DF9D.EXE is Adware WSearch

I use UnHackMe for cleaning adware and viruses from my friend's computers, because it is extremely fast and effective.

Download free e-book [PDF]: "How to Easily Remove Malware with UnHackMe"

Join us on Facebook
Click to Download
Solved! The issue has been fixed!
5 Stars (5 / 5)


We received the file DF9D.EXE and detected that DF9D.EXE is not good.
DF9D.EXE is Adware. You should remove the file DF9D.EXE.
Kill the process DF9D.EXE and remove DF9D.EXE from Windows.

Malware Analysis of DF9D.EXE
Full path on a computer: %WinDir%\df9d.exe

Detected by UnHackMe:

DF9D.EXE
Default location: %WinDir%\df9d.exe


Your Vote?
0 0

Removal Results: Success
Number of reboot: 1

DF9D.EXE is known as:

Adware.WSearch

DF9D.EXE hash:

  • MD5: 11b91dec9c36ccfce217c1865a30569b
The file tries to download information from some web sites.
How to quickly detect DF9D.EXE presence?

Registry:
  • HKLM\Software\Classes\CLSID\{FCAA0766-15FC-4aec-A010-F4605D272581}\InprocServer32\: “%SysDir%\727o.dll”
  • HKLM\Software\Classes\TypeLib\{8A4F328C-C9F4-4449-A0DF-A756A6B52ABF}\1.0\0\win32\: “%SysDir%\727o.dll”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\plc: “c:\windows\system32\rundll32.exe %SysDir%/2bee.dll,Always”
  • HKLM\System\CurrentControlSet\Services\Eventlog\Application\OSTD\EventMessageFile: “%SysDir%\2bed.exe”
  • HKLM\System\CurrentControlSet\Services\OSTD\ImagePath: “%SysDir%\2bed.exe”
Files:
  • %Common Startmenu%\Programs\Startup\ktv.lnk
  • %Common Startmenu%\Programs\Startup\star.lnk
  • %SysDir%\2bed.exe
  • %SysDir%\2bee.dll
  • %SysDir%\727o.dll
  • %WinDir%\Tasks\ms.job
  • %WinDir%\df9d.exe
  • %WinDir%\df9d.flv
  • %WinDir%\df9u.bmp


I use UnHackMe for cleaning adware and viruses from my friend's computers, because it is extremely fast and effective.

Download it here




1. Download UnHackMe for free

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

2. Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed has installed the first Scan will start automatically

Review the detected threats

3. Carefully review the detected threats!

Click Remove button or False Positive.

What to do if you are unable to solve a problem?

UnHackMe Remote Assistant
  1. Open UnHackMe main screen.
  2. Click on a Remote Assistant button.
  3. Follow instructions on a screen.
  4. We will contact you and send a solution of your problem.
  5. Remote assistance is free during trial period.

Enjoy!