| Microsoft | 1.6103 | 2010.08.31 | Trojan:Win32/Malagent |
| NOD32 | 5412 | 2010.08.31 | Win32/Tinxy.CE |
—————————————————————————————————————————-
Additional information
MD5 : 7cbf5a6d967accffa30020ee6f3eeeb2
SHA1 : 113f2284f7162b924561cbee0a7bf7ad83cddd42
SHA256: c8bce2ed2bfb62b2ed259650436169ad1325b4503ce4bcb545a00507867d42af
—————————————————————————————————————————- Read more
Popularity: 1% [?]
Comments
Joseph
Your product is the only one on the market that has found and removed rootkits from my system, three rootkits to be precise. I have used other products but they don't measure up to UnHackMe.
Bob
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!
Removed: C:\Program Files\PinSearch\PinSearch.exe, C:\Program Files\PinSearch\PSHelper.dll (Adware.BonusCash)
Malware: PinSearch_PI05.exe
Removed: C:\Program Files\PinSearch\PinSearch.exe
C:\Program Files\PinSearch\PSHelper.dll
—————————————————————————————————————————-
Detected by UnHackMe:
Item Name: {F408214B-1AC6-4800-A9A4-CA713140F110}
Author:
Related File: C:\PROGRAM FILES\PINSEARCH\PSHELPER.DLL
Type: Browser Helper Objects
Item Name: PinSearch
Author:
Related File: C:\PROGRAM FILES\PINSEARCH\PINSEARCH.EXE
Type: Registry Run
Item Name: PinSearch.exe
Author:
Related File: C:\PROGRAM FILES\PINSEARCH\PINSEARCH.EXE
Type: Running Processes
Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
How to quickly detect malware presence?
Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PinSearch
Value: “C:\Program Files\PinSearch\PinSearch.exe”
Folders:
C:\Program Files\PinSearch\
Files:
C:\Program Files\PinSearch\PinSearch.dll
C:\Program Files\PinSearch\PinSearch.exe
C:\Program Files\PinSearch\PSHelper.dll
C:\Program Files\PinSearch\uninstall.exe
—————————————————————————————————————————-
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| F-Secure | 9.0.15370.0 | 2010.08.28 | Trojan.Generic.4664313 |
| Kaspersky | 7.0.0.125 | 2010.08.28 | - |
| Microsoft | 1.6103 | 2010.08.27 | - |
| NOD32 | 5403 | 2010.08.27 | a variant of Win32/Adware.BonusCash.AB |
—————————————————————————————————————————-
Additional information
MD5 : 1d322e705311cf5b1f12d9fc98668a21
SHA1 : 258b5b64336214473292375850b36d58b8b55923
SHA256: 579e6e7cb54b37368701bf5aa2474692f213081d38bb8dba2f65b23bfad15ec6
—————————————————————————————————————————- Read more
Popularity: 1% [?]
Comments
Joseph
Your product is the only one on the market that has found and removed rootkits from my system, three rootkits to be precise. I have used other products but they don't measure up to UnHackMe.
Bob
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!
Removed: antispy.exe (FakeAV – Pest Detector aka Red Cross Antivirus, AntiSpy Safeguard, Peak Protection 2010, Major Defense Kit)
Malware: setup_pst.exe
Removed: C:\Documents and Settings\Administrator\Application Data\antispy.exe
—————————————————————————————————————————-
Detected by UnHackMe:
Item Name: shell
Author: Unknown
Related File: C:\Documents and Settings\Administrator\Application Data\antispy.exe
Type: User Shell
Item Name: antispy.exe
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\ANTISPY.EXE
Type: Running Processes
Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
How to quickly detect malware presence?
Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\tmp
Value: “”
Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Value: “C:\Documents and Settings\Administrator\Application Data\antispy.exe”
Folders:
C:\Documents and Settings\Administrator\Application Data\VAP\
Files:
C:\Documents and Settings\Administrator\Application Data\antispy.exe
C:\Documents and Settings\Administrator\Application Data\VAP\filrewall.log
—————————————————————————————————————————-
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| F-Secure | 9.0.15370.0 | 2010.08.27 | - |
| Kaspersky | 7.0.0.125 | 2010.08.27 | Trojan.Win32.FakeAV.dti |
| Microsoft | 1.6103 | 2010.08.27 | Rogue:Win32/FakePAV |
| NOD32 | 5402 | 2010.08.27 | - |
—————————————————————————————————————————-
Additional information
MD5 : 17f77314cbe836fdf57c34b1b577d796
SHA1 : 929f9252649851409bd4f54c0689dc27b5adf319
SHA256: 234a36bc86d1a1bd0bf17d721b4f42d3f904489abc5784732163bede1fb14c26
—————————————————————————————————————————- Read more
Popularity: 1% [?]
Comments
Joseph
Your product is the only one on the market that has found and removed rootkits from my system, three rootkits to be precise. I have used other products but they don't measure up to UnHackMe.
Bob
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!
Removed: clspackagemd.exe, clspackagemdx.dll (trojan Induc)
Malware: clspackagemd.exe
Removed: C:\WINDOWS\system32\clspackagemd.exe
C:\WINDOWS\system32\clspackagemdx.dll
—————————————————————————————————————————-
Detected by UnHackMe:
Item Name: {3FFF5C78-522B-4BF9-B207-9970ADDDDAD6}
Author: Unknown
Related File: C:\WINDOWS\SYSTEM32\CLSPACKAGEMDX.DLL
Type: Browser Helper Objects
Item Name: clspackagemd
Author: Unknown
Related File: C:\WINDOWS\SYSTEM32\CLSPACKAGEMD.EXE
Type: Registry Run
Item Name: clspackagemd.exe
Author: Unknown
Related File: C:\WINDOWS\SYSTEM32\CLSPACKAGEMD.EXE
Type: Running Processes
Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
How to quickly detect malware presence?
Registry: HKLM\Software\Classes\CLSID\{3FFF5C78-522B-4BF9-B207-9970ADDDDAD6}\InprocServer32\
Value: “C:\WINDOWS\system32\clspackagemdx.dll”
Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\clspackagemd
Value: “C:\WINDOWS\system32\clspackagemd.exe /t 120″
Files:
C:\WINDOWS\system32\clspackagemd.exe
C:\WINDOWS\system32\clspackagemdx.dll
—————————————————————————————————————————-
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| F-Secure | 9.0.15370.0 | 2010.08.29 | Win32.Induc.A |
| Kaspersky | 7.0.0.125 | 2010.08.29 | Virus.Win32.Induc.a |
| Microsoft | 1.6103 | 2010.08.29 | Virus:Win32/Induc.A |
| NOD32 | 5405 | 2010.08.28 | a variant of Win32/Induc.A |
—————————————————————————————————————————-
Additional information
MD5 : 0a9524b616d74c7efd52e70434057e3e
SHA1 : 0d44ad2e039fbd1200e5ecab36a7c073ff556d6e
SHA256: ff740ab5bec0b17294def9dab503ff97fb2b6e10314863e8422ea065bf3f2b62
—————————————————————————————————————————- Read more
Popularity: 1% [?]
Comments
Joseph
Your product is the only one on the market that has found and removed rootkits from my system, three rootkits to be precise. I have used other products but they don't measure up to UnHackMe.
Bob
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!
Removed: C:\Program Files\favoclick\favoclick.dll, C:\Program Files\favoclick\favoclickup.exe (trojan BHO)
Malware: C:\sand-box\favoclick_p.exe
Removed: C:\Program Files\favoclick\favoclick.dll
C:\Program Files\favoclick\favoclickup.exe
—————————————————————————————————————————-
Detected by UnHackMe:
Item Name: {6A0C33CA-4C02-4BF6-A96E-37336BD1CE44}
Author: Unknown
Related File: C:\PROGRAM FILES\FAVOCLICK\FAVOCLICK.DLL
Type: Browser Helper Objects
Item Name: favoclick
Author: Unknown
Related File: C:\PROGRAM FILES\FAVOCLICK\FAVOCLICKUP.EXE
Type: Registry Run
Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
How to quickly detect malware presence?
Registry:
Value:
Folders:
C:\Program Files\favoclick
Files:
C:\Program Files\favoclick\domainrefer.ini
C:\Program Files\favoclick\favoclick.dll
C:\Program Files\favoclick\favoclickup.exe
C:\Program Files\favoclick\keycode.ini
C:\Program Files\favoclick\uninstall.exe
—————————————————————————————————————————-
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| F-Secure | 9.0.15370.0 | 2010.09.01 | Dropped:Trojan.Generic.4679233 |
| Kaspersky | 7.0.0.125 | 2010.09.01 | not-a-virus:AdWare.Win32.Agent.sgt |
| Microsoft | 1.6103 | 2010.08.31 | - |
| NOD32 | 5413 | 2010.08.31 | Win32/Adware.BHO.NIF |
—————————————————————————————————————————-
Additional information
MD5 : f124d4e1cfde8274f432274443109834
SHA1 : 26dca78663d00d3a50b88d5d60d472e6475151e1
SHA256: 5760c8fa864ebc99290575e2b06ab7c6ef7d708612296241e8d692f735cae8d9
—————————————————————————————————————————- Read more
Popularity: 1% [?]
Comments
Joseph
Your product is the only one on the market that has found and removed rootkits from my system, three rootkits to be precise. I have used other products but they don't measure up to UnHackMe.
Bob
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!
UnHackMe kills rootkits!
RegRun Warrior
Removing rootkits is best done from the outside!