OMEGLEVIDSCHECK.EXE is Trojan Agent
Is the file OMEGLEVIDSCHECK.EXE located on your computer? Then your computer is infected.
We do suggest you should remove OMEGLEVIDSCHECK.EXE from your computer as soon as possible.
OMEGLEVIDSCHECK.EXE is Trojan/Backdoor.
Kill the process OMEGLEVIDSCHECK.EXE and remove OMEGLEVIDSCHECK.EXE from the Windows startup.
Malware Analysis of OMEGLEVIDSCHECK.EXE
Full path on a computer: %Appdata%\OmegleVidsCheck.exe
Detected by UnHackMe:
Item Name: OMessenger
Author:
Related File: %APPDATA%\OMEGLEVIDSCHECK.EXE
Type: Registry Run
Item Name: OmegleVidsCheck.exe
Author:
Related File: %APPDATA%\OMEGLEVIDSCHECK.EXE
Type: Detected using Heuristic Algorithm
Item Name: vbc.exe
Author: Unknown
Related File: %APPDATA%\VBC.EXE
Type: Detected using Heuristic Algorithm
Removal Results: Success
Number of reboot: 1
OMEGLEVIDSCHECK.EXE is known as:
Trojan.Agent.1193472.O, a variant of MSIL.Injector.ACA, Trojan.MSIL.Crypt.qhp, Trojan.MulDrop3.50658, Trojan.MSIL.dyg, Backdoor.Fynloski.A, W32.Crypt.QHP.tr
OMEGLEVIDSCHECK.EXE hash:
- MD5: dd82652dc041b93a9763f6d94b4e2c8c
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\OMessenger: “%Appdata%\OmegleVidsCheck.exe”
Files:- %Appdata%\dsvgb.txt
- %Appdata%\OmegleVidsCheck.exe
- %Appdata%\vbc.exe
- %Temp%\1C7CF.dmp
- %Temp%\A4FA.dmp
- %Temp%\dw.log
AFTER.EXE is Trojan Bocinex
The file AFTER.EXE is malware related.
You must delete the file AFTER.EXE immediately!
Delete the file AFTER.EXE without delay!
Kill the process AFTER.EXE and remove AFTER.EXE from the Windows startup.
Malware Analysis of AFTER.EXE
Full path on a computer: %Appdata%\After.exe
Detected by UnHackMe:
Item Name: bs_stealth
Author: Unknown
Related File: %APPDATA%\AFTER.EXE
Type: Explorer Run
Detected by RegRun Warrior:
Item Name: bs_stealth
Author: Unknown
Related File: %APPDATA%\AFTER.EXE
Type: Explorer Run
Removal Results: Success
Number of reboot: 2
AFTER.EXE is known as:
Trojan.Bocinex, Trojan.DownLoader6, Mal.Keylog-A
AFTER.EXE hash:
- MD5: 8025b55b4ebf5dd760b51ebb0e1681fa
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\run\bs_stealth: “%Appdata%\After.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\bs_stealth: “%Appdata%\After.exe”
Files:- %Appdata%\After.exe
- %Appdata%\bs_log.dat
LIB32WAOQ.EXE is Trojan MSIL.Prash
We checked some samples of LIB32WAOQ.EXE and detected the file LIB32WAOQ.EXE as threat.
Remove the LIB32WAOQ.EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of LIB32WAOQ.EXE
Full path on a computer: %SysDir%\lib32waoq.exe
Detected by UnHackMe:
Item Name: MediaCenter
Author: IBM Corporation and others
Related File: %SYSDIR%\RGMRTIY.CC3
Type: Svchost DLLs
Item Name: sdTQNLxV
Author:
Related File: %SysDir%\Aywtrpm.exe
Type: Auto Services
Item Name: WaoqSvc
Author:
Related File: %WinDir%\System32\lib32waoq.exe
Type: Auto Services
Item Name: gzqrcddiut
Author:
Related File: %SysDir%\TaHoDkS.exe
Type: Auto Services
Item Name: \WINDOWS\Temp\servcie3252A53.exe
Author: Unknown
Related File: %WinDir%\TEMP\SERVCIE3252A53.EXE
Type: Registry Run
Item Name: \WINDOWS\Temp\servcie3252C53.exe
Author: Unknown
Related File: %WinDir%\TEMP\SERVCIE3252C53.EXE
Type: Registry Run
Item Name: \WINDOWS\Temp\servcie3252E53.exe
Author: Unknown
Related File: %WinDir%\TEMP\SERVCIE3252E53.EXE
Type: Registry Run
Item Name: Aywtrpm.exe
Author: Unknown
Related File: %SYSDIR%\AYWTRPM.EXE
Type: Running Processes
Item Name: lib32waoq.exe
Author: Unknown
Related File: %SYSDIR%\LIB32WAOQ.EXE
Type: Running Processes
Item Name: CkRygNF.exe
Author: Unknown
Related File: %SYSDIR%\CKRYGNF.EXE
Type: Running Processes
Item Name: fNubJqX.exe
Author: Unknown
Related File: %SYSDIR%\FNUBJQX.EXE
Type: Running Processes
Item Name: aHpWDlS.exe
Author: Unknown
Related File: %SYSDIR%\AHPWDLS.EXE
Type: Running Processes
Item Name: TaHoDkS.exe
Author: Unknown
Related File: %SYSDIR%\TAHODKS.EXE
Type: Running Processes
After first reboot detected by UnHackMe:
Item Name: Tcpz-x86
Author:
Related File: \??\C:\Tcpz-x86.sys
Type: Services detected by Partizan
Item Name: WaoqSvc
Author:
Related File: %WinDir%\System32\lib32waoq.exe
Type: Services detected by Partizan
Removal Results: Success
Number of reboot: 2
LIB32WAOQ.EXE is known as:
Trojan.MSIL.Prash, Trojan.Kazy, Troj.Agent
LIB32WAOQ.EXE hash:
- MD5: 18582085f5f45ace6940fdda963fdd3d
Registry:- HKLM\System\CurrentControlSet\Enum\Root\LEGACY_TCPZ-X86\0000\Service: “Tcpz-x86″
- HKLM\System\CurrentControlSet\Enum\Root\LEGACY_TCPZ-X86\0000\DeviceDesc: “Tcpz-x86″
- HKLM\System\CurrentControlSet\Services\sdTQNLxV\ImagePath: “%SysDir%\Aywtrpm.exe”
- HKLM\System\CurrentControlSet\Services\Tcpz-x86\ImagePath: “\??\C:\Tcpz-x86.sys”
- HKLM\System\CurrentControlSet\Services\Tcpz-x86\DisplayName: “Tcpz-x86″
- HKLM\System\CurrentControlSet\Services\WaoqSvc\ImagePath: “%WinDir%\System32\lib32waoq.exe”
Files:- %SysDir%\Aywtrpm.exe
- %SysDir%\fdbzwus.exe
- %SysDir%\knpruwy.exe
- %SysDir%\lib32waoo.exe
- %SysDir%\lib32waoq.exe
MMIOA5QV0P.EXE is Worm Ainslot
The file MMIOA5QV0P.EXE is a computer worm.
The worm MMIOA5QV0P.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the MMIOA5QV0P.EXE problem as soon as possible!
Delete the file MMIOA5QV0P.EXE from all infected computers in your network.
Set up your network firewall against MMIOA5QV0P.EXE intervention.
Malware Analysis of MMIOA5QV0P.EXE
Full path on a computer: %Appdata%\MMIOA5QV0P.exe
Detected by UnHackMe:
Item Name: Windows Defender
Author: Unknown
Related File: %APPDATA%\MMIOA5QV0P.EXE
Type: Explorer Run
Item Name: {F060EBA9-CABC-5AA7-BFEE-B366627F2AA0}
Author: Unknown
Related File: %APPDATA%\MMIOA5QV0P.EXE
Type: ActiveSetup
Item Name: MMIOA5QV0P.exe
Author: Unknown
Related File: %APPDATA%\MMIOA5QV0P.EXE
Type: Detected using Heuristic Algorithm
Removal Results: Success
Number of reboot: 1
MMIOA5QV0P.EXE is known as:
Worm.Ainslot, Worm.AutoRun.cdlp, Trojan.VB, TrojWare.Cosmu.BHL, Trojan.Siggen2
MMIOA5QV0P.EXE hash:
- MD5: 2b39891133a2653d4c68d4badd864320
Registry:- HKLM\Software\Microsoft\Active Setup\Installed Components\{F060EBA9-CABC-5AA7-BFEE-B366627F2AA0}\StubPath: “%Appdata%\MMIOA5QV0P.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\run\Windows Defender: “%Appdata%\MMIOA5QV0P.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender: “%Appdata%\MMIOA5QV0P.exe”
- HKCU\Software\Microsoft\Active Setup\Installed Components\{F060EBA9-CABC-5AA7-BFEE-B366627F2AA0}\StubPath: “%Appdata%\MMIOA5QV0P.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender: “%Appdata%\MMIOA5QV0P.exe”
Files:- %Appdata%\MMIOA5QV0P.exe
MSIZPJ32.DLL is Trojan Downloader6
We checked some samples of MSIZPJ32.DLL and detected the file MSIZPJ32.DLL as threat.
Remove the MSIZPJ32.DLL file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of MSIZPJ32.DLL
Full path on a computer: %SYSDIR%\MSIZPJ32.DLL
Detected by UnHackMe:
MSIZPJ32.DLL
Default location: %SYSDIR%\MSIZPJ32.DLL
Removal Results: Success
Number of reboot: 1
MSIZPJ32.DLL is known as:
Trojan.Downloader6
Files:- %SYSDIR%\MSIZPJ32.DLL
50DE5TEEYX.EXE is Trojan Cutwail
The file 50DE5TEEYX.EXE is malware related.
You must delete the file 50DE5TEEYX.EXE immediately!
Delete the file 50DE5TEEYX.EXE without delay!
Kill the process 50DE5TEEYX.EXE and remove 50DE5TEEYX.EXE from the Windows startup.
Malware Analysis of 50DE5TEEYX.EXE
Full path on a computer: %UserProfile%\50de5teeyx.exe
Detected by UnHackMe:
50DE5TEEYX.EXE
Default location: %UserProfile%\50de5teeyx.exe
Removal Results: Success
Number of reboot: 1
50DE5TEEYX.EXE is known as:
Trojan.Cutwail, Trojan.Agent
50DE5TEEYX.EXE hash:
- MD5: 3711a14bd5626d172a291b938e996923
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\50de5teeyx: “%UserProfile%\50de5teeyx.exe”
Files:- %UserProfile%\50de5teeyx.exe
KLLKCH4.EXE is Trojan Agent
Is the file KLLKCH4.EXE located on your computer? Then your computer is infected.
We do suggest you should remove KLLKCH4.EXE from your computer as soon as possible.
KLLKCH4.EXE is Trojan/Backdoor.
Kill the process KLLKCH4.EXE and remove KLLKCH4.EXE from the Windows startup.
Malware Analysis of KLLKCH4.EXE
Full path on a computer: %Windir%\kllkch4.exe
Detected by UnHackMe:
KLLKCH4.EXE
Default location: %Windir%\kllkch4.exe
Removal Results: Success
Number of reboot: 1
KLLKCH4.EXE is known as:
Trojan.Agent
KLLKCH4.EXE hash:
- MD5: d592ad60b4440afc3a92c9d07e887fe4
Files:- %Windir%\kllkch4.exe
- %System%\warifout.exe
JL8ZG6FX1U.EXE is Trojan Agent
We checked up the file JL8ZG6FX1U.EXE and found it hazardous.
The file JL8ZG6FX1U.EXE must be deleted from the system immediately.
Kill the process JL8ZG6FX1U.EXE and remove JL8ZG6FX1U.EXE from the Windows startup.
Malware Analysis of JL8ZG6FX1U.EXE
Full path on a computer: %UserProfile%\jl8zg6fx1u.exe
Detected by UnHackMe:
JL8ZG6FX1U.EXE
Default location: %UserProfile%\jl8zg6fx1u.exe
Removal Results: Success
Number of reboot: 1
JL8ZG6FX1U.EXE is known as:
Trojan.Agent, Trojan.Siggen3
JL8ZG6FX1U.EXE hash:
- MD5: 85210d6110a5a462481b4c68f1f3c8aa
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\jl8zg6fx1u: “%UserProfile%\jl8zg6fx1u.exe”
Files:- %UserProfile%\jl8zg6fx1u.exe
LIB32WAOQ.EXE is Backdoor Advo
The program LIB32WAOQ.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with LIB32WAOQ.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of LIB32WAOQ.EXE
Full path on a computer: %System%\lib32waoq.exe
Detected by UnHackMe:
LIB32WAOQ.EXE
Default location: %System%\lib32waoq.exe
Removal Results: Success
Number of reboot: 1
LIB32WAOQ.EXE is known as:
Backdoor.Advo, TrojanDropper.MSIL, MSIL.Prash
LIB32WAOQ.EXE hash:
- MD5: 18582085f5f45ace6940fdda963fdd3d
Registry:- HKLM\SYSTEM\ControlSet001\Services\WaoqSvc\ImagePath: “%System%\lib32waoq.exe”
Files:- %System%\lib32waoq.exe
BIN.EXE is Rootkit SpyEye
Rootkit BIN.EXE is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of BIN.EXE may be a very difficult process.
You should use anti-rootkit software to fix the BIN.EXE problem.
Malware Analysis of BIN.EXE
Full path on a computer: %Common Appdata%\default\bin.exe
Detected by UnHackMe:
Item Name: default
Author: Unknown
Related File: %COMMON APPDATA%\DEFAULT\BIN.EXE
Type: Registry Run
Removal Results: Success
Number of reboot: 1
BIN.EXE is known as:
Rootkit.SpyEye, Trojan.Hottrend
BIN.EXE hash:
- MD5: 08ab7f68c6b3a4a2a745cc244d41d213
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\default: “%Common Appdata%\default\bin.exe”
Files:- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\user.js
- %Common Appdata%\default\bin.exe
G_SERVER.DLL is Backdoor Hupigon
The program G_SERVER.DLL is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with G_SERVER.DLL.
Download for free: http://www.unhackme.com
Malware Analysis of G_SERVER.DLL
Full path on a computer: %WinDir%\G_Server.exe
After first reboot detected by UnHackMe:
Item Name: PigeonServer
Author:
Related File: %WinDir%\G_Server.exe
Type: Auto Services
Item Name: PigeonServer
Author:
Related File: %WinDir%\G_SERVER.EXE
Type: Services detected by Partizan
Item Name: mchInjDrv
Author:
Related File: \??\%WinDir%\TEMP\mc21.tmp
Type: Services detected by Partizan
After second reboot detected by UnHackMe:
Item Name: G_Server.DLL
Author: Unknown
Related File: %WinDir%\G_SERVER.DLL
Type: Detected using Heuristic Algorithm
Item Name: G_ServerKey.DLL
Author: Unknown
Related File: %WinDir%\G_SERVERKEY.DLL
Type: Detected using Heuristic Algorithm
Removal Results: Success
Number of reboot: 3
G_SERVER.DLL is known as:
Backdoor.Hupigon, Backdoor.Graybird
G_SERVER.DLL hash:
- MD5: 70b1ddcd523542c0450ea64a5a241c12
Registry:- HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\Service: “mchInjDrv”
- HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\DeviceDesc: “mchInjDrv”
- HKLM\System\CurrentControlSet\Enum\Root\LEGACY_PIGEONSERVER\0000\Service: “PigeonServer”
- HKLM\System\CurrentControlSet\Enum\Root\LEGACY_PIGEONSERVER\0000\DeviceDesc: “Pigeon_Server”
- HKLM\System\CurrentControlSet\Services\mchInjDrv\ImagePath: “\??\%WinDir%\TEMP\mc21.tmp”
- HKLM\System\CurrentControlSet\Services\PigeonServer\ImagePath: “%WinDir%\G_Server.exe”
Files:- %WinDir%\G_Server.DLL
- %WinDir%\G_Server.exe
- %WinDir%\G_ServerKey.DLL
- %WinDir%\G_Server_HOOk.DLL
AUDIO PERFORMER53484.EXE is Trojan InstallBrain
The file AUDIO PERFORMER53484.EXE is malware related.
You must delete the file AUDIO PERFORMER53484.EXE immediately!
Delete the file AUDIO PERFORMER53484.EXE without delay!
Kill the process AUDIO PERFORMER53484.EXE and remove AUDIO PERFORMER53484.EXE from the Windows startup.
Malware Analysis of AUDIO PERFORMER53484.EXE
Full path on a computer: %Temp%\Audio Performer53484.exe
Detected by UnHackMe:
AUDIO PERFORMER53484.EXE
Default location: %Temp%\Audio Performer53484.exe
Removal Results: Success
Number of reboot: 1
AUDIO PERFORMER53484.EXE is known as:
Trojan.InstallBrain, Adware.Downware
AUDIO PERFORMER53484.EXE hash:
- MD5: 13c5320aa895e481c527a36b53db48da
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Audio Performer53484.exe: “”%Temp%\Audio Performer53484.exe” /XML=”%Temp%\1.tmp” /STP=1:2″
Files:- %Temp%\Audio Performer53484.exe
LINGPC.EXE is Trojan MSIL.KeyLogger
Is the file LINGPC.EXE located on your computer? Then your computer is infected.
We do suggest you should remove LINGPC.EXE from your computer as soon as possible.
LINGPC.EXE is Trojan/Backdoor.
Kill the process LINGPC.EXE and remove LINGPC.EXE from the Windows startup.
Malware Analysis of LINGPC.EXE
Full path on a computer: %Appdata%\Microsoft\Windows\Drivers\lingpc.exe
Detected by UnHackMe:
Item Name: Adobe Drivers
Author: Windows Photo Viewer
Related File: %APPDATA%\MICROSOFT\WINDOWS\DRIVERS\LINGPC.EXE
Type: Registry Run
Item Name: lingpc.exe
Author: Windows Photo Viewer
Related File: %APPDATA%\MICROSOFT\WINDOWS\DRIVERS\LINGPC.EXE
Type: Running Processes
Removal Results: Success
Number of reboot: 1
LINGPC.EXE is known as:
Trojan.MSIL.KeyLogger
LINGPC.EXE hash:
- MD5: f67babe9f92b3b038146c14c497b1870
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Drivers: “%Appdata%\Microsoft\Windows\Drivers\lingpc.exe”
Files:- %Appdata%\Microsoft\Windows\Drivers\lingpc.exe
- %Temp%\Software\ttreceipt.exe
- %Temp%\Software\ttreceipt.jpg
NBJICJ98.EXE is Trojan Agent
The file NBJICJ98.EXE is malware related.
You must delete the file NBJICJ98.EXE immediately!
Delete the file NBJICJ98.EXE without delay!
Kill the process NBJICJ98.EXE and remove NBJICJ98.EXE from the Windows startup.
Malware Analysis of NBJICJ98.EXE
Full path on a computer: %Appdata%\nbjicj98.exe
Detected by UnHackMe:
Item Name: nbjicj98
Author: Unknown
Related File: %APPDATA%\NBJICJ98.EXE
Type: Registry Run
Item Name: nbjicj98.exe
Author: Unknown
Related File: %APPDATA%\NBJICJ98.EXE
Type: Running Processes
Removal Results: Success
Number of reboot: 1
NBJICJ98.EXE is known as:
Trojan.Agent, Trojan.DownLoad2
NBJICJ98.EXE hash:
- MD5: 4a7ef491c4db956facd6026427dc2d54
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\nbjicj98: “%Appdata%\nbjicj98.exe”
Files:- %Appdata%\nbjicj98.exe
SHIELD.EXE is Trojan CodecPack
We checked up the file SHIELD.EXE and found it hazardous.
The file SHIELD.EXE must be deleted from the system immediately.
Kill the process SHIELD.EXE and remove SHIELD.EXE from the Windows startup.
Malware Analysis of SHIELD.EXE
Full path on a computer: %SysDir%\Shield.exe
Detected by UnHackMe:
SHIELD.EXE
Default location: %SysDir%\Shield.exe
Removal Results: Success
Number of reboot: 1
SHIELD.EXE is known as:
Trojan.CodecPack, Trojan.Scar, Trojan.Jorik
SHIELD.EXE hash:
- MD5: a45a1ccf6842b032b7f2ef2f2255c81c
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Shield.exe: “%SysDir%\Shield.exe”
Files:- %SysDir%\Shield.exe
WINRAR PASSWORD UNLOCKER 2012 1.8V.EXE
WINRAR PASSWORD UNLOCKER 2012 1.8V.EXE is unknown, probably legitimate.
If the file WINRAR PASSWORD UNLOCKER 2012 1.8V.EXE is located on your computer, download UnHackMe for free to fix the problem with WINRAR PASSWORD UNLOCKER 2012 1.8V.EXE.
Malware Analysis of WINRAR PASSWORD UNLOCKER 2012 1.8V.EXE
Full path on a computer: %TEMP%\WINRAR PASSWORD UNLOCKER 2012 1.8V.EXE
Detected by UnHackMe:
WINRAR PASSWORD UNLOCKER 2012 1.8V.EXE
Default location: %TEMP%\WINRAR PASSWORD UNLOCKER 2012 1.8V.EXE
Removal Results: Success
Number of reboot: 1
Files:- %TEMP%\WINRAR PASSWORD UNLOCKER 2012 1.8V.EXE
DISPLAYOSD.EXE is Trojan Downloader5
The file DISPLAYOSD.EXE is malware related.
You must delete the file DISPLAYOSD.EXE immediately!
Delete the file DISPLAYOSD.EXE without delay!
Kill the process DISPLAYOSD.EXE and remove DISPLAYOSD.EXE from the Windows startup.
Malware Analysis of DISPLAYOSD.EXE
Full path on a computer: %APPDATA%\MICROSOFT\WINDOWS\DISPLAYOSD.EXE
Detected by UnHackMe:
DISPLAYOSD.EXE
Default location: %APPDATA%\MICROSOFT\WINDOWS\DISPLAYOSD.EXE
Removal Results: Success
Number of reboot: 1
DISPLAYOSD.EXE is known as:
Trojan.Downloader5
Files:- %APPDATA%\MICROSOFT\WINDOWS\DISPLAYOSD.EXE
- %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U98D4X8H\UPDATE1016[1].DAT
- %APPDATA%\MICROSOFT\WINDOWS\PREFERENCES
- %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KHMHGZ4F\UPDATE1015[1].DAT
- %APPDATA%\MICROSOFT\WINDOWS\SETUP.DAT
GOOGLEUP.EXE is Worm Prolaco
Is the file GOOGLEUP.EXE located on your computer? Then your computer is infected.
We do suggest you should remove GOOGLEUP.EXE from your computer as soon as possible.
GOOGLEUP.EXE is Trojan/Backdoor.
Kill the process GOOGLEUP.EXE and remove GOOGLEUP.EXE from the Windows startup.
Malware Analysis of GOOGLEUP.EXE
Full path on a computer: %System%\Googleup.exe
Detected by UnHackMe:
GOOGLEUP.EXE
Default location: %System%\Googleup.exe
Removal Results: Success
Number of reboot: 1
GOOGLEUP.EXE is known as:
Worm.Prolaco
GOOGLEUP.EXE hash:
- MD5: 4d6501531228079afef5b87dd04af31a
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\GoogleUpdaterv1: “%System%\Googleup.exe”
Files:- %Windir%\mswinsck.sys
- %System%\explore.exe
- %System%\Googleup.exe
SVCXDCL32.EXE is Troyan Barys
We checked up the file SVCXDCL32.EXE and found it hazardous.
The file SVCXDCL32.EXE must be deleted from the system immediately.
Kill the process SVCXDCL32.EXE and remove SVCXDCL32.EXE from the Windows startup.
Malware Analysis of SVCXDCL32.EXE
Full path on a computer: %AppData%\svcxdcl32.exe
Detected by UnHackMe:
SVCXDCL32.EXE
Default location: %AppData%\svcxdcl32.exe
Removal Results: Success
Number of reboot: 1
SVCXDCL32.EXE is known as:
Troyan.Barys
SVCXDCL32.EXE hash:
- MD5: 8a0ddd3b425c49d201473ce3069353d6
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Svc2dll: “%AppData%\svcxdcl32.exe”
Files:- %AppData%\svcxdcl32.dat
- %AppData%\svcxdcl32.exe
- %AppData%\svcxdcl32_v.dll
BITCOIN.EXE is Backdoor Qbot
The program BITCOIN.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with BITCOIN.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of BITCOIN.EXE
Full path on a computer: %Temp%\tmp878dd1ff\bitcoin.exe
Detected by UnHackMe:
BITCOIN.EXE
Default location: %Temp%\tmp878dd1ff\bitcoin.exe
Removal Results: Success
Number of reboot: 1
BITCOIN.EXE is known as:
Backdoor.Qbot
BITCOIN.EXE hash:
- MD5: 1bbb6ef0487c8100eb7acddfcb12fde8
Files:- %AppData%\SCleaner\config
- %AppData%\SCleaner\scleaner.exe
- %AppData%\SCleaner\sndmgr.exe
- %Temp%\tmp878dd1ff\bitcoin.exe
- %AppData%\Segoep\uqyr.exi
- %AppData%\Upilve\evis.exe
- %Temp%\tmp90b9d3dc.bat
QGL6WO88SW.EXE is Trojan Cutwail
The file QGL6WO88SW.EXE is malware related.
You must delete the file QGL6WO88SW.EXE immediately!
Delete the file QGL6WO88SW.EXE without delay!
Kill the process QGL6WO88SW.EXE and remove QGL6WO88SW.EXE from the Windows startup.
Malware Analysis of QGL6WO88SW.EXE
Full path on a computer: %UserProfile%\qgl6wo88sw.exe
Detected by UnHackMe:
QGL6WO88SW.EXE
Default location: %UserProfile%\qgl6wo88sw.exe
Removal Results: Success
Number of reboot: 1
QGL6WO88SW.EXE is known as:
Trojan.Cutwail
QGL6WO88SW.EXE hash:
- MD5: 17c9efaf7f70581319b1cf2a3e66d20c
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\qgl6wo88sw: “%UserProfile%\qgl6wo88sw.exe”
Files:- %UserProfile%\qgl6wo88sw.exe
WWMY7SHQ7D.EXE is Trojan Downloader
We checked some samples of WWMY7SHQ7D.EXE and detected the file WWMY7SHQ7D.EXE as threat.
Remove the WWMY7SHQ7D.EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of WWMY7SHQ7D.EXE
Full path on a computer: %UserProfile%\wwmy7shq7d.exe
Detected by UnHackMe:
WWMY7SHQ7D.EXE
Default location: %UserProfile%\wwmy7shq7d.exe
Removal Results: Success
Number of reboot: 1
WWMY7SHQ7D.EXE is known as:
Trojan.Downloader
WWMY7SHQ7D.EXE hash:
- MD5: 366bbaf55c66966bcff276556a1606ca
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wwmy7shq7d: “%UserProfile%\wwmy7shq7d.exe”
Files:- %UserProfile%\wwmy7shq7d.exe
IQS.EXE is Trojan Facebook
The file IQS.EXE is a computer worm.
The worm IQS.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the IQS.EXE problem as soon as possible!
Delete the file IQS.EXE from all infected computers in your network.
Set up your network firewall against IQS.EXE intervention.
Malware Analysis of IQS.EXE
Full path on a computer: %WinDir%\iqs.exe
Detected by UnHackMe:
Item Name: Microsoft Firevall Engine
Author: Google Inc.
Related File: %WinDir%\IQS.EXE
Type: Registry Run
Item Name: iqs.exe
Author: Google Inc.
Related File: %WinDir%\IQS.EXE
Type: Detected using Heuristic Algorithm
Removal Results: Success
Number of reboot: 1
IQS.EXE is known as:
Trojan.Facebook, Trojan.Gyimface, Trojan.Msil, Worm.Stekct
IQS.EXE hash:
- MD5: 7a25f877bdab40a055cf8452885d1952
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Firevall Engine: “c:\windows\iqs.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Firevall Engine: “c:\windows\iqs.exe”
Files:- %WinDir%\iqs.exe
VM_STI.EXE is Trojan PWS.QQRob
We checked some samples of VM_STI.EXE and detected the file VM_STI.EXE as threat.
Remove the VM_STI.EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of VM_STI.EXE
Full path on a computer: %SysDir%\VM_STI.exe
Detected by UnHackMe:
VM_STI.EXE
Default location: %SYSDIR%\VM_STI.EXE
Removal Results: Success
Number of reboot: 1
VM_STI.EXE is known as:
Trojan.PWS.QQRob, Worm.Mytob, Trojan.PWS.Qqrobber
VM_STI.EXE hash:
- MD5: a9cfc6cf103b6335c4abb7b2f1b4ff9c
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VM_STI: “%SysDir%\VM_STI.exe”
Files:- %SysDir%\VM_STI.exe
LEXPLORER.EXE is Worm Rebhip
The file LEXPLORER.EXE is a computer worm.
The worm LEXPLORER.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the LEXPLORER.EXE problem as soon as possible!
Delete the file LEXPLORER.EXE from all infected computers in your network.
Set up your network firewall against LEXPLORER.EXE intervention.
Malware Analysis of LEXPLORER.EXE
Full path on a computer: C:\dir\install\install\lexplorer.exe
Detected by UnHackMe:
Item Name: Policies
Author: Oracle Corporation
Related File: C:\DIR\INSTALL\INSTALL\LEXPLORER.EXE
Type: Explorer Run
Item Name: {04OHYM65-37FP-1FE4-K76U-0KBA85HM3856}
Author:
Related File: C:\DIR\INSTALL\INSTALL\LEXPLORER.EXE
Type: ActiveSetup
Item Name: svchost
Author: Oracle Corporation
Related File: C:\DIR\INSTALL\INSTALL\LEXPLORER.EXE
Type: Registry Run
Removal Results: Success
Number of reboot: 1
LEXPLORER.EXE is known as:
Worm.Rebhip, Trojan.Rbot, Trojan.Injector, Backdoor.Ursap
LEXPLORER.EXE hash:
- MD5: 4b9a61da95506308dba4f9dbd1122d07
Registry:- HKLM\Software\Microsoft\Active Setup\Installed Components\{04OHYM65-37FP-1FE4-K76U-0KBA85HM3856}\StubPath: “C:\dir\install\install\lexplorer.EXE”
- HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Policies: “C:\dir\install\install\lexplorer.EXE”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\svchost: “C:\dir\install\install\lexplorer.EXE”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies: “C:\dir\install\install\lexplorer.EXE”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\svchost: “C:\dir\install\install\lexplorer.EXE”
Folders:- C:\dir\install\install
Files:- %Appdata%\logs.dat
- %Temp%\UuU.uUu
- %Temp%\XxX.xXx
- C:\dir\install\install\lexplorer.exe
ITUNES_SERVICE86.EXE is Trojan Ransom.Gimemo
Ransom Screen Locker ITUNES_SERVICE86.EXE is a malicious program. ITUNES_SERVICE86.EXE blocks user access to a computer that it infects. ITUNES_SERVICE86.EXE demands a ransom paid for unlocking the computer.
Malware Analysis of ITUNES_SERVICE86.EXE
Full path on a computer: %Appdata%\itunes_service86.exe
Detected by RegRun Warrior:
Item Name: shell
Author: Unknown
Related File: %Appdata%\itunes_service86.exe
Type: System.ini
Item Name: UserInit
Author: Unknown
Related File: %Appdata%\itunes_service86.exe,%WinDir%\System32\userinit.exe,
Type: UserInit Value
Item Name: VX5LWxsct4OYCCz
Author: Unknown
Related File: %APPDATA%\ITUNES_SERVICE86.EXE
Type: Registry Run
Removal Results: Success
Number of reboot: 1
ITUNES_SERVICE86.EXE is known as:
Trojan.Ransom.Gimemo, Trojan.Injector, Trojan.LockScreen, Trojan.ABot
ITUNES_SERVICE86.EXE hash:
- MD5: 7944a9eaac350ae8c8a0d2ddfcc07201
Registry:- HKLM\Software\Microsoft\Active Setup\Installed Components\{XeJngJXf-ODXg-ffJf-IGRj-b8ZmzFObCacv}\VX5LWxsct4OYCCz: “”%Appdata%\itunes_service86.exe” /ActiveX”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VX5LWxsct4OYCCz: “%Appdata%\itunes_service86.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\VX5LWxsct4OYCCz: “%Appdata%\itunes_service86.exe”
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “%Appdata%\itunes_service86.exe”
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “%Appdata%\itunes_service86.exe,%WinDir%\System32\userinit.exe,”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “%Appdata%\itunes_service86.exe”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “%Appdata%\itunes_service86.exe,%WinDir%\System32\userinit.exe,”
Files:- %Appdata%\itunes_service86.exe
Worm Stekct
The “Worm_Stekct” is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the “Worm_Stekct” problem as soon as possible!
Delete the “Worm_Stekct” from all infected computers in your network.
Set up your network firewall against “Worm_Stekct” intervention.
Malware Analysis of “Worm_Stekct”
Full path on a computer: %WinDir%\IQS.EXE
Detected by UnHackMe:
Item Name: Microsoft Firevall Engine
Author: Unknown
Related File: %WinDir%\IQS.EXE
Type: Registry Run
Item Name: IQS.EXE
Author: Unknown
Related File: %WinDir%\IQS.EXE
Type: Detected using Heuristic Algorithm
Removal Results: Success
Number of reboot: 1
“Worm_Stekct” is known as:
Worm.Stekct, Worm.Daws, Worm.Multim
“Worm_Stekct” hash:
- MD5: 8fb8586175c88a14efb805c7b427c095
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Firevall Engine: “c:\windows\IQS.EXE”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Firevall Engine: “c:\windows\IQS.EXE”
Files:- %WinDir%\IQS.EXE
IQS.EXE is Worm Stekct
The file IQS.EXE is a computer worm.
The worm IQS.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the IQS.EXE problem as soon as possible!
Delete the file IQS.EXE from all infected computers in your network.
Set up your network firewall against IQS.EXE intervention.
Malware Analysis of IQS.EXE
Full path on a computer: %WinDir%\IQS.EXE
Detected by UnHackMe:
Item Name: Microsoft Firevall Engine
Author: Unknown
Related File: %WinDir%\IQS.EXE
Type: Registry Run
Item Name: IQS.EXE
Author: Unknown
Related File: %WinDir%\IQS.EXE
Type: Detected using Heuristic Algorithm
Removal Results: Success
Number of reboot: 1
IQS.EXE is known as:
Worm.Stekct, Worm.Daws, Worm.Multim
IQS.EXE hash:
- MD5: 8fb8586175c88a14efb805c7b427c095
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Firevall Engine: “c:\windows\IQS.EXE”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Firevall Engine: “c:\windows\IQS.EXE”
Files:- %WinDir%\IQS.EXE
Picture13.JPG_www.facebook.com is Worm Stekct
The file Picture13.JPG_www.facebook.com is a computer worm.
The worm Picture13.JPG_www.facebook.com is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the Picture13.JPG_www.facebook.com problem as soon as possible!
Delete the file Picture13.JPG_www.facebook.com from all infected computers in your network.
Set up your network firewall against Picture13.JPG_www.facebook.com intervention.
Malware Analysis of Picture13.JPG_www.facebook.com
Full path on a computer: %WinDir%\IQS.EXE
Detected by UnHackMe:
Item Name: Microsoft Firevall Engine
Author: Unknown
Related File: %WinDir%\IQS.EXE
Type: Registry Run
Item Name: IQS.EXE
Author: Unknown
Related File: %WinDir%\IQS.EXE
Type: Detected using Heuristic Algorithm
Removal Results: Success
Number of reboot: 1
Picture13.JPG_www.facebook.com is known as:
Worm.Stekct, Worm.Daws, Worm.Multim
IQS.EXE hash:
- MD5: 8fb8586175c88a14efb805c7b427c095
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Firevall Engine: “c:\windows\IQS.EXE”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Firevall Engine: “c:\windows\IQS.EXE”
Files:- %WinDir%\IQS.EXE
WINSRV.EXE is Worm Stekct
The file WINSRV.EXE is a computer worm.
The worm WINSRV.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the WINSRV.EXE problem as soon as possible!
Delete the file WINSRV.EXE from all infected computers in your network.
Set up your network firewall against WINSRV.EXE intervention.
Malware Analysis of WINSRV.EXE
Full path on a computer: %WinDir%\winsrv.exe
Detected by UnHackMe:
Item Name: Microsoft Firevall Engine
Author: Unknown
Related File: %WinDir%\WINSRV.EXE
Type: Registry Run
Item Name: winsrv.exe
Author: Unknown
Related File: %WinDir%\WINSRV.EXE
Type: Detected using Heuristic Algorithm
Removal Results: Success
Number of reboot: 1
WINSRV.EXE is known as:
Worm.Stekct, Worm.Daws, Worm.Multim
WINSRV.EXE hash:
- MD5: 8fb8586175c88a14efb805c7b427c095
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Firevall Engine: “c:\windows\winsrv.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Firevall Engine: “c:\windows\winsrv.exe”
Files:- %WinDir%\winsrv.exe
- Remember: the best way to remove rootkits is from the outside!
