Detected by UnHackMe:

Item Name: MIROSOFT3
Author:
Related File: %SysDir%\misoft.exe
Type: Auto Services

Item Name: misoft.exe
Author: Unknown
Related File: %SYSDIR%\MISOFT.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

MISOFT.EXE is known as:

Adware.IEShow

MISOFT.EXE hash:

• MD5: 7f6ab742a50d60c1d66c399aa4e9552c

Registry:

• HKLM\System\CurrentControlSet\Services\MIROSOFT3\ImagePath: “%SysDir%\misoft.exe”

Files:

• %SysDir%\misoft.exe

Detected by UnHackMe:

Item Name:
Author: Other Company Existence
Related File: %TEMP%\LDATA.EXE
Type: Explorer Run

Removal Results: Success
Number of reboot: 1

LDATA.EXE is known as:

Trojan.StartPage

LDATA.EXE hash:

• MD5: e969aeb58bf616701a67c15b6f2dca01

Registry:

• HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\: “%Temp%\lData.exe -h”

Files:

• %Temp%\lData.exe

Detected by UnHackMe:

Item Name: sysdiag.exe
Author: Unknown
Related File: %WinDir%\SYSDIAG.EXE
Type: Registry Run

Removal Results: Success
Number of reboot: 1

SYSDIAG.EXE is known as:

Trojan.Jorik

SYSDIAG.EXE hash:

• MD5: 2771fb10be9b288026e6feefe1ef3074

Registry:

• HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysdiag.exe: “C:\windows\sysdiag.exe”
• HKCU\Software\Microsoft\Windows\CurrentVersion\Run\sysdiag.exe: “C:\windows\sysdiag.exe”

Files:

• %WinDir%\sysdiag.exe

Detected by UnHackMe:

Item Name: taskman
Author: ScAP1RoOVlWT93BA
Related File: %APPDATA%\JZKV.EXE
Type: Winlogon System

Item Name: jzkv.exe
Author: ScAP1RoOVlWT93BA
Related File: %APPDATA%\JZKV.EXE
Type: Detected using Heuristic Algorithm

Removal Results: Success
Number of reboot: 1

JZKV.EXE is known as:

Worm.Bflient, P2P-Worm.Palevo

JZKV.EXE hash:

• MD5: 7096f95f174ba9b0f0592b78c307f13d

Registry:

• HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman: “%Appdata%\jzkv.exe”

Files:

• %Appdata%\jzkv.exe

Detected by UnHackMe:

Item Name: IMSCMigiiop
Author: Unknown
Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\MIQIHEULP.DLL
Type: Explorer Run

After first reboot detected by UnHackMe:

Item Name: IMSCMigiiop
Author:
Related File: Rundll32.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\miqiheulp.dll,MM
Type: Explorer Run

Removal Results: Success
Number of reboot: 2

MIQIHEULP.DLL is known as:

Backdoor.Cindyc, Trojan.Bumat

MIQIHEULP.DLL hash:

• MD5: 4fd0b60f1c4d21bb5d28e02cd5d14b53

Registry:

• HKLM\Software\Microsoft\Windows\CurrentVersion\policies\explorer\run\IMSCMigiiop: “Rundll32.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\miqiheulp.dll,MM”
• HKCU\Software\ts\explorer\run\IMSCMigiiop: “Rundll32.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\miqiheulp.dll,MM”

Files:

• %Profile%\Local Settings\miqiheulp.dll
• %Profile%\Local Settings\tmp.bak

Detected by UnHackMe:

Item Name: Explorer
Author: Unknown
Related File: %SYSDIR%\DRIVERS\TXP1ATFORM.EXE
Type: Registry Run

Item Name: TXP1atform.exe
Author: Unknown
Related File: %SYSDIR%\DRIVERS\TXP1ATFORM.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

TXP1ATFORM.EXE is known as:

Worm.Fujack

TXP1ATFORM.EXE hash:

• MD5: 0e6536c110c12e53f0446659bf491fac

Registry:

• HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Explorer: “%SysDir%\drivers\TXP1atform.exe”

Files:

• %SysDir%\drivers\TXP1atform.exe
• C:\GK.TMP

Detected by UnHackMe:

Item Name: ctfmon.exe
Author: Unknown
Related File: %SYSDIR%\FEELGOOD.EXE
Type: Image Executions Debugger

Item Name: Windriversrv32
Author:
Related File: %SysDir%\ZJ021702 -start
Type: Auto Services

Removal Results: Success
Number of reboot: 1

FEELGOOD.EXE is known as:

Trojan.Wsgame, Trojan.OnlineGameHack

FEELGOOD.EXE hash:

• MD5: 89cf7e8017c2cf9cecccf9b1e209e0a9

Registry:

• HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe\Debugger: “c:\windows\system32\feelgood.exe”
• HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINDRIVERSRV32\0000\Service: “Windriversrv32″
• HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINDRIVERSRV32\0000\DeviceDesc: “WinDriver32″
• HKLM\System\CurrentControlSet\Services\Windriversrv32\ImagePath: “%SysDir%\ZJ021702 -start”
• HKLM\System\CurrentControlSet\Services\Windriversrv32\DisplayName: “WinDriver32″

Files:

• %SysDir%\a18851c8a1f7e2285258b
• %SysDir%\b198b1c4f1f87228b268a2.dll
• %SysDir%\b47ba4aaf4ec251c654c457c
• %SysDir%\e36a339a73d6b40a443af46b2.dll
• %SysDir%\feelgood.exe
• %SysDir%\sgg.css
• %SysDir%\ZJ021702

Detected by UnHackMe:

Item Name: Ghijkl Nopqrstu Wxy
Author: ?????????????
Related File: %TEMP%\QHIJKLMNO.BMP
Type: Svchost DLLs

Removal Results: Success
Number of reboot: 1

QHIJKLMNO.BMP is known as:

Backdoor.Dedipros

QHIJKLMNO.BMP hash:

• MD5: 37962a176aed23a2befbb65bbf8e95cb

Registry:

• HKLM\System\CurrentControlSet\Enum\Root\LEGACY_GHIJKL_NOPQRSTU_WXY\0000\Service: “Ghijkl Nopqrstu Wxy”
• HKLM\System\CurrentControlSet\Enum\Root\LEGACY_GHIJKL_NOPQRSTU_WXY\0000\DeviceDesc: “Ghijkl Nopqrstu Wxyabcde Ghij”
• HKLM\System\CurrentControlSet\Services\Ghijkl Nopqrstu Wxy\Parameters\ServiceDll: “%Temp%\Qhijklmno.bmp”
• HKLM\System\CurrentControlSet\Services\Ghijkl Nopqrstu Wxy\DisplayName: “Ghijkl Nopqrstu Wxyabcde Ghij”
• HKLM\System\CurrentControlSet\Services\Ghijkl Nopqrstu Wxy\Description: “Ghijklmn Pqrstuvwx Abcdefg Ijklmnop Rst”

Files:

• %Temp%\Qhijklmno.bmp

Detected by UnHackMe:

Item Name: java
Author: Sun Microsystems, Inc.
Related File: %APPDATA%\JAVA08_02.EXE
Type: Explorer Run

Item Name: {BBC0CCDA-FAEA-CDBB-AAD2-E9DFEDA8BBC3}
Author:
Related File: %APPDATA%\JAVA08_02.EXE
Type: ActiveSetup

Item Name: java08_02.exe
Author:
Related File: %APPDATA%\JAVA08_02.EXE
Type: Detected using Heuristic Algorithm

Removal Results: Success
Number of reboot: 1

JAVA08_02.EXE is known as:

Backdoor.DarkHole

JAVA08_02.EXE hash:

• MD5: 0781e3c1b2cc979cc5b74487d2bc305e

Registry:

• HKLM\Software\Microsoft\Active Setup\Installed Components\{BBC0CCDA-FAEA-CDBB-AAD2-E9DFEDA8BBC3}\StubPath: “%Appdata%\java08_02.exe”
• HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\run\java: “%Appdata%\java08_02.exe”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Run\java: “%Appdata%\java08_02.exe”
• HKCU\Software\Microsoft\Active Setup\Installed Components\{BBC0CCDA-FAEA-CDBB-AAD2-E9DFEDA8BBC3}\StubPath: “%Appdata%\java08_02.exe”
• HKCU\Software\Microsoft\Windows\CurrentVersion\Run\java: “%Appdata%\java08_02.exe”

Files:

• %Appdata%\java08_02
• %Appdata%\java08_02.exe

Detected by UnHackMe:

Item Name: DSLserverrss
Author:
Related File: %SysDir%\tgvbgq.exe
Type: Auto Services

Item Name: tgvbgq.exe
Author: Unknown
Related File: %SYSDIR%\TGVBGQ.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

TGVBGQ.EXE is known as:

Trojan.ServStart, Trojan.Nitol

TGVBGQ.EXE hash:

• MD5: dda92b696495c82c0d35a9e9ffbaa245

Registry:

• HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DSLSERVERRSS\0000\Service: “DSLserverrss”
• HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DSLSERVERRSS\0000\DeviceDesc: “DCOM Serverfop Process Launcher.”
• HKLM\System\CurrentControlSet\Services\DSLserverrss\ImagePath: “%SysDir%\tgvbgq.exe”
• HKLM\System\CurrentControlSet\Services\DSLserverrss\DisplayName: “DCOM Serverfop Process Launcher.”
• HKLM\System\CurrentControlSet\Services\DSLserverrss\Description: “DCOM Serverohe Process Launcher..”

Files:

• %SysDir%\tgvbgq.exe

Detected by UnHackMe:

RESERVERESET.EXE
Default location: %WinDir%\reservereset.exe

Removal Results: Success
Number of reboot: 1

RESERVERESET.EXE is known as:

Adware.Kraddare

RESERVERESET.EXE hash:

• MD5: 6bacdd920face7b9700a7a1a98c0c0cf

Registry:

• HKLM\System\CurrentControlSet\Enum\Root\LEGACY_BEST-PC_UPDATE_SERVICE\0000\Service: “best-pc Update Service”
• HKLM\System\CurrentControlSet\Enum\Root\LEGACY_BEST-PC_UPDATE_SERVICE\0000\DeviceDesc: “best-pc Support Service”
• HKLM\System\CurrentControlSet\Services\best-pc Update Service\ImagePath: “”%WinDir%\reservereset.exe” /update”
• HKLM\System\CurrentControlSet\Services\best-pc Update Service\DisplayName: “best-pc Support Service”

Files:

• %Program Files%\best-pc\best-pcU.exe
• %WinDir%\reservereset.dat
• %WinDir%\reservereset.exe

Detected by UnHackMe:

EGACCESS4_1071.DLL
Default location: HKLM\Software\Classes\CLSID\{413E282B-C32A-4717-A0F3-4F2E6FE25F83}\InprocServer32\: “%SysDir%\egaccess4_1071.dll”

Removal Results: Success
Number of reboot: 1

EGACCESS4_1071.DLL is known as:

Adware.NaviPromo, Trojan.Dialer, Trojan.Wintrim, Trojan.EgroupDial

EGACCESS4_1071.DLL hash:

• MD5: b83f652ffa76451ae438954f89c02f62

Registry:

• HKLM\Software\Classes\CLSID\{413E282B-C32A-4717-A0F3-4F2E6FE25F83}\InprocServer32\: “%SysDir%\egaccess4_1071.dll”

Folders:

• %Program Files%\Instant Access\Multi

Files:

• %Program Files%\Instant Access\Multi\20100624020631\instant access.exe
• %SysDir%\egaccess4_1071.dll
• %WinDir%\iaccess32.exe
• %WinDir%\tmlpcert2007

After first reboot detected by UnHackMe:

Item Name: TJB Start
Author: Unknown
Related File: %SYSDIR%\IAYCFY\TJB.EXE
Type: Registry Run

Removal Results: Success
Number of reboot: 2

TJB.EXE is known as:

KeyLogger.Ardamax

TJB.EXE hash:

• MD5: 3cd29c0df98a7aeb69a9692843ca3edb

Registry:

• HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TJB Start: “%SysDir%\IAYCFY\TJB.exe”

Folders:

• %SysDir%\IAYCFY

Files:

• %SysDir%\IAYCFY\TJB.001
• %SysDir%\IAYCFY\TJB.002
• %SysDir%\IAYCFY\TJB.004
• %SysDir%\IAYCFY\TJB.exe

Detected by UnHackMe:

Item Name: TDL4.3
Author: Unknown
Related File:
Type: Devices in Memory

Detected by RegRun Warrior:

Item Name: regedit.exe
Author: Unknown
Related File: %APPDATA%\PROTECTOR-NBV.EXE
Type: Image Executions Debugger

Item Name: taskmgr.exe
Author: Unknown
Related File: %APPDATA%\PROTECTOR-NBV.EXE
Type: Image Executions Debugger

Item Name: Inspector
Author: Unknown
Related File: %APPDATA%\PROTECTOR-NBV.EXE
Type: Registry Run

PROTECTOR-NBV.EXE
Default location:

Removal Results: Success
Number of reboot: 1

PROTECTOR-NBV.EXE is known as:

FakeAV.WindowsSmartWarden

PROTECTOR-NBV.EXE hash:

• MD5: 0d49357f968a80cd7b7e51693f9939ae

Registry:

• HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector: “%Appdata%\Protector-nbv.exe”

Files:

• %Appdata%\Protector-nbv.exe
• %Appdata%\result.db
• %Desktop%\Windows Smart Warden.lnk
• %Temp%\1.tmp
• %Common Startmenu%\Programs\Windows Smart Warden.lnk

Detected by UnHackMe:

Item Name: cft_mon
Author: Unknown
Related File: C:\RECYCLER\CFT_MON.EXE
Type: Registry Run

Item Name: cft_mon.exe
Author: Unknown
Related File: C:\RECYCLER\CFT_MON.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

CFT_MON.EXE is known as:

Worm.Autorun, Trojan.HDC

CFT_MON.EXE hash:

• MD5: 6bb30b0814ce541ed32094f98667a92f

Registry:

• HKLM\Software\Microsoft\Windows\CurrentVersion\Run\cft_mon: “”C:\RECYCLER\cft_mon.exe”"

Files:

• C:\RECYCLER\cft_mon.exe

Detected by UnHackMe:

Item Name: 6to4
Author:
Related File: %WinDir%\6TO4BEAS.DAT
Type: Svchost DLLs

Removal Results: Success
Number of reboot: 1

6TO4BEAS.DAT is known as:

Backdoor.Zegost

6TO4BEAS.DAT hash:

• MD5: 4f4aafd572114950f17e72c0edf0d103

Registry:

• HKLM\System\CurrentControlSet\Enum\Root\LEGACY_6TO4\0000\DeviceDesc: “zremote network & conctrol servicae207″
• HKLM\System\CurrentControlSet\Services\6to4\Parameters\ServiceDll: “%WinDir%\6to4beas.dat”
• HKLM\System\CurrentControlSet\Services\6to4\Parameters\ServiceMain: “Beat3″
• HKLM\System\CurrentControlSet\Services\6to4\DisplayName: “zremote network & conctrol servicae207″
• HKLM\System\CurrentControlSet\Services\6to4\Description: “Windows Update network Servicae207″

Files:

• %WinDir%\6to4beas.dat

Detected by UnHackMe:

Item Name: taskman
Author: Unknown
Related File: %PROFILE%\MSCDCX.EXE
Type: Winlogon System

Item Name: mscdcx.exe
Author: Unknown
Related File: %PROFILE%\MSCDCX.EXE
Type: Detected using Heuristic Algorithm

Removal Results: Success
Number of reboot: 1

MSCDCX.EXE is known as:

Trojan.Rimecud, Trojan.Pilleuz, P2P-Worm.Palevo

MSCDCX.EXE hash:

• MD5: 44a2cb0192ad58e96337bb50b0086644

Registry:

• HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman: “%Profile%\mscdcx.exe”

Files:

• %Profile%\mscdcx.exe

Detected by UnHackMe:

ANIMAL-XXX-MOVIE.AVI.EXE
Default location: %Temp%\animal-xxx-movie.avi.exe

Removal Results: Success
Number of reboot: 1

ANIMAL-XXX-MOVIE.AVI.EXE is known as:

Trojan.Obfuscator

ANIMAL-XXX-MOVIE.AVI.EXE hash:

• MD5: 3bf0eeef99cff96c4a773e8051dc2ca2

Registry:

• HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\AVSE: “%Temp%\animal-xxx-movie.avi.exe /cs:1 ”

Files:

• %Temp%\animal-xxx-movie.avi.exe
• %Temp%\Setup.exe
• %Common Appdata%\69cb8a\AV69c_8061.exe

Detected by UnHackMe:

SEARCH_ON.DLL
Default location: %Program Files%\search On\search_on.dll

Removal Results: Success
Number of reboot: 1

SEARCH_ON.DLL is known as:

Adware.SearchOn, Adware.BHO

SEARCH_ON.DLL hash:

• MD5: 67ab83c2e9c23b5dd6f3e9824e3bd295

Files:

• %Program Files%\search On\searchon.exe
• %Program Files%\search On\search_on.dll
• %Program Files%\SearchOn\delex.exe
• %Program Files%\SearchOn\gsobho.dll
• %Program Files%\SearchOn\gsoupdater.exe
• %Program Files%\SearchOn\SearchOnInstall158(gamesum2).exe

Detected by UnHackMe:

SEARCHON.EXE
Default location: %Program Files%\search On\searchon.exe

Removal Results: Success
Number of reboot: 1

SEARCHON.EXE is known as:

Trojan.ADH, Adware.Searcher, Adware.MiniSearch

SEARCHON.EXE hash:

• MD5: 0304425cd0c0b7c8154dc6f742d94515

Registry:

• HKLM\Software\Microsoft\Windows\CurrentVersion\Run\search On: “”%Program Files%\search On\searchon.exe”"

Folders:

• %Program Files%\search On
• %Program Files%\SearchOn

Files:

• %Program Files%\search On\searchon.exe
• %Program Files%\search On\search_on.dll
• %Program Files%\SearchOn\delex.exe
• %Program Files%\SearchOn\gsobho.dll
• %Program Files%\SearchOn\gsoupdater.exe
• %Program Files%\SearchOn\SearchOnInstall158(gamesum2).exe

Detected by UnHackMe:

Item Name: Adobe Gamma Loader.com
Author: Unknown
Related File: %STARTUP%\ADOBE GAMMA LOADER.COM
Type: Startup Folder

Removal Results: Success
Number of reboot: 1

ADOBE GAMMA LOADER.COM is known as:

Worm.Autorun, Trojan.Obfuscated

Remove it now!

SAFEMON.DLL is Trojan Magania

We checked up the file SAFEMON.DLL and found it hazardous.
The file SAFEMON.DLL must be deleted from the system immediately.
Kill the process SAFEMON.DLL and remove SAFEMON.DLL from the Windows startup.

Malware Analysis of SAFEMON.DLL
Full path on a computer: %SysDir%\safemon.dll

How to quickly detect SAFEMON.DLL presence?

Registry:

• HKLM\Software\Classes\CLSID\{D36F9CA2-788F-42DE-A627-9E6EF40D8475}\InprocServer32\: “%SysDir%\safemon.dll”
• HKLM\Software\Classes\TypeLib\{D36F9CA8-788F-42DE-A627-9E6EF40D8475}\1.0\0\win32\: “%SysDir%\safemon.dll”

Files:

• %Temp%\2012211114615.dll
• %SysDir%\safemon.dll
• %SysDir%\versionQQ.dll

Remove it now!

DTUVWXYAB.JPG is Backdoor Farfli

The program DTUVWXYAB.JPG is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with DTUVWXYAB.JPG.
Download for free: http://www.unhackme.com

Malware Analysis of DTUVWXYAB.JPG
Full path on a computer: %Program Files%\Xtuv\Dtuvwxyab.jpg

How to quickly detect DTUVWXYAB.JPG presence?

Registry:

• HKLM\System\CurrentControlSet\Enum\Root\LEGACY_STUVWX_ABCDEFGH_JKL\0000\Service: “Stuvwx Abcdefgh Jkl”
• HKLM\System\CurrentControlSet\Enum\Root\LEGACY_STUVWX_ABCDEFGH_JKL\0000\DeviceDesc: “Stuvwx Abcdefgh Jklmnopq Stuv”
• HKLM\System\CurrentControlSet\Services\Stuvwx Abcdefgh Jkl\Parameters\ServiceDll: “%Program Files%\Xtuv\Dtuvwxyab.jpg”
• HKLM\System\CurrentControlSet\Services\Stuvwx Abcdefgh Jkl\DisplayName: “Stuvwx Abcdefgh Jklmnopq Stuv”
• HKLM\System\CurrentControlSet\Services\Stuvwx Abcdefgh Jkl\Description: “Stuvwxya Cdefghijk Mnopqrs Uvwxyabc Efg”

Files:

• C:\Documents and Settings\temp.gif
• C:\Documents and Settings\temp2.gif
• %Program Files%\Xtuv\Dtuvwxyab.jpg

Remove it now!

DRIVER32.EXE is Trojan Injector

The file DRIVER32.EXE is identified as a virus dropper.
The dropper DRIVER32.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file DRIVER32.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the DRIVER32.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the DRIVER32.EXE process and delete the file DRIVER32.EXE.

Malware Analysis of DRIVER32.EXE
Full path on a computer: %Appdata%\updater\driver32.exe

How to quickly detect DRIVER32.EXE presence?

Registry:

• HKLM\Software\Microsoft\Active Setup\Installed Components\{8DBCACFF-DA3C-B1A9-DBD3-3EB8D6C1F5FB}\StubPath: “%Appdata%\updater\driver32.exe”
• HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\run\Win32Updater_: “%Appdata%\updater\driver32.exe”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32Updater_: “%Appdata%\updater\driver32.exe”

Folders:

• %Appdata%\updater

Files:

• %Appdata%\updater\driver32.exe
• %Appdata%\updater\logg

Remove it now!

ROHITGHATOOL.DLL is Trojan Grobim

The file ROHITGHATOOL.DLL is malware related.
You must delete the file ROHITGHATOOL.DLL immediately!
Delete the file ROHITGHATOOL.DLL without delay!
Kill the process ROHITGHATOOL.DLL and remove ROHITGHATOOL.DLL from the Windows startup.

Malware Analysis of ROHITGHATOOL.DLL
Full path on a computer: %Program Files%\rohitghatool\rohitghatool.dll

How to quickly detect ROHITGHATOOL.DLL presence?

Registry:

• HKLM\System\CurrentControlSet\Services\rohitghatool\Parameters\ServiceDll: “%Program Files%\rohitghatool\rohitghatool.dll”

Folders:

• %Appdata%\aidtkcgdd
• %Appdata%\aipansaka
• %Appdata%\akcbls7jxjd
• %Appdata%\egowtsjhe
• %Program Files%\rohitghatool

Files:

• %Appdata%\aidtkcgdd\aidtkcgdd.exe
• %Appdata%\aipansaka\aipansaka.exe
• %Appdata%\akcbls7jxjd\akcbls7jxjd.exe
• %Appdata%\egowtsjhe\egowtsjhe.exe
• %Appdata%\rohitghatool.exe
• %Program Files%\rohitghatool\rohitghatool.dll

Remove it now!

AIPANSAKA.EXE is Trojan Patched

Is the file AIPANSAKA.EXE located on your computer? Then your computer is infected.
We do suggest you should remove AIPANSAKA.EXE from your computer as soon as possible.
AIPANSAKA.EXE is Trojan/Backdoor.
Kill the process AIPANSAKA.EXE and remove AIPANSAKA.EXE from the Windows startup.

Malware Analysis of AIPANSAKA.EXE
Full path on a computer: %Appdata%\aipansaka\aipansaka.exe

How to quickly detect AIPANSAKA.EXE presence?

Registry:

• HKLM\Software\Microsoft\Windows\CurrentVersion\Run\aipansaka: “%Appdata%\aipansaka\aipansaka.exe”

Folders:

• %Appdata%\aidtkcgdd
• %Appdata%\aipansaka
• %Appdata%\akcbls7jxjd
• %Appdata%\egowtsjhe
• %Program Files%\rohitghatool

Files:

• %Appdata%\aidtkcgdd\aidtkcgdd.exe
• %Appdata%\aipansaka\aipansaka.exe
• %Appdata%\akcbls7jxjd\akcbls7jxjd.exe
• %Appdata%\egowtsjhe\egowtsjhe.exe
• %Appdata%\rohitghatool.exe
• %Program Files%\rohitghatool\rohitghatool.dll

Remove it now!

AIDTKCGDD.EXE is Trojan Grobim

We checked up the file AIDTKCGDD.EXE and found it hazardous.
The file AIDTKCGDD.EXE must be deleted from the system immediately.
Kill the process AIDTKCGDD.EXE and remove AIDTKCGDD.EXE from the Windows startup.

Malware Analysis of AIDTKCGDD.EXE
Full path on a computer: %Appdata%\aidtkcgdd\aidtkcgdd.exe

How to quickly detect AIDTKCGDD.EXE presence?

Registry:

• HKLM\Software\Microsoft\Windows\CurrentVersion\Run\aidtkcgdd: “%Appdata%\aidtkcgdd\aidtkcgdd.exe”

Folders:

• %Appdata%\aidtkcgdd
• %Appdata%\aipansaka
• %Appdata%\akcbls7jxjd
• %Appdata%\egowtsjhe
• %Program Files%\rohitghatool

Files:

• %Appdata%\aidtkcgdd\aidtkcgdd.exe
• %Appdata%\aipansaka\aipansaka.exe
• %Appdata%\akcbls7jxjd\akcbls7jxjd.exe
• %Appdata%\egowtsjhe\egowtsjhe.exe
• %Appdata%\rohitghatool.exe
• %Program Files%\rohitghatool\rohitghatool.dll

Remove it now!

ROHITGHATOOL.EXE is Trojan Grobim

The file ROHITGHATOOL.EXE is identified as a virus dropper.
The dropper ROHITGHATOOL.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file ROHITGHATOOL.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the ROHITGHATOOL.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the ROHITGHATOOL.EXE process and delete the file ROHITGHATOOL.EXE.

Malware Analysis of ROHITGHATOOL.EXE
Full path on a computer: %Appdata%\rohitghatool.exe

How to quickly detect ROHITGHATOOL.EXE presence?

Folders:

• %Appdata%\aidtkcgdd
• %Appdata%\aipansaka
• %Appdata%\akcbls7jxjd
• %Appdata%\egowtsjhe
• %Program Files%\rohitghatool

Files:

• %Appdata%\aidtkcgdd\aidtkcgdd.exe
• %Appdata%\aipansaka\aipansaka.exe
• %Appdata%\akcbls7jxjd\akcbls7jxjd.exe
• %Appdata%\egowtsjhe\egowtsjhe.exe
• %Appdata%\rohitghatool.exe
• %Program Files%\rohitghatool\rohitghatool.dll

Remove it now!

9C42534D.DLL is AdWare EZula

We received the file 9C42534D.DLL and detected that 9C42534D.DLL is not good.
9C42534D.DLL is Adware. You should remove the file 9C42534D.DLL.
Kill the process 9C42534D.DLL and remove 9C42534D.DLL from Windows.

Malware Analysis of 9C42534D.DLL
Full path on a computer: %Program Files%\Mozilla Firefox\extensions\{9bcefbf0-4a9f-9bf1-d18a-f468f3a56ff9}\components\9c42534d.dll

How to quickly detect 9C42534D.DLL presence?

Registry:

• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\a40cdbe6\DisplayName: “Contextual Tool Advertzilla”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\a40cdbe6\UninstallString: “%SysDir%\a40cdbe6.exe”

Folders:

• %Program Files%\Mozilla Firefox\extensions\{9bcefbf0-4a9f-9bf1-d18a-f468f3a56ff9}\components

Files:

• %Program Files%\Mozilla Firefox\extensions\{9bcefbf0-4a9f-9bf1-d18a-f468f3a56ff9}\chrome.manifest
• %Program Files%\Mozilla Firefox\extensions\{9bcefbf0-4a9f-9bf1-d18a-f468f3a56ff9}\components\9c42534d.dll
• %Program Files%\Mozilla Firefox\extensions\{9bcefbf0-4a9f-9bf1-d18a-f468f3a56ff9}\install.rdf
• %SysDir%\90e8a133.dll
• %SysDir%\a40cdbe6.exe

Remove it now!

SECURITY MONITOR.EXE is FakeAV SecurityMonitor2012

The file SECURITY MONITOR.EXE is a part of Fake Antiviral software.
You must delete the file SECURITY MONITOR.EXE immediately!
Delete the file SECURITY MONITOR.EXE without delay!
Kill the process SECURITY MONITOR.EXE and remove SECURITY MONITOR.EXE from the Windows startup.

Malware Analysis of SECURITY MONITOR.EXE
Full path on a computer: %Appdata%\Security Monitor 2012\Security Monitor.exe

How to quickly detect SECURITY MONITOR.EXE presence?

Registry:

• HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Security Monitor 2012: “”%Appdata%\Security Monitor 2012\Security Monitor.exe” /STARTUP”

Folders:

• %Appdata%\Security Monitor 2012
• %Programs%\Security Monitor 2012

Files:

• %Appdata%\Security Monitor 2012\Security Monitor.exe
• %Appdata%\Security Monitor 2012\securityhelper.exe
• %Appdata%\Security Monitor 2012\securitymanager.exe

Remove it now!

Next Page »

• Greatis Software

  • Free Download
  • Send a file

• AverScanner

  AverScaner- EveryDay Malware Scan

• Testimonials

  People say

  Greg

  I spent over 10 hours trying to manually hunt down and remove a rootkit and browser hijacker from my computer. That was a mistake!

  This virus/malware could not be removed by Norton, ZoneLabs, MS Essentials; etc.

  In about 1 hour, I was able to download your software, create the CD-ROM, watch the instruction video and kill 3 ROOKITS from my PC. (Your software hunted down the rootkits and killed them like Spetsnaz going after the enemy!) Get it!

  Joseph

  Your product is the only one on the market that has found and removed rootkits from my system, three rootkits to be precise. I have used other products but they don't measure up to UnHackMe.

  Bob

  The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!

  Click Here to Update All your PC's Outdated drivers

• Categories

  • Adware
  • Backdoor
  • Fake Driver-Codec
  • Fake System Tool
  • FakeAV
  • KeyLogger]>
  • Locker
  • Malware
  • Malware Domain
  • Not-a-Virus
  • Rootkit
  • unknown
  • Virus
  • Worm

• Recent Posts

  • MISOFT.EXE is Adware IEShow
  • LDATA.EXE is Trojan StartPage
  • SYSDIAG.EXE is Trojan Jorik
  • JZKV.EXE is Worm Bflient
  • MIQIHEULP.DLL is Backdoor Cindyc
  • TXP1ATFORM.EXE is Worm Fujack
  • FEELGOOD.EXE is Trojan Wsgame
  • QHIJKLMNO.BMP is Backdoor Dedipros
  • JAVA08_02.EXE is Backdoor DarkHole
  • TGVBGQ.EXE is Trojan ServStart

• 
• Remember: the best way to remove rootkits is from the outside!

  

• Blogroll

  • RegRun Security Suite. Detects and removes rootkits/malware/adware that your antivirus could not.
  • RegRun Warrior – Removing rootkits is best done from the outside!
  • UnHackMe – rootkit & malware killer

• Popular

  1. 1%INETACCELERATOR.EXE is Trojan Foreign
  2. 1%_EX-68.EXE is Trojan Banload
  3. 1%QUESTBASIC.EXE is AdWare AdLoad
  4. 1%MVSCAVAP.EXE is Trojan Banker6
  5. 1%STKSCAN.DLL is Trojan Sirefef.BP
  6. 1%TOSPORTE.DLL is Trojan Sirefef.BP
  7. 1%MRTSTUB.EXE is Trojan Banker
  8. 1%CLISECURERT.DLL is Trojan Reendup
  9. 1%FACEBOOKUPDATE.EXE is Trojan Starter
  10. 1%HDAUDBUS.DLL is Rootkit ZeroAccess
  11. 1%MSDUBMN.BAT is Worm Gamarue
  12. 1%XUAT.EXE is Trojan Rimecud
  13. 1%MTEFQ2.EXE is Trojan Swizzor
  14. 1%SCANEXPLICIT.DLL is Trojan Sirefef
  15. 1%OTYTKF.EXE is Worm Palevo
  16. 1%4EBARSVC.EXE is Adware FunWeb
  17. 1%KNYXI.EXE is Worm Palevo
  18. 1%SVCXDCL32_V.DLL is Trojan ZBot
  19. 1%SVV.DLL is Rootkit ZeroAccess
  20. 1%PCDRNT.DLL is Rootkit ZeroAccess

• Tags

  3308c706 Adware Agent Ainslot ATAPI.SYS AutoRun autorun.inf Backdoor Bancos Banker Banload BHO Bifrose Buzus Darkbot Delf Fake AntiVirus FakeAV Injector IRCBot Jorik KeyLogger Kraddare lsass.exe Malware Domain Oficla OnLineGames Palevo Rebhip Rootkit Scar services.exe SpyEye svchost.exe Taterf TDSS Trojan VB VBInject VBKrypt Virus Votwup winlogon.exe Worm ZeroAccess