Warning: call_user_func_array() [function.call-user-func-array]: First argument is expected to be a valid callback, 'stdClass::has_cap' was given in /home/greatisc/public_html/blog/wp-includes/capabilities.php on line 1109
CASTING.DLL is Trojan Click
We checked up the file CASTING.DLL and found it hazardous.
The file CASTING.DLL must be deleted from the system immediately.
Kill the process CASTING.DLL and remove CASTING.DLL from the Windows startup.
Malware Analysis of CASTING.DLL
Full path on a computer: %WINDIR%\CASTING.DLL
Detected by UnHackMe:
CASTING.DLL
Default location: %WINDIR%\CASTING.DLL
Removal Results: Success
Number of reboot: 1
CASTING.DLL is known as:
Trojan Click
Files:- %PROFILE%\ALPHAF.DLL
- %WINDIR%\CASTING.DLL
- %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U98D4X8H\NOTIFY[1].PHP
- %PROFILE%\TMP.VBE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
TNT2USER.EXE is Trojan Barys
We checked some samples of TNT2USER.EXE and detected the file TNT2USER.EXE as threat.
Remove the TNT2USER.EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of TNT2USER.EXE
Full path on a computer: %Local Appdata%\TNT2\2.0.0.1534\TNT2User.exe
Detected by UnHackMe:
TNT2USER.EXE
Default location: %Local Appdata%\TNT2\2.0.0.1534\TNT2User.exe
Removal Results: Success
Number of reboot: 1
TNT2USER.EXE is known as:
Trojan.Barys
TNT2USER.EXE hash:
- MD5: c89c47f425982d3d5100857af83939c1
Registry:- HKLM\Software\Classes\xmlfile\shell\Open\command\: “”%Program Files%\Internet Explorer\IEXPLORE.EXE” -nohome”
- HKLM\Software\Classes\xslfile\shell\Open\command\: “”%Program Files%\Internet Explorer\IEXPLORE.EXE” -nohome”
Folders:- %Local Appdata%\TNT2
- %Local Appdata%\TNT2\2.0.0.1534
Files:- %Local Appdata%\TNT2\2.0.0.1534\Autorun.inf
- %Local Appdata%\TNT2\2.0.0.1534\crx.tar
- %Local Appdata%\TNT2\2.0.0.1534\ffassist.1.dll
- %Local Appdata%\TNT2\2.0.0.1534\GLOBALUNINSTALL.TNT
- %Local Appdata%\TNT2\2.0.0.1534\hmac.1.dll
- %Local Appdata%\TNT2\2.0.0.1534\ie8starter.exe
- %Local Appdata%\TNT2\2.0.0.1534\iehpr.1.dll
- %Local Appdata%\TNT2\2.0.0.1534\iestage2.1.dll
- %Local Appdata%\TNT2\2.0.0.1534\IEToolbar.dll
- %Local Appdata%\TNT2\2.0.0.1534\IEToolbar64.dll
- %Local Appdata%\TNT2\2.0.0.1534\INSTALL.TNT
- %Local Appdata%\TNT2\2.0.0.1534\log.dll
- %Local Appdata%\TNT2\2.0.0.1534\npTNT2.dll
- %Local Appdata%\TNT2\2.0.0.1534\npTNT2Ghost.dll
- %Local Appdata%\TNT2\2.0.0.1534\OldStyleSB.1.dll
- %Local Appdata%\TNT2\2.0.0.1534\PARTNER.TNT
- %Local Appdata%\TNT2\2.0.0.1534\passport.dll
- %Local Appdata%\TNT2\2.0.0.1534\passport64.dll
- %Local Appdata%\TNT2\2.0.0.1534\pinnedSearch.htm
- %Local Appdata%\TNT2\2.0.0.1534\pinnedSearch_FindWide.htm
- %Local Appdata%\TNT2\2.0.0.1534\progress.1.dll
- %Local Appdata%\TNT2\2.0.0.1534\regsvr.1.dll
- %Local Appdata%\TNT2\2.0.0.1534\RemoteSkin.wms
- %Local Appdata%\TNT2\2.0.0.1534\sqlite.1.dll
- %Local Appdata%\TNT2\2.0.0.1534\tnt2chrome.dll
- %Local Appdata%\TNT2\2.0.0.1534\TNT2User.exe
- %Local Appdata%\TNT2\2.0.0.1534\TNT2UserPS.dll
- %Local Appdata%\TNT2\2.0.0.1534\TNT2UserPS64.dll
- %Local Appdata%\TNT2\2.0.0.1534\TntMagicDel.dll
- %Local Appdata%\TNT2\2.0.0.1534\UnInjLib.dll
- %Local Appdata%\TNT2\2.0.0.1534\UnInjLib64.dll
- %Local Appdata%\TNT2\2.0.0.1534\UNINSTALL.TNT
- %Local Appdata%\TNT2\2.0.0.1534\UninstallDlg.1.dll
- %Local Appdata%\TNT2\2.0.0.1534\untar.1.dll
- %Local Appdata%\TNT2\2.0.0.1534\UPDATE.TNT
- %Local Appdata%\TNT2\2.0.0.1534\xpi.tar
- %Local Appdata%\TNT2\2.0.0.1534\zipunzip.1.dll
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
WMINIT.EXE is Trojan Downloader
The file WMINIT.EXE is malware related.
You must delete the file WMINIT.EXE immediately!
Delete the file WMINIT.EXE without delay!
Kill the process WMINIT.EXE and remove WMINIT.EXE from the Windows startup.
Malware Analysis of WMINIT.EXE
Full path on a computer: %PROGRAM FILES COMMON%\SYSTEM\WMINIT.EXE
Detected by UnHackMe:
WMINIT.EXE
Default location: %PROGRAM FILES COMMON%\SYSTEM\WMINIT.EXE
Removal Results: Success
Number of reboot: 1
WMINIT.EXE is known as:
Trojan Downloader
Files:- %PROGRAM FILES COMMON%\SYSTEM\WMINIT.EXE
- %PROGRAM FILES COMMON%\SYSTEM\WMINIT.DAT
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
WINXPKEY.EXE is Trojan Downloader
We checked some samples of WINXPKEY.EXE and detected the file WINXPKEY.EXE as threat.
Remove the WINXPKEY.EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of WINXPKEY.EXE
Full path on a computer: %SYSTEMDRIVE%\WINXPKEY.EXE
Detected by UnHackMe:
WINXPKEY.EXE
Default location: %SYSTEMDRIVE%\WINXPKEY.EXE
Removal Results: Success
Number of reboot: 1
WINXPKEY.EXE is known as:
Trojan Downloader
Files:- %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KHMHGZ4F\H7H36D8000212102120102010210[1].PAC
- %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U98D4X8H\GERAR[1].PHP
- %SYSTEMDRIVE%\MYINFECT.KEY
- %SYSTEMDRIVE%\WINXPKEY.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
SIMPDATA.TLB is Trojan Killfiles
The file SIMPDATA.TLB is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete SIMPDATA.TLB we suggest you should use UnHackMe:
http://www.unhackme.com
Malware Analysis of SIMPDATA.TLB
Full path on a computer: %WINDIR%\WIN7\SIMPDATA.TLB
Detected by UnHackMe:
SIMPDATA.TLB
Default location: %WINDIR%\WIN7\SIMPDATA.TLB
Removal Results: Success
Number of reboot: 1
SIMPDATA.TLB is known as:
Trojan.Killfiles
Files:- %WINDIR%\WIN7\MSPRIVS.DLL
- %WINDIR%\WIN7\MSMMSP.DLL
- %WINDIR%\WIN7\MSRLE32.DLL
- %WINDIR%\WIN7\MSRALEGACY.TLB
- %WINDIR%\WIN7\SIMPDATA.TLB
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
PRIMNOG.DLL is Trojan Downloader
The file PRIMNOG.DLL is identified as a virus dropper.
The dropper PRIMNOG.DLL is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file PRIMNOG.DLL loads into the computer memory and tries to connect to the dangerous web site.
Usually the PRIMNOG.DLL dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the PRIMNOG.DLL process and delete the file PRIMNOG.DLL.
Malware Analysis of PRIMNOG.DLL
Full path on a computer: %LOCAL APPDATA%\PRIMNOG.DLL
Detected by UnHackMe:
PRIMNOG.DLL
Default location: %LOCAL APPDATA%\PRIMNOG.DLL
Removal Results: Success
Number of reboot: 1
PRIMNOG.DLL is known as:
Trojan Downloader
Files:- %LOCAL APPDATA%\PRIMNOG.DLL
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
NOIR.ART is Trojan Siggen
We checked up the file NOIR.ART and found it hazardous.
The file NOIR.ART must be deleted from the system immediately.
Kill the process NOIR.ART and remove NOIR.ART from the Windows startup.
Malware Analysis of NOIR.ART
Full path on a computer: %TEMP%\NOIR.ART
Detected by UnHackMe:
NOIR.ART
Default location: %TEMP%\NOIR.ART
Removal Results: Success
Number of reboot: 1
NOIR.ART is known as:
Trojan Siggen
Files:- %TEMP%\NOIR.ART
- %TEMP%\AUT1.TMP
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
MINERDINSTALL.EXE is Trojan Downloader
The file MINERDINSTALL.EXE can destroy your system, thus making the computer to work abnormally.
MINERDINSTALL.EXE is a dangerous file.
RemoveMINERDINSTALL.EXE from your computer immediately.
Kill the process MINERDINSTALL.EXE and remove MINERDINSTALL.EXE from the Windows startup.
Malware Analysis of MINERDINSTALL.EXE
Full path on a computer: %TEMP%\RARSFX0\MINERDINSTALL.EXE
Detected by UnHackMe:
MINERDINSTALL.EXE
Default location: %TEMP%\RARSFX0\MINERDINSTALL.EXE
Removal Results: Success
Number of reboot: 1
MINERDINSTALL.EXE is known as:
Trojan Downloader
Files:- %PROGRAMFILES%\MINER\LIBCURL-4.DLL
- %PROGRAMFILES%\MINER\LIBCURL.DLL
- %PROGRAMFILES%\MINER\LIBEAY32.DLL
- %PROGRAMFILES%\MINER\MINERDUNINSTALL.EXE
- %TEMP%\RARSFX0\MINERDINSTALL.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
INS64.EXE is Trojan Downloader
We checked up the file INS64.EXE and found it hazardous.
The file INS64.EXE must be deleted from the system immediately.
Kill the process INS64.EXE and remove INS64.EXE from the Windows startup.
Malware Analysis of INS64.EXE
Full path on a computer: %TEMP%\INS\INS64.EXE
Detected by UnHackMe:
INS64.EXE
Default location: %TEMP%\INS\INS64.EXE
Removal Results: Success
Number of reboot: 1
INS64.EXE is known as:
Trojan Downloader
Files:- %PROGRAMFILES%\BAIDU\TOOLBAR\IMG\24.ICO
- %PROGRAMFILES%\BAIDU\TOOLBAR\IMG\23.ICO
- %PROGRAMFILES%\BAIDU\TOOLBAR\IMG\27.ICO
- %PROGRAMFILES%\BAIDU\TOOLBAR\IMG\3.ICO
- %TEMP%\INS\INS64.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
IASS.EXE is Trojan MulDrop4
Is the file IASS.EXE located on your computer? Then your computer is infected.
We do suggest you should remove IASS.EXE from your computer as soon as possible.
IASS.EXE is Trojan/Backdoor.
Kill the process IASS.EXE and remove IASS.EXE from the Windows startup.
Malware Analysis of IASS.EXE
Full path on a computer: %SYSDIR%\IASS.EXE
Detected by UnHackMe:
IASS.EXE
Default location: %SYSDIR%\IASS.EXE
Removal Results: Success
Number of reboot: 1
IASS.EXE is known as:
Trojan MulDrop4
Files:- \XPDLL.DLL
- %SYSDIR%\IASS.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
GXTHLDY.DLL is Trojan AVKill
The file GXTHLDY.DLL is malware related.
You must delete the file GXTHLDY.DLL immediately!
Delete the file GXTHLDY.DLL without delay!
Kill the process GXTHLDY.DLL and remove GXTHLDY.DLL from the Windows startup.
Malware Analysis of GXTHLDY.DLL
Full path on a computer: %TEMP%\GXTHLDY\GXTHLDY.DLL
Detected by UnHackMe:
GXTHLDY.DLL
Default location: %TEMP%\GXTHLDY\GXTHLDY.DLL
Removal Results: Success
Number of reboot: 1
GXTHLDY.DLL is known as:
Trojan AVKill
Files:- %LOCAL APPDATA%\MOZILLA\MOZILLA\GXTHLDY.DLL
- %APPDATA%\MOZILLA\FIREFOX\PROFILES\CWDGT0Y8.DEFAULT\EXTENSIONS\CJACMYCNQJ@CJACMYCNQJ.ORG.XPI
- %TEMP%\GXTHLDY\GXTHLDY.DLL
- %TEMP%\NSF2.TMP
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
GOOGLEWORD.EXE is under review
GOOGLEWORD.EXE is unknown, probably legitimate.
If the file GOOGLEWORD.EXE is located on your computer, download UnHackMe for free to fix the problem with GOOGLEWORD.EXE.
Malware Analysis of GOOGLEWORD.EXE
Full path on a computer: %SYSDIR%\GOOGLEWORD.EXE
Detected by UnHackMe:
GOOGLEWORD.EXE
Default location: %SYSDIR%\GOOGLEWORD.EXE
Removal Results: Success
Number of reboot: 1
GOOGLEWORD.EXE is known as:
Dialer.Netvision
Files:- %TEMP%\00019CD7.BAT
- %SYSDIR%\GOOGLEWORD.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
GAMELOGIN.EXE is Trojan Downloader
We checked up the file GAMELOGIN.EXE and found it hazardous.
The file GAMELOGIN.EXE must be deleted from the system immediately.
Kill the process GAMELOGIN.EXE and remove GAMELOGIN.EXE from the Windows startup.
Malware Analysis of GAMELOGIN.EXE
Full path on a computer: \GAMELOGIN.EXE
Detected by UnHackMe:
GAMELOGIN.EXE
Default location: \GAMELOGIN.EXE
Removal Results: Success
Number of reboot: 1
GAMELOGIN.EXE is known as:
Trojan Downloader
Files:- \UPDATE.BAT
- \WGET.EXE
- \LOGIN.TXT
- \UP.VBS
- \GAMELOGIN.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
FREE DOWNLOAD MANAGER793686.EXE is Adware InstallBrain
We received the file FREE DOWNLOAD MANAGER793686.EXE and detected that FREE DOWNLOAD MANAGER793686.EXE is not good.
FREE DOWNLOAD MANAGER793686.EXE is Adware. You should remove the file FREE DOWNLOAD MANAGER793686.EXE.
Kill the process FREE DOWNLOAD MANAGER793686.EXE and remove FREE DOWNLOAD MANAGER793686.EXE from Windows.
Malware Analysis of FREE DOWNLOAD MANAGER793686.EXE
Full path on a computer: %TEMP%\FREE DOWNLOAD MANAGER793686.EXE
Detected by UnHackMe:
FREE DOWNLOAD MANAGER793686.EXE
Default location: %TEMP%\FREE DOWNLOAD MANAGER793686.EXE
Removal Results: Success
Number of reboot: 1
FREE DOWNLOAD MANAGER793686.EXE is known as:
Adware InstallBrain
FREE DOWNLOAD MANAGER793686.EXE hash:
-
MD5: E57A9AC74B271A8DAE166A25F0CFD4E9
Files:- %TEMP%\FREE DOWNLOAD MANAGER793686.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
FILEEXTHANDLER.EXE is Trojan UnwantedProgram
The file FILEEXTHANDLER.EXE can destroy your system, thus making the computer to work abnormally.
FILEEXTHANDLER.EXE is a dangerous file.
RemoveFILEEXTHANDLER.EXE from your computer immediately.
Kill the process FILEEXTHANDLER.EXE and remove FILEEXTHANDLER.EXE from the Windows startup.
Malware Analysis of FILEEXTHANDLER.EXE
Full path on a computer: %LOCAL APPDATA%\PC MIGHTYMAX 2012\FILEEXTHANDLER.EXE
Detected by UnHackMe:
FILEEXTHANDLER.EXE
Default location: %LOCAL APPDATA%\PC MIGHTYMAX 2012\FILEEXTHANDLER.EXE
Removal Results: Success
Number of reboot: 1
FILEEXTHANDLER.EXE is known as:
Trojan UnwantedProgram
Files:- %LOCAL APPDATA%\PC MIGHTYMAX 2012\DIAGNOSTICREPORTER.ICO
- %LOCAL APPDATA%\PC MIGHTYMAX 2012\ELEVATEHELPER.EXE
- %PROFILE%\START MENU\PROGRAMS\PC MIGHTYMAX 2012\PC MIGHTYMAX 2012.LNK
- %LOCAL APPDATA%\PC MIGHTYMAX 2012\ICON.ICO
- %LOCAL APPDATA%\PC MIGHTYMAX 2012\FILEEXTHANDLER.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
D3DX9_21.DLL is Trojan Downloader
The file D3DX9_21.DLL is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete D3DX9_21.DLL we suggest you should use UnHackMe:
http://www.unhackme.com
Malware Analysis of D3DX9_21.DLL
Full path on a computer: %SYSDIR%\D3DX9_21.DLL
Detected by UnHackMe:
D3DX9_21.DLL
Default location: %SYSDIR%\D3DX9_21.DLL
Removal Results: Success
Number of reboot: 1
D3DX9_21.DLL is known as:
Trojan Downloader
Files:- %SYSDIR%\D3DX9_21.DLL
- %LOCAL APPDATA%\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\6P5SDOMI\COCOADGSPY_CO19_KR[1]
- %LOCAL APPDATA%\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\BOWDBRP7\COCOAMSWINSCK_CO19_KR[1]
- %SYSDIR%\MSWINSCK.OCX
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
CRLS.EXE is Trojan Muldrop3
The file CRLS.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete CRLS.EXE we suggest you should use UnHackMe:
http://www.unhackme.com
Malware Analysis of CRLS.EXE
Full path on a computer: %SYSTEMDRIVE%\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MICROSOFT\SYSTEMCERTIFICATES\MY\CRLS.EXE
Detected by UnHackMe:
CRLS.EXE
Default location: %SYSTEMDRIVE%\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MICROSOFT\SYSTEMCERTIFICATES\MY\CRLS.EXE
Removal Results: Success
Number of reboot: 1
CRLS.EXE is known as:
Trojan.Muldrop3
Files:- %PROGRAM FILES COMMON%\MICROSOFT SHARED\WEB SERVER EXTENSIONS\40\ISAPI.EXE
- %PROGRAM FILES COMMON%\MICROSOFT SHARED\WEB SERVER EXTENSIONS\40\BOTS\VINAVBAR.EXE
- %PROGRAM FILES COMMON%\MICROSOFT SHARED\WEB SERVER EXTENSIONS\40\ISAPI\_VTI_AUT.EXE
- %PROGRAM FILES COMMON%\MICROSOFT SHARED\WEB SERVER EXTENSIONS\40\ISAPI\_VTI_ADM.EXE
- %SYSTEMDRIVE%\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MICROSOFT\SYSTEMCERTIFICATES\MY\CRLS.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
COOKIEMAN.EXE is Adware W3I
We received the file COOKIEMAN.EXE and detected that COOKIEMAN.EXE is not good.
COOKIEMAN.EXE is Adware. You should remove the file COOKIEMAN.EXE.
Kill the process COOKIEMAN.EXE and remove COOKIEMAN.EXE from Windows.
Malware Analysis of COOKIEMAN.EXE
Full path on a computer: %LOCAL APPDATA%LOW\COOKIEMAN.EXE
Detected by UnHackMe:
COOKIEMAN.EXE
Default location: %LOCAL APPDATA%LOW\COOKIEMAN.EXE
Removal Results: Success
Number of reboot: 1
COOKIEMAN.EXE is known as:
Adware.W3I
Files:- %TEMP%\PKG_1112322080\DETECTIONRULES.DAT
- %LOCAL APPDATA%LOW\COOKIEMAN.EXE
- \DEVICE\HARDDISKVOLUME1\BOOT\BCD
- \DEVICE\HARDDISKVOLUME1\BOOT\BCD.LOG
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
COLOUS.EXE is Trojan FrauDrop
The file COLOUS.EXE can destroy your system, thus making the computer to work abnormally.
COLOUS.EXE is a dangerous file.
RemoveCOLOUS.EXE from your computer immediately.
Kill the process COLOUS.EXE and remove COLOUS.EXE from the Windows startup.
Malware Analysis of COLOUS.EXE
Full path on a computer: %WINDIR%\COLOUS.EXE
Detected by UnHackMe:
COLOUS.EXE
Default location: %WINDIR%\COLOUS.EXE
Removal Results: Success
Number of reboot: 1
COLOUS.EXE is known as:
Trojan FrauDrop
COLOUS.EXE hash:
-
MD5: AD83AE05604B32C0380AD26E69CA50CD
Files:- C:\AT-DESTROYER.TXT
- %TEMP%\17.TMP\AT-DESTROYER.BAT
- %TEMP%\AT-DESTROYER\AT-DESTROYER.EXE
- %WINDIR%\COLOUS.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
ACTIVEX1.BIN is Trojan SwfDrop
The file ACTIVEX1.BIN can destroy your system, thus making the computer to work abnormally.
ACTIVEX1.BIN is a dangerous file.
RemoveACTIVEX1.BIN from your computer immediately.
Kill the process ACTIVEX1.BIN and remove ACTIVEX1.BIN from the Windows startup.
Malware Analysis of ACTIVEX1.BIN
Full path on a computer: %TEMP%\WORD\ACTIVEX\ACTIVEX1.BIN
Detected by UnHackMe:
ACTIVEX1.BIN
Default location: %TEMP%\WORD\ACTIVEX\ACTIVEX1.BIN
Removal Results: Success
Number of reboot: 1
ACTIVEX1.BIN is known as:
Trojan SwfDrop
ACTIVEX1.BIN hash:
-
MD5: E84119E5D1DBF340AA4F601ACBD82BA2
Files:- %TEMP%\WORD\ACTIVEX\ACTIVEX1.BIN
- %TEMP%\WORD\ACTIVEX\_RELS\ACTIVEX1.XML.RELS
- %TEMP%\WORD\_RELS\DOCUMENT.XML.RELS
- %TEMP%\_RELS\.RELS
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
39EIPLUG.DLL is Adware FunWeb
We received the file 39EIPLUG.DLL and detected that 39EIPLUG.DLL is not good.
39EIPLUG.DLL is Adware. You should remove the file 39EIPLUG.DLL.
Kill the process 39EIPLUG.DLL and remove 39EIPLUG.DLL from Windows.
Malware Analysis of 39EIPLUG.DLL
Full path on a computer: %PROGRAMFILES%\MAPSGALAXY_39EI\INSTALLR\1.BIN\39EIPLUG.DLL
Detected by UnHackMe:
39EIPLUG.DLL
Default location: %PROGRAMFILES%\MAPSGALAXY_39EI\INSTALLR\1.BIN\39EIPLUG.DLL
Removal Results: Success
Number of reboot: 1
39EIPLUG.DLL is known as:
Adware FunWeb
39EIPLUG.DLL hash:
-
MD5: FF65CDF22CCBD62B9D360DAD3220B41B
Files:- %PROGRAMFILES%\MAPSGALAXY_39EI\INSTALLR\1.BIN\39EIPLUG.DLL
- %PROGRAMFILES%\MAPSGALAXY_39EI\INSTALLR\1.BIN\39EZSETP.DLL
- %PROGRAMFILES%\MAPSGALAXY_39EI\INSTALLR\1.BIN\NP39EISB.DLL
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
XF-MCCS6.EXE is Worm AMN
The file XF-MCCS6.EXE is a computer worm.
The worm XF-MCCS6.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the XF-MCCS6.EXE problem as soon as possible!
Delete the file XF-MCCS6.EXE from all infected computers in your network.
Set up your network firewall against XF-MCCS6.EXE intervention.
Malware Analysis of XF-MCCS6.EXE
Full path on a computer: %TEMP%\CRACK-WINDOWS\XF-MCCS6.EXE
Detected by UnHackMe:
XF-MCCS6.EXE
Default location: %TEMP%\CRACK-WINDOWS\XF-MCCS6.EXE
Removal Results: Success
Number of reboot: 1
XF-MCCS6.EXE is known as:
Worm AMN
XF-MCCS6.EXE hash:
-
MD5: 1AF76EF8857935EB1D8E46DC9CFE3729
Files:- %TEMP%\CRACK-WINDOWS\DISABLE_ACTIVATION.CMD
- %TEMP%\CRACK-WINDOWS\INSTALL.TXT
- %TEMP%\CRACK-WINDOWS\README.TXT
- %TEMP%\CRACK-WINDOWS\XF-MCCS6.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
VPSCONFIG.EXE is Trojan Downloader
Is the file VPSCONFIG.EXE located on your computer? Then your computer is infected.
We do suggest you should remove VPSCONFIG.EXE from your computer as soon as possible.
VPSCONFIG.EXE is Trojan/Backdoor.
Kill the process VPSCONFIG.EXE and remove VPSCONFIG.EXE from the Windows startup.
Malware Analysis of VPSCONFIG.EXE
Full path on a computer: %PROGRAMFILES%\NEWMEDIACODEC\VPSCONFIG.EXE
Detected by UnHackMe:
VPSCONFIG.EXE
Default location: %PROGRAMFILES%\NEWMEDIACODEC\VPSCONFIG.EXE
Removal Results: Success
Number of reboot: 1
VPSCONFIG.EXE is known as:
Trojan Downloader
Files:- %TEMP%\TMP3.TMP
- %TEMP%\TMP3.TMP.BAT
- %TEMP%\NSL2.TMP\NSISDL.DLL
- %TEMP%\BIT4.TMP
- %PROGRAMFILES%\NEWMEDIACODEC\VPSCONFIG.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
TRULER 120 GAMEZER.JAR is under review
TRULER 120 GAMEZER.JAR is unknown, probably legitimate.
If the file TRULER 120 GAMEZER.JAR is located on your computer, download UnHackMe for free to fix the problem with TRULER 120 GAMEZER.JAR.
Malware Analysis of TRULER 120 GAMEZER.JAR
Full path on a computer: %TEMP%\E4J8.TMP_DIR23867\TRULER 120 GAMEZER.JAR
Detected by UnHackMe:
TRULER 120 GAMEZER.JAR
Default location: %TEMP%\E4J8.TMP_DIR23867\TRULER 120 GAMEZER.JAR
Removal Results: Success
Number of reboot: 1
TRULER 120 GAMEZER.JAR is known as:
Unknow
TRULER 120 GAMEZER.JAR hash:
-
MD5: 998C8D43711A6112B5C8A527E9DB0A3B
Files:- %TEMP%\CRVA.EXE
- %TEMP%\E4J8.TMP_DIR23867\EXE4JLIB.JAR
- %TEMP%\E4J8.TMP_DIR23867\I4JDEL.EXE
- %TEMP%\E4J8.TMP_DIR23867\TRULER 120 GAMEZER.JAR
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
SHINORAT.EXE is Trojan StartPage
The file SHINORAT.EXE is identified as a virus dropper.
The dropper SHINORAT.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file SHINORAT.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the SHINORAT.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the SHINORAT.EXE process and delete the file SHINORAT.EXE.
Malware Analysis of SHINORAT.EXE
Full path on a computer: %SYSTEMDRIVE%\SHINORAT.EXE
Detected by UnHackMe:
SHINORAT.EXE
Default location: %SYSTEMDRIVE%\SHINORAT.EXE
Removal Results: Success
Number of reboot: 1
SHINORAT.EXE is known as:
Trojan StartPage
Files:- %SYSTEMDRIVE%\SHINORAT.EXE
- %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KHMHGZ4F\SHINORAT[1].EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
MSASGUI.EXE is Trojan Hllw
We checked some samples of MSASGUI.EXE and detected the file MSASGUI.EXE as threat.
Remove the MSASGUI.EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of MSASGUI.EXE
Full path on a computer: %SYSDIR%\MSASGUI.EXE
Detected by UnHackMe:
MSASGUI.EXE
Default location: %SYSDIR%\MSASGUI.EXE
Removal Results: Success
Number of reboot: 1
MSASGUI.EXE is known as:
Trojan Hllw
Files:- %SYSDIR%\MSASGUI.EXE
- \MSNMSG.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
HUIQT.DLL is Trojan Killproc
Is the file HUIQT.DLL located on your computer? Then your computer is infected.
We do suggest you should remove HUIQT.DLL from your computer as soon as possible.
HUIQT.DLL is Trojan/Backdoor.
Kill the process HUIQT.DLL and remove HUIQT.DLL from the Windows startup.
Malware Analysis of HUIQT.DLL
Full path on a computer: %APPDATA%\WINDOWSPE\HUIQT.DLL
Detected by UnHackMe:
HUIQT.DLL
Default location: %APPDATA%\WINDOWSPE\HUIQT.DLL
Removal Results: Success
Number of reboot: 1
HUIQT.DLL is known as:
Trojan.Killproc
Files:- %APPDATA%\WINDOWSPE\COINUTIL.DLL
- %APPDATA%\WINDOWSPE\USFT_EXT.EXE.VBS
- %APPDATA%\WINDOWSPE\FTPCMD.BAT
- %APPDATA%\WINDOWSPE\FTPCMD.DAT
- %APPDATA%\WINDOWSPE\HUIQT.DLL
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
DPISCA.EXE is Trojan Muldrop1
We checked some samples of DPISCA.EXE and detected the file DPISCA.EXE as threat.
Remove the DPISCA.EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of DPISCA.EXE
Full path on a computer: %WINDIR%\DPISCA.EXE
Detected by UnHackMe:
DPISCA.EXE
Default location: %WINDIR%\DPISCA.EXE
Removal Results: Success
Number of reboot: 1
DPISCA.EXE is known as:
Trojan.Muldrop1
Files:- %TEMP%\NSL3.TMP\NSEXEC.DLL
- %TEMP%\NSL3.TMP\NS4.TMP
- %WINDIR%\MONKEY2.EXE
- %TEMP%\NSL2.TMP
- %WINDIR%\DPISCA.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
ATHEROSSVC.EXE is Trojan Downloader
The file ATHEROSSVC.EXE can destroy your system, thus making the computer to work abnormally.
ATHEROSSVC.EXE is a dangerous file.
RemoveATHEROSSVC.EXE from your computer immediately.
Kill the process ATHEROSSVC.EXE and remove ATHEROSSVC.EXE from the Windows startup.
Malware Analysis of ATHEROSSVC.EXE
Full path on a computer: %PROGRAM FILES COMMON%\SYSTEM\ATHEROSSVC.EXE
Detected by UnHackMe:
ATHEROSSVC.EXE
Default location: %PROGRAM FILES COMMON%\SYSTEM\ATHEROSSVC.EXE
Removal Results: Success
Number of reboot: 1
ATHEROSSVC.EXE is known as:
Trojan Downloader
Files:- %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KHMHGZ4F\MANAGE2.FUNTODAY[1]
- %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\YPORKZYZ\MANAGE.FUNTODAY[1]
- %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2VAZY7AN\MANAGE.FUNTODAY[1]
- %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U98D4X8H\MANAGE3.FUNTODAY[1]
- %PROGRAM FILES COMMON%\SYSTEM\ATHEROSSVC.EXE
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
FBDSVCMAN.EXE is Adware KrAdword.79464
We received the file FBDSVCMAN.EXE and detected that FBDSVCMAN.EXE is not good.
FBDSVCMAN.EXE is Adware. You should remove the file FBDSVCMAN.EXE.
Kill the process FBDSVCMAN.EXE and remove FBDSVCMAN.EXE from Windows.
Malware Analysis of FBDSVCMAN.EXE
Full path on a computer: %Appdata%\SpeedDownload\FBDSvcMan.exe
Detected by UnHackMe:
Item Name: rpga
Author:
Related File: %Appdata%\SpeedDownload\rpgchk.exe
Type: Registry Run
FBDSVCMAN.EXE
Default location: %Appdata%\SpeedDownload\FBDSvcMan.exe
Removal Results: Success
Number of reboot: 1
FBDSVCMAN.EXE is known as:
Adware.KrAdword.79464, Adware.KorAd, PUP.FileBaroDown
FBDSVCMAN.EXE hash:
- MD5: ea650435120595cbc6029c437ccfe582
Registry:- HKLM\Software\Classes\CLSID\{28496816-3E54-4563-B947-E231A41BA575}\LocalServer32\: “”%Appdata%\SpeedDownload\SpeedGet.exe”"
- HKLM\Software\Classes\CLSID\{5121BCAB-14D5-40AD-A469-4437CC51F7AA}\InprocServer32\: “%Appdata%\SpeedDownload\FBDMgr.dll”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SpeedDownload: “%Appdata%\SpeedDownload\FBDManager.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\rpga: “%Appdata%\SpeedDownload\rpgchk.exe”
- HKLM\System\CurrentControlSet\Services\FBDSvcman\ImagePath: “%Appdata%\SpeedDownload\FBDSvcMan.exe”
- HKLM\System\CurrentControlSet\Services\FBDSvcman\DisplayName: “FBDSvcman”
- HKLM\System\CurrentControlSet\Services\FBDSvcman\ObjectName: “LocalSystem”
Folders:- %Appdata%\SpeedDownload
- %Appdata%\SpeedDownload\temp
Files:- %Appdata%\SpeedDownload\fbdchk.exe
- %Appdata%\SpeedDownload\FBDManager.exe
- %Appdata%\SpeedDownload\FBDMgr.dll
- %Appdata%\SpeedDownload\FBDSvcMan.exe
- %Appdata%\SpeedDownload\FBDUnist.exe
- %Appdata%\SpeedDownload\SpeedGet.exe
- %Appdata%\SpeedDownload\SpeedGet.tlb
- %Temp%\rpgd.bat
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
