Warning: call_user_func_array() [function.call-user-func-array]: First argument is expected to be a valid callback, 'stdClass::has_cap' was given in /home/greatisc/public_html/blog/wp-includes/capabilities.php on line 1109
SKYPE1.EXE is Worm Luder.bgvf
The file SKYPE1.EXE is a computer worm.
The worm SKYPE1.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the SKYPE1.EXE problem as soon as possible!
Delete the file SKYPE1.EXE from all infected computers in your network.
Set up your network firewall against SKYPE1.EXE intervention.
Malware Analysis of SKYPE1.EXE
Full path on a computer: %SysDir%\skype1\skype1.exe
Detected by UnHackMe:
SKYPE1.EXE
Default location: %SysDir%\skype1\skype1.exe
Removal Results: Success
Number of reboot: 1
SKYPE1.EXE is known as:
Worm.Luder.bgvf, Packed.MoleBox, BackDoor.Bifrost.20804, Mal.VB-CMXA, VirTool.VBInject.OT, Trojan.VBKrypt, a variant of Win32.Packed.Molebox.C, Worm.Rebhip, BackDoor.Bifrose.OJQ
SKYPE1.EXE hash:
- MD5: 24508fcc02f91a2da1d70b779d35cdd5
Registry:- HKLM\Software\Microsoft\Active Setup\Installed Components\{9D71D88C-C598-4935-C5D1-43AA4DB90836}\stubpath: “%SysDir%\skype1\skype1.exe s”
Folders:- %SysDir%\skype1
Files:- %Temp%\~DF60E6.tmp
- %Temp%\~DFB9C9.tmp
- %Program Files%\1.exe
- %SysDir%\1.exe
- %SysDir%\skype1\logg.dat
- %SysDir%\skype1\skype1.exe
- %WinDir%\Temp\1.exe
- %WinDir%\1.exe
- %WinDir%\2.exe
- C:\1.exe
- C:\autorun.inf
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
BTDEFENDER.EXE is FakeAV Internet Security Plus
The file BTDEFENDER.EXE is a part of Fake Antiviral software.
You must delete the file BTDEFENDER.EXE immediately!
Delete the file BTDEFENDER.EXE without delay!
Kill the process BTDEFENDER.EXE and remove BTDEFENDER.EXE from the Windows startup.
Malware Analysis of BTDEFENDER.EXE
Full path on a computer: %Common Appdata%\btdefender.exe
Detected by UnHackMe:
BTDEFENDER.EXE
Default location: %Common Appdata%\btdefender.exe
Removal Results: Success
Number of reboot: 1
BTDEFENDER.EXE is known as:
FakeAV.Internet Security Plus
BTDEFENDER.EXE hash:
- MD5: 1d22518d0ec445868abb2c68f38f03fd
Files:- %Temp%\1.tmp
- %Common Appdata%\btdefender.exe
- %Common Desktopdirectory%\Internet Security Plus.lnk
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
SKYPE.DAT is Trojan FakeAlert.ED
Is the file SKYPE.DAT located on your computer? Then your computer is infected.
We do suggest you should remove SKYPE.DAT from your computer as soon as possible.
SKYPE.DAT is Trojan/Backdoor.
Kill the process SKYPE.DAT and remove SKYPE.DAT from the Windows startup.
Malware Analysis of SKYPE.DAT
Full path on a computer: %Appdata%\skype.dat
Detected by UnHackMe:
SKYPE.DAT
Default location: %Appdata%\skype.dat
Removal Results: Success
Number of reboot: 1
SKYPE.DAT is known as:
Trojan.FakeAlert.ED, W32.Kryptik.BCLL.tr
SKYPE.DAT hash:
- MD5: 85c15061de45687b57697fc739ce1da9
Registry:- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: “explorer.exe,%Appdata%\skype.dat”
Files:- %Appdata%\skype.dat
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
STDSCHEM.GDL is Trojan Killfiles
Is the file STDSCHEM.GDL located on your computer? Then your computer is infected.
We do suggest you should remove STDSCHEM.GDL from your computer as soon as possible.
STDSCHEM.GDL is Trojan/Backdoor.
Kill the process STDSCHEM.GDL and remove STDSCHEM.GDL from the Windows startup.
Malware Analysis of STDSCHEM.GDL
Full path on a computer: \STDSCHEM.GDL
Detected by UnHackMe:
STDSCHEM.GDL
Default location: \STDSCHEM.GDL
Removal Results: Success
Number of reboot: 1
STDSCHEM.GDL is known as:
Trojan.Killfiles
Files:- \SETUPERR.LOG
- \SETUPLOG.TXT
- \SETUPACT.LOG
- \SETUPAPI.LOG
- \STDSCHEM.GDL
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
SCRBN.EXE is Trojan Downloader
Is the file SCRBN.EXE located on your computer? Then your computer is infected.
We do suggest you should remove SCRBN.EXE from your computer as soon as possible.
SCRBN.EXE is Trojan/Backdoor.
Kill the process SCRBN.EXE and remove SCRBN.EXE from the Windows startup.
Malware Analysis of SCRBN.EXE
Full path on a computer: %APPDATA%\SCRBN.EXE
Detected by UnHackMe:
SCRBN.EXE
Default location: %APPDATA%\SCRBN.EXE
Removal Results: Success
Number of reboot: 1
SCRBN.EXE is known as:
Trojan Downloader
Files:- %TEMP%\NSJ2.TMP\INSTALLOPTIONS.DLL
- %APPDATA%\SCRBN.EXE
- %SYSTEMDRIVE%\MYPICTURE.SCR
- %TEMP%\PASSWORD-HACK-RECOVERY-FOR-MSN-SETUP.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
QVOD.EXE is Trojan Agent
The file QVOD.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete QVOD.EXE we suggest you should use UnHackMe:
http://www.unhackme.com
Malware Analysis of QVOD.EXE
Full path on a computer: %TEMP%\TEMP\QVOD.EXE
Detected by UnHackMe:
QVOD.EXE
Default location: %TEMP%\TEMP\QVOD.EXE
Removal Results: Success
Number of reboot: 1
QVOD.EXE is known as:
Trojan Agent
QVOD.EXE hash:
-
MD5: 8DA481ACB7CE2508F68071DA569CE84A
Files:- %TEMP%\QD.INI
- %TEMP%\STINST.LOG
- %TEMP%\TEMP\QVOD.EXE
- %WINDIR%\KB2536276666.LOG
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
LOADER.EXE is Trojan Downloader
We checked some samples of LOADER.EXE and detected the file LOADER.EXE as threat.
Remove the LOADER.EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of LOADER.EXE
Full path on a computer: %TEMP%\9\LOADER.EXE
Detected by UnHackMe:
LOADER.EXE
Default location: %TEMP%\9\LOADER.EXE
Removal Results: Success
Number of reboot: 1
LOADER.EXE is known as:
Trojan Downloader
Files:- %TEMP%\9\CNSTC.INI
- %TEMP%\9\CNPROVH.DLL
- %TEMP%\9\CONFIG.EXE
- %TEMP%\9\CUSCFG.DAT
- %TEMP%\9\LOADER.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
INTELDRIVER.EXE is Trojan AVKill
We checked up the file INTELDRIVER.EXE and found it hazardous.
The file INTELDRIVER.EXE must be deleted from the system immediately.
Kill the process INTELDRIVER.EXE and remove INTELDRIVER.EXE from the Windows startup.
Malware Analysis of INTELDRIVER.EXE
Full path on a computer: %APPDATA%\INTELDRIVER.EXE
Detected by UnHackMe:
INTELDRIVER.EXE
Default location: %APPDATA%\INTELDRIVER.EXE
Removal Results: Success
Number of reboot: 1
INTELDRIVER.EXE is known as:
Trojan AVKill
Files:- %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KHMHGZ4F\0RJ861[1]
- %APPDATA%\INTELDRIVER.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
HOSDICATVAPO.EXE is Trojan Downloader
Is the file HOSDICATVAPO.EXE located on your computer? Then your computer is infected.
We do suggest you should remove HOSDICATVAPO.EXE from your computer as soon as possible.
HOSDICATVAPO.EXE is Trojan/Backdoor.
Kill the process HOSDICATVAPO.EXE and remove HOSDICATVAPO.EXE from the Windows startup.
Malware Analysis of HOSDICATVAPO.EXE
Full path on a computer: %PROFILE%\HOSDICATVAPO.EXE
Detected by UnHackMe:
HOSDICATVAPO.EXE
Default location: %PROFILE%\HOSDICATVAPO.EXE
Removal Results: Success
Number of reboot: 1
HOSDICATVAPO.EXE is known as:
Trojan Downloader
Files:- %WINDIR%\TEMP\OUTOFPROCREPORT1070651.TXT
- %SYSTEMDRIVE%\PROGRAMDATA\MICROSOFT\WINDOWS\WER\REPORTQUEUE\NONCRITICAL_7.6.7600.256_D2CAF64B7DBCA2D781154D2562964C262846251_CAB_0E085698\REPORT.WER
- %SYSTEMDRIVE%\PROGRAMDATA\MICROSOFT\WINDOWS\WER\REPORTQUEUE\NONCRITICAL_80072F78_805FF6E6DAF5FEDBB13DAF2B1D56B5CBD7EA195_CAB_0D284F48\CLIENT_MANIFEST.TXT
- %PROFILE%\HOSDICATVAPO.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
HAVIJ-EXTRA.EXE is Trojan Downloader
We checked up the file HAVIJ-EXTRA.EXE and found it hazardous.
The file HAVIJ-EXTRA.EXE must be deleted from the system immediately.
Kill the process HAVIJ-EXTRA.EXE and remove HAVIJ-EXTRA.EXE from the Windows startup.
Malware Analysis of HAVIJ-EXTRA.EXE
Full path on a computer: %WINDIR%\HAVIJ-EXTRA.EXE
Detected by UnHackMe:
HAVIJ-EXTRA.EXE
Default location: %WINDIR%\HAVIJ-EXTRA.EXE
Removal Results: Success
Number of reboot: 1
HAVIJ-EXTRA.EXE is known as:
Trojan Downloader
Files:- %APPDATA%\SYSTEMT.EXE
- %WINDIR%\HAVIJ-EXTRA.EXE
- %WINDIR%\HAVIJ.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
FARMVILLE 2 UNLIMITED COIN HACK.EXE is Trojan Pws
The file FARMVILLE 2 UNLIMITED COIN HACK.EXE is malware related.
You must delete the file FARMVILLE 2 UNLIMITED COIN HACK.EXE immediately!
Delete the file FARMVILLE 2 UNLIMITED COIN HACK.EXE without delay!
Kill the process FARMVILLE 2 UNLIMITED COIN HACK.EXE and remove FARMVILLE 2 UNLIMITED COIN HACK.EXE from the Windows startup.
Malware Analysis of FARMVILLE 2 UNLIMITED COIN HACK.EXE
Full path on a computer: %TEMP%\FARMVILLE 2 UNLIMITED COIN HACK.EXE
Detected by UnHackMe:
FARMVILLE 2 UNLIMITED COIN HACK.EXE
Default location: %TEMP%\FARMVILLE 2 UNLIMITED COIN HACK.EXE
Removal Results: Success
Number of reboot: 1
FARMVILLE 2 UNLIMITED COIN HACK.EXE is known as:
Trojan.Pws
Files:- %TEMP%\LOG.TXT
- %TEMP%\MICROSOFTLOG.EXE
- %TEMP%\FARMVILLE 2 UNLIMITED COIN HACK.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
ESENTUTL.EXE is Trojan Downloader
Is the file ESENTUTL.EXE located on your computer? Then your computer is infected.
We do suggest you should remove ESENTUTL.EXE from your computer as soon as possible.
ESENTUTL.EXE is Trojan/Backdoor.
Kill the process ESENTUTL.EXE and remove ESENTUTL.EXE from the Windows startup.
Malware Analysis of ESENTUTL.EXE
Full path on a computer: %ALLUSERSPROFILE%\ESENTUTL.EXE
Detected by UnHackMe:
ESENTUTL.EXE
Default location: %ALLUSERSPROFILE%\ESENTUTL.EXE
Removal Results: Success
Number of reboot: 1
ESENTUTL.EXE is known as:
Trojan Downloader
Files:- %LOCAL APPDATA%\LSM.EXE
- %LOCAL APPDATA%\RCX6.TMP
- %APPDATA%\MICROSOFT\CLIPSRV.EXE
- %APPDATA%\MICROSOFT\RCX5.TMP
- %ALLUSERSPROFILE%\ESENTUTL.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
BITCOIN-MINER[1].EXE is Trojan Killproc
We checked some samples of BITCOIN-MINER[1].EXE and detected the file BITCOIN-MINER[1].EXE as threat.
Remove the BITCOIN-MINER[1].EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of BITCOIN-MINER[1].EXE
Full path on a computer: %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U98D4X8H\BITCOIN-MINER[1].EXE
Detected by UnHackMe:
BITCOIN-MINER[1].EXE
Default location: %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U98D4X8H\BITCOIN-MINER[1].EXE
Removal Results: Success
Number of reboot: 1
BITCOIN-MINER[1].EXE is known as:
Trojan.Killproc
Files:- %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U98D4X8H\BITCOIN-MINER[1].EXE
- %TEMP%\BITCOIN-MINER.EXE
- %APPDATA%\BTC.EXE
- %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KHMHGZ4F\L[1].EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
A_NU_KA_DEVOCHKI.VBS is Trojan Hosts
The file A_NU_KA_DEVOCHKI.VBS is malware related.
You must delete the file A_NU_KA_DEVOCHKI.VBS immediately!
Delete the file A_NU_KA_DEVOCHKI.VBS without delay!
Kill the process A_NU_KA_DEVOCHKI.VBS and remove A_NU_KA_DEVOCHKI.VBS from the Windows startup.
Malware Analysis of A_NU_KA_DEVOCHKI.VBS
Full path on a computer: %PROGRAMFILES%\TSELOVATSA V GUBI STALI\A POTOM\A_NU_KA_DEVOCHKI.VBS
Detected by UnHackMe:
A_NU_KA_DEVOCHKI.VBS
Default location: %PROGRAMFILES%\TSELOVATSA V GUBI STALI\A POTOM\A_NU_KA_DEVOCHKI.VBS
Removal Results: Success
Number of reboot: 1
A_NU_KA_DEVOCHKI.VBS is known as:
Trojan.Hosts
Files:- %PROGRAMFILES%\TSELOVATSA V GUBI STALI\A POTOM\A_NU_KA_DEVOCHKI.VBS
- %PROGRAMFILES%\TSELOVATSA V GUBI STALI\A POTOM\SOLNISKO_MOE_VSTAVAI_LASKOVI_I_TAKOI_KRASIVI.LOL
- %PROGRAMFILES%\TSELOVATSA V GUBI STALI\A POTOM\VOT_ETO_MALSHIK.VBS
- %PROGRAMFILES%\TSELOVATSA V GUBI STALI\A POTOM\UNINSTALL.INI
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
SKYPEE.EXE is Trojan VBKrypt.nsxg
The file SKYPEE.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete SKYPEE.EXE we suggest you should use UnHackMe:
http://www.unhackme.com
Malware Analysis of SKYPEE.EXE
Full path on a computer: %WinDir%\Skypee\skypee.exe
Detected by UnHackMe:
SKYPEE.EXE
Default location: %WinDir%\Skypee\skypee.exe
Removal Results: Success
Number of reboot: 1
SKYPEE.EXE is known as:
Trojan.VBKrypt.nsxg
SKYPEE.EXE hash:
- MD5: 311f08c83a2d8054be8b8553dcc4fb0b
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\AdobeART: “%Appdata%\AdobeART.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\skypee: “%WinDir%\Skypee\skypee.exe”
Folders:- %WinDir%\Skypee
Files:- %Appdata%\Microsoft\WinNT.tmp
- %Appdata%\AdobeART.exe
- %WinDir%\Skypee\skypee.exe
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
SIMPLECODEDLL.DLL is Backdoor SimpeCode
The program SIMPLECODEDLL.DLL is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with SIMPLECODEDLL.DLL.
Download for free: http://www.unhackme.com
Malware Analysis of SIMPLECODEDLL.DLL
Full path on a computer: %SysDir%\SimpleCodeDll.dll
Detected by UnHackMe:
SIMPLECODEDLL.DLL
Default location: %SysDir%\SimpleCodeDll.dll
Removal Results: Success
Number of reboot: 1
SIMPLECODEDLL.DLL is known as:
Backdoor.SimpeCode
SIMPLECODEDLL.DLL hash:
- MD5: 78f630868354fd0e8d6a75a2c117662b
Files:- %Temp%\repeat.ico
- %Temp%\up.ico
- %SysDir%\SimpleCodeDll.dll
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
HAPPY88HYT.EXE is Trojan HTML.Redirector.WD
The file HAPPY88HYT.EXE can destroy your system, thus making the computer to work abnormally.
HAPPY88HYT.EXE is a dangerous file.
Remove HAPPY88HYT.EXE from your computer immediately.
Kill the process HAPPY88HYT.EXE and remove HAPPY88HYT.EXE from the Windows startup.
Malware Analysis of HAPPY88HYT.EXE
Full path on a computer: %Temp%\Happy88hyt.exe
Detected by UnHackMe:
HAPPY88HYT.EXE
Default location: %Temp%\Happy88hyt.exe
Removal Results: Success
Number of reboot: 1
HAPPY88HYT.EXE is known as:
Trojan.HTML.Redirector.WD, HTML.Redirector, Agent.ALGSM, TrojWare.JS.Redirector.b, JS.Redirector.175, HTML.DSPark.B, Trojan:JS.Seedabutor.B, HTML:Framer-inf , JS.Agent.NJV, HTML.Agent, JS.Redirector.XA.tr
HAPPY88HYT.EXE hash:
- MD5: e00e01b10c74d0abde54fee64df67653
Files:- %Temp%\Happy88hyt.exe
- %Temp%\pipi_dae_476.exe
- %Temp%\~1.tmp
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
TASKSHELL.EXE is Trojan Scar.faph
The file TASKSHELL.EXE is identified as a virus dropper.
The dropper TASKSHELL.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file TASKSHELL.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the TASKSHELL.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the TASKSHELL.EXE process and delete the file TASKSHELL.EXE.
Malware Analysis of TASKSHELL.EXE
Full path on a computer: %SysDir%\taskshell.exe
Detected by UnHackMe:
TASKSHELL.EXE
Default location: %SysDir%\taskshell.exe
Removal Results: Success
Number of reboot: 1
TASKSHELL.EXE is known as:
Trojan.Scar.faph, Trojan.Scar.iAizKlehtmU, Trojan.Agent.Gen-Keylogger, Trojan.KeyLogger.8211, TR.Rogue.6824952.1, Mal.Emogen-H, Trojan.Scar.atgo, Trojan.A.Scar.90112.T, Trojan.Keylogger, Win32.Spy.VB.NNQ, Trojan.Scar, W32.KeyLogger.VBY.tr, PSW.Agent.AHOY
TASKSHELL.EXE hash:
- MD5: 3955e4c392d0613cfe8e7e7f71402629
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\taskshell.exe: “C:\windows\system32\taskshell.exe”
Files:- %SysDir%\taskshell.exe
- %WinDir%\resim.jpg
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
NPLEDA.DLL is Trojan Medfos
Is the file NPLEDA.DLL located on your computer? Then your computer is infected.
We do suggest you should remove NPLEDA.DLL from your computer as soon as possible.
NPLEDA.DLL is Trojan/Backdoor.
Kill the process NPLEDA.DLL and remove NPLEDA.DLL from the Windows startup.
Malware Analysis of NPLEDA.DLL
Full path on a computer: %Appdata%\npleda.dll
Detected by UnHackMe:
NPLEDA.DLL
Default location: %Appdata%\npleda.dll
Removal Results: Success
Number of reboot: 1
NPLEDA.DLL is known as:
Trojan.Medfos, Trojan.Medfos.ff, Trojan.ZPACK.bcaezv, HS_MEDFOS.SMJ, Trojan.Medfos.t (v), Troj.Medfos-BX, Trojan.Medfos.A, Trojan.Midhos, a variant of Win32.Medfos.FF, Trojan.Crypt.EJL, W32.Medfos.AZ.tr, Cryptic.EJL
NPLEDA.DLL hash:
- MD5: e7c20dfd1b50020557e0c86c8741fb0d
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\npleda: “rundll32.exe “%Appdata%\npleda.dll”,BuildNotificationPackage”
Files:- %Appdata%\npleda.dll
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
MSAOLDRV.EXE is Backdoor Rbot
The program MSAOLDRV.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with MSAOLDRV.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of MSAOLDRV.EXE
Full path on a computer: %SysDir%\MSAOLdrv.exe
Detected by UnHackMe:
MSAOLDRV.EXE
Default location: %SysDir%\MSAOLdrv.exe
Removal Results: Success
Number of reboot: 1
MSAOLDRV.EXE is known as:
Backdoor.Rbot, BehavesLike.Malware.ssc (mx-v), Worm.Rbot.99328, W32.Rbot-ASP, Backdoor.RBot.aeay, Hack.Rbot.ge.(kcloud), Backdoor.A.Rbot.94080[ASPack], W32.RBot.ASP.worm, IRC.BackDoor.SdBot.NJO, W32.Sdbot.FKR.worm
MSAOLDRV.EXE hash:
- MD5: 7c12e2e96e86c77c03171385407d96d5
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MS Windows AOL Driver: “MSAOLdrv.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\MS Windows AOL Driver: “MSAOLdrv.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MS Windows AOL Driver: “MSAOLdrv.exe”
Files:- %SysDir%\MSAOLdrv.exe
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
APPLICATION DATATEMPMANAGER.EXE is Trojan Dorifel
We checked up the file APPLICATION DATATEMPMANAGER.EXE and found it hazardous.
The file APPLICATION DATATEMPMANAGER.EXE must be deleted from the system immediately.
Kill the process APPLICATION DATATEMPMANAGER.EXE and remove APPLICATION DATATEMPMANAGER.EXE from the Windows startup.
Malware Analysis of APPLICATION DATATEMPMANAGER.EXE
Full path on a computer: %Appdata%tempManager.exe
Detected by UnHackMe:
APPLICATION DATATEMPMANAGER.EXE
Default location: %Appdata%tempManager.exe
Removal Results: Success
Number of reboot: 1
APPLICATION DATATEMPMANAGER.EXE is known as:
Trojan.Dorifel, TrojanDropper.Dorifel.keg, Backdoor.MSIL.PGen, Trojan.DownLoader6.zzbes, Trojan-Dropper.Dorifel.keg, Trojan.Agent.Gen-Injector[Fmt], Trojan.DownLoader6.56460, MSIL.Spy.Keylogger, TR.Dorifel.C, TrojanDropper.Dorifel.pdn, Troj.Dorifel.(kcloud), Dropper.A.Dorifel.18432.N, Dropper.Dorifel, Trojan-Dropper.Dorifel.jcm, a variant of MSIL.Spy.Keylogger.GF, W32.Dorifel.KEG.tr, PSW.ILSpy
APPLICATION DATATEMPMANAGER.EXE hash:
- MD5: e84f49d9a7eabbfd6d2ef642df4419d4
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\tempManager: “%Appdata%tempManager.exe”
Files:- %Temp%\1.exe
- %Temp%\1.JPG
- %Appdata%tempManager.exe
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
TMONITOR.EXE is Trojan Comisproc
Is the file TMONITOR.EXE located on your computer? Then your computer is infected.
We do suggest you should remove TMONITOR.EXE from your computer as soon as possible.
TMONITOR.EXE is Trojan/Backdoor.
Kill the process TMONITOR.EXE and remove TMONITOR.EXE from the Windows startup.
Malware Analysis of TMONITOR.EXE
Full path on a computer: %Program Files%\TMonitor\TMonitor.exe
Detected by UnHackMe:
TMONITOR.EXE
Default location: %Common Startmenu%\Programs\Startup\Windows Task Monitor.lnk
Removal Results: Success
Number of reboot: 1
TMONITOR.EXE is known as:
Trojan.Comisproc, Trojan.Keylogger, Spyware, Trojan.Spy.KeyLogger.acmc, Trojan.KeyLogger.zkdsr, W32.KeyLogger.KJI.dropper, Trojan-Spy.KeyLogger.acmc, TrojanSpy.KeyLogger.GPICXUi4ETg, Trojan.Agent.Gen-KeyloggerOnline, Trojan.Spy.KeyLogger.acmc.AMN (A), Trojan.KeyLogger.15423, TR.Comisproc.A.896, TrojanSpy.KeyLogger.cxmw, Troj.KeyLogger.(kcloud), Spyware.KeyLogger, TrojanSpy.KeyLogger.acmc, a variant of Win32.KeyLogger.KeyloggerOnline.AA, Trojan-Spy.KeyLogger, W32.KeyLogger.ABBN.tr, unknown virus Win32.DH{EwA1PSAlLQ}
TMONITOR.EXE hash:
- MD5: 138147f47b4c1f93277cded6d093700e
Folders:- %Program Files%\TMonitor
Files:- %Common Startmenu%\Programs\Startup\Windows Task Monitor.lnk
- %Program Files%\TMonitor\TMonitor.exe
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
WUAUCLDT.EXE is Virus Virut.hpeg
The system file WUAUCLDT.EXE is infected with a virus. We recommend you to replace the WUAUCLDT.EXE file with its backup copy.
Malware Analysis of WUAUCLDT.EXE
Full path on a computer: %SysDir%\wuaucldt.exe
Detected by UnHackMe:
WUAUCLDT.EXE
Default location: %SysDir%\wuaucldt.exe
Removal Results: Success
Number of reboot: 1
WUAUCLDT.EXE is known as:
Virus.Virut.hpeg, W32.Piptea.B, W32.Virut.CF, Malware, Win32.Virut.17408, PE_VIRUX.AA-1, Win32:Scribble, Virut, Trojan.Dropper-29419, Trojan-Dropper.Agent.eukc, Trojan.Agent.Gen-Libre, Virus.Virut.CE, Virut.56, Virus.Virut.ce (v), W32.Scribble-B, Virut.lz.368640, Virut.AL, Win32.Virut.E, W32.Piptea.QANR-7975, Virus.Virut.13, Malware.Virut, Win32.Virut.NBP, Virut.dn, Win32.Virut.dropper, W32.Sality.AO
WUAUCLDT.EXE hash:
- MD5: 04619cb02b33e0f7988ada7a8a12e2b7
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\wuaucldt: “c:\windows\system32\wuaucldt.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wuaucldt: “c:\documents and settings\administrator\wuaucldt.exe”
Files:- %Profile%\wuaucldt.exe
- %SysDir%\wuaucldt.exe
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
USERINI.EXE is Trojan Agent
The file USERINI.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete USERINI.EXE we suggest you should use UnHackMe:
http://www.unhackme.com
Malware Analysis of USERINI.EXE
Full path on a computer: %SysDir%\userini.exe
Detected by UnHackMe:
USERINI.EXE
Default location: %SysDir%\userini.exe
Removal Results: Success
Number of reboot: 1
USERINI.EXE is known as:
Trojan.Agent
USERINI.EXE hash:
- MD5: 1bc59a3634c482e5a34a336393783dcb
Registry:- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “%SysDir%\userini.exe”
Folders:- %WinDir%\bb75it
Files:- %SysDir%\userini.exe
- %SysDir%\userini_dll.dll
- %WinDir%\bb75it\satellites.xml Editor.exe
- %WinDir%\windata.dat
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
ADSCLICK.EXE is Trojan Clicker.VB.iiq
The file ADSCLICK.EXE can destroy your system, thus making the computer to work abnormally.
ADSCLICK.EXE is a dangerous file.
Remove ADSCLICK.EXE from your computer immediately.
Kill the process ADSCLICK.EXE and remove ADSCLICK.EXE from the Windows startup.
Malware Analysis of ADSCLICK.EXE
Full path on a computer: %WinDir%\adsclick.exe
Detected by UnHackMe:
ADSCLICK.EXE
Default location: %WinDir%\adsclick.exe
Removal Results: Success
Number of reboot: 1
ADSCLICK.EXE is known as:
Trojan.Clicker.VB.iiq, Trojan-Clicker.VB.iiq, Trojan.CL.VB.r1nJBONjn+g, Trojan.Click2.37033, TR.Kazy.40362.13, TrojanClicker.VB.gjx, Troj.VB.(kcloud), Trojan.Dynamer.dtc, Trojan.A.Clicker.40960.BF, Trojan.VB, a variant of Win32.TrojanClicker.VB.NZD, Trojan-Clicker.VB, W32.VB.IIQ.tr, Clicker.BAFY
ADSCLICK.EXE hash:
- MD5: 2a60c68eb8f732c47127d983f49812a8
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ads: “%WinDir%\adsclick.exe”
Files:- %WinDir%\adsclick.exe
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
RPCCLIENT.DLL is Backdoor Agent.80384.AM
The program RPCCLIENT.DLL is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with RPCCLIENT.DLL.
Download for free: http://www.unhackme.com
Malware Analysis of RPCCLIENT.DLL
Full path on a computer: %SysDir%\rpcclient.dll
Detected by UnHackMe:
RPCCLIENT.DLL
Default location: %SysDir%\rpcclient.dll
Removal Results: Success
Number of reboot: 1
RPCCLIENT.DLL is known as:
Backdoor.Agent.80384.AM, Win32.Agent.TZY
RPCCLIENT.DLL hash:
- MD5: 67ce4cfd1d92a5d67a830aa576b313a2
Registry:- HKLM\System\CurrentControlSet\Services\windows update\Parameters\ServiceDll: “%SysDir%\rpcclient.dll”
- HKLM\System\CurrentControlSet\Services\windows update\Parameters\ServiceMain: “ExitProcedure”
- HKLM\System\CurrentControlSet\Services\windows update\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\windows update\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\windows update\ErrorControl: 0×00000001
- HKLM\System\CurrentControlSet\Services\windows update\ImagePath: “%SystemRoot%\system32\svchost.exe -k netsvcs”
- HKLM\System\CurrentControlSet\Services\windows update\DisplayName: “windows update”
- HKLM\System\CurrentControlSet\Services\windows update\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\windows update\Description: “windows update”
Files:- %Temp%\kb21.tmp
- %SysDir%\rpcclient.dll
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
MJCS.EXE is Trj Downloader.MDW
We received the file MJCS.EXE and detected that MJCS.EXE is not good.
MJCS.EXE is Adware. You should remove the file MJCS.EXE.
Kill the process MJCS.EXE and remove MJCS.EXE from Windows.
Malware Analysis of MJCS.EXE
Full path on a computer: %SysDir%\mjcs.exe
Detected by UnHackMe:
MJCS.EXE
Default location: %SysDir%\mjcs.exe
Removal Results: Success
Number of reboot: 1
MJCS.EXE is known as:
Trj.Downloader.MDW, BackDoor-CHS, TR.Drop.Delf.QD.5, Packed.Upack, W32.TrojanX.JBV, Backdoor.Trojan, W32.Hacdef.AVB, Trojan-Dropper.Delf.qd, BehavesLike:ExplorerHijack, BackDoor.Srvman, Troj.HacDef-DQ, Win32.Malum.BIDK, VirTool.Obfuscator.C, Backdoor.HacDef.db, a variant of Win32.HacDef.DB, Win-Trojan.Xema.variant, Trojan-Spy.Banker.ahy, W32.Delf.QD.tr, Trojan.Drop.Delf.QD.5
MJCS.EXE hash:
- MD5: d0d1ab41fa0642872ea446ad84ee3402
Registry:- HKLM\System\CurrentControlSet\Services\mjcs\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
- HKLM\System\CurrentControlSet\Services\mjcs\Type: 0×00000110
- HKLM\System\CurrentControlSet\Services\mjcs\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\mjcs\ErrorControl: 0×00000000
- HKLM\System\CurrentControlSet\Services\mjcs\ImagePath: “%SysDir%\mjcs.exe”
- HKLM\System\CurrentControlSet\Services\mjcs\DisplayName: “A
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
WINAUTO.EXE is Trojan Cosmu.bizd
The file WINAUTO.EXE is malware related.
You must delete the file WINAUTO.EXE immediately!
Delete the file WINAUTO.EXE without delay!
Kill the process WINAUTO.EXE and remove WINAUTO.EXE from the Windows startup.
Malware Analysis of WINAUTO.EXE
Full path on a computer: %Temp%\WinAuto.exe
Detected by UnHackMe:
WINAUTO.EXE
Default location: %Temp%\WinAuto.exe
Removal Results: Success
Number of reboot: 1
WINAUTO.EXE is known as:
Trojan.Cosmu.bizd, Trojan.Scar.bjltzm, W32.SillyFDC, Trojan.Scar.gtem, Trojan.Agent.Gen-Bifrose, Trojan.Scar.gtem.AMN (A), Trojan.DownLoader7.45157, TR.Comitsproc.A.320, Trojan.Scar.auui, Troj.Scar.gt.(kcloud), Trojan.Comitsproc, ASD.Prevention, W32.Backdoor.QXYQ-7029, Net-Worm.SillyFDC.rem, Win32.Autoit.IJ, Trojan.Scar, W32.Scar.GTEM.tr, Trj.OCJ.B
WINAUTO.EXE hash:
- MD5: c98e8a092e947aeac2e4e2fbddc80282
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WinAuto.exe: “”%Temp%\WinAuto.exe”"
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WinAuto.exe: “”%Temp%\WinAuto.exe”"
Files:- %Temp%\WinAuto.exe
- %Temp%\WinAuto.exe.ini
- %Startup%\WinAuto.exe
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
SIGNKEY.EXE is Adware KrAdword.238160
We received the file SIGNKEY.EXE and detected that SIGNKEY.EXE is not good.
SIGNKEY.EXE is Adware. You should remove the file SIGNKEY.EXE.
Kill the process SIGNKEY.EXE and remove SIGNKEY.EXE from Windows.
Malware Analysis of SIGNKEY.EXE
Full path on a computer: %Local Appdata%\signkey\signkey.exe
Detected by UnHackMe:
SIGNKEY.EXE
Default location: %Local Appdata%\signkey\signkey.exe
Removal Results: Success
Number of reboot: 1
SIGNKEY.EXE is known as:
Adware.KrAdword.238160, TrojanDownloader.Kraddare.g, Adware.KorAd, SecurityRisk.Downldr, Malware, ADW_KRADDARE, Trojan.Agentb.jcn, Adware.Kraddare.2UwbX1zmpsc, Trojan.Agentb (A), Trojan.DownLoader8.24309, TR.Dldr.Kraddare.G.8, TrojanDownloader.Kraddare.G, Adware.SignKey.238160, PUP.SignKey, a variant of Win32.Adware.Kraddare.GJ, Trojan-Downloader.Kraddare
SIGNKEY.EXE hash:
- MD5: f22a90b326da52d08fd5b246627d1475
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\signkey: “%Local Appdata%\signkey\signkey.exe”
Folders:- %Local Appdata%\signkey
Files:- %Local Appdata%\signkey\ie_signkey.exe
- %Local Appdata%\signkey\signkey.exe
- %Local Appdata%\signkey\skun.exe
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
KEYMAIL.DLL is Trojan JboxGeneric.nan
The file KEYMAIL.DLL is a part of Fake Antiviral software.
You must delete the file KEYMAIL.DLL immediately!
Delete the file KEYMAIL.DLL without delay!
Kill the process KEYMAIL.DLL and remove KEYMAIL.DLL from the Windows startup.
Malware Analysis of KEYMAIL.DLL
Full path on a computer: %SysDir%\keymail.dll
Detected by UnHackMe:
KEYMAIL.DLL
Default location: %SysDir%\keymail.dll
Removal Results: Success
Number of reboot: 1
KEYMAIL.DLL is known as:
Trojan.JboxGeneric.nan
KEYMAIL.DLL hash:
- MD5: 0a37c755183e852379691599ec983e32
Registry:- HKLM\Software\Classes\CLSID\{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}\InProcServer32\: “%SysDir%\keymail.dll”
- HKLM\Software\Classes\emcClass\shell\open\command\: “rundll32.exe %SysDir%\keymail.dll,OpenDocument %1″
Files:- %Temp%\dll1.tmp.dll
- %SysDir%\keymail.dll
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
