WINM.EXE is Backdoor Bebloh
The program WINM.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with WINM.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of WINM.EXE
Full path on a computer: %SysDir%winm.exe
Detected by UnHackMe:
Item Name: userinit.exe
Author: Unknown
Related File: %SYSDIR%WINM.EXE
Type: Image Executions Debugger
Detected by RegRun Warrior:
Item Name: userinit.exe
Author:
Related File: %SysDir%winm.exe
Type: Image Executions Debugger
Removal Results: Success
Number of reboot: 2
WINM.EXE is known as:
Backdoor.Bebloh, Trojan.Agent, TrojanSpy.Bebloh, Trojan.Bublik, Packed.Krap
WINM.EXE hash:
- MD5: 48352e3a034a95845864c0f6aad07d39
Registry:- HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsuserinit.exeDebugger: “winm.exe”
Files:- %SysDir%winm.exe
BEERBEER.EXE is Trojan Agent
We checked up the file BEERBEER.EXE and found it hazardous.
The file BEERBEER.EXE must be deleted from the system immediately.
Kill the process BEERBEER.EXE and remove BEERBEER.EXE from the Windows startup.
Malware Analysis of BEERBEER.EXE
Full path on a computer: %Program Files%Internet ExplorerInternet Explorerbeerbeer.exe
Detected by UnHackMe:
BEERBEER.EXE
Default location: %Program Files%Internet ExplorerInternet Explorerbeerbeer.exe
Removal Results: Success
Number of reboot: 1
BEERBEER.EXE is known as:
Trojan.Agent, Trojan.AVKill
BEERBEER.EXE hash:
- MD5: 2acf55697a3a1c3b483899c23c1a51bc
Files:- %Program Files%Internet ExplorerInternet Explorerbeerbeer.exe
- %Program Files%Internet ExplorerInternet Explorergvdde.dll
- %Program Files%Internet ExplorerInternet Explorergvdde.InstallState
- %Program Files%Internet ExplorerInternet ExplorerInterop.SHDocVw.DLL
- %WinDir%Installer10399.msi
IWDQ.EXE is Trojan KeyLogger
We checked up the file IWDQ.EXE and found it hazardous.
The file IWDQ.EXE must be deleted from the system immediately.
Kill the process IWDQ.EXE and remove IWDQ.EXE from the Windows startup.
Malware Analysis of IWDQ.EXE
Full path on a computer: %SysDir%28463IWDQ.exe
Detected by UnHackMe:
IWDQ.EXE
Default location: %SysDir%28463IWDQ.exe
Removal Results: Success
Number of reboot: 1
IWDQ.EXE is known as:
Trojan.KeyLogger, KeyLogger.Ardamax, Spyware.Ardakey
IWDQ.EXE hash:
- MD5: 17535dddecf8cb1efdba1f1952126547
Registry:- HKLMSoftwareMicrosoftWindowsCurrentVersionRunIWDQ Agent: “%SysDir%28463IWDQ.exe”
Folders:- %SysDir%28463
Files:- %Temp%@2.tmp
- %SysDir%28463IWDQ.001
- %SysDir%28463IWDQ.006
- %SysDir%28463IWDQ.007
- %SysDir%28463IWDQ.009
- %SysDir%28463IWDQ.exe
RATEWON.EXE is Backdoor IRCBot
The program RATEWON.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with RATEWON.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of RATEWON.EXE
Full path on a computer: %SysDir%dllcacheRatewon.exe
Detected by UnHackMe:
RATEWON.EXE
Default location: %SysDir%dllcacheRatewon.exe
Removal Results: Success
Number of reboot: 1
RATEWON.EXE is known as:
Backdoor.IRCBot, Worm.Fujack, Backdoor.Popwin
RATEWON.EXE hash:
- MD5: 8c56f204028b6d0eb7e18fe36c698781
Registry:- HKLMSystemCurrentControlSetServicesWindows ServiceImagePath: “”%SysDir%dllcacheRatewon.exe”"
- HKLMSystemCurrentControlSetServicesWindows ServiceDescription: “Windows Disks Manager Services.”
Files:- %SysDir%dllcacheRatewon.exe
CLOUD_.EXE is Trojan Banload
Is the file CLOUD_.EXE located on your computer? Then your computer is infected.
We do suggest you should remove CLOUD_.EXE from your computer as soon as possible.
CLOUD_.EXE is Trojan/Backdoor.
Kill the process CLOUD_.EXE and remove CLOUD_.EXE from the Windows startup.
Malware Analysis of CLOUD_.EXE
Full path on a computer: %Program Files%\cloudpop\cloud_.exe
Detected by UnHackMe:
CLOUD_.EXE
Default location: %Program Files%\cloudpop\cloud_.exe
Removal Results: Success
Number of reboot: 1
CLOUD_.EXE is known as:
Trojan.Banload, Trojan.Banker1
CLOUD_.EXE hash:
- MD5: e68a454a981b36c90de82ba75d6c42d0
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\cloudpop.exe: “%Program Files%\cloudpop\cloudpop.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\cloud_.exe: “%Program Files%\cloudpop\cloud_.exe”
Folders:- %Program Files%\cloudpop
Files:- %Program Files%\cloudpop\cloudpop.exe
- %Program Files%\cloudpop\cloud_.exe
- %Program Files%\cloudpop\uninstall.exe
CLOUDPOP.EXE is Adware Cloudpop
We received the file CLOUDPOP.EXE and detected that CLOUDPOP.EXE is not good.
CLOUDPOP.EXE is Adware. You should remove the file CLOUDPOP.EXE.
Kill the process CLOUDPOP.EXE and remove CLOUDPOP.EXE from Windows.
Malware Analysis of CLOUDPOP.EXE
Full path on a computer: %Program Files%\cloudpop\cloudpop.exe
Detected by UnHackMe:
CLOUDPOP.EXE
Default location: %Program Files%\cloudpop\cloudpop.exe
Removal Results: Success
Number of reboot: 1
CLOUDPOP.EXE is known as:
Adware.Cloudpop, Adware.Kraddare, Trojan.Banker
CLOUDPOP.EXE hash:
- MD5: 9caf13173b48ba71f20513b93d71734c
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\cloudpop.exe: “%Program Files%\cloudpop\cloudpop.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\cloud_.exe: “%Program Files%\cloudpop\cloud_.exe”
Folders:- %Program Files%\cloudpop
Files:- %Program Files%\cloudpop\cloudpop.exe
- %Program Files%\cloudpop\cloud_.exe
- %Program Files%\cloudpop\uninstall.exe
IEXP10RE.EXE is Trojan Injector
We checked up the file IEXP10RE.EXE and found it hazardous.
The file IEXP10RE.EXE must be deleted from the system immediately.
Kill the process IEXP10RE.EXE and remove IEXP10RE.EXE from the Windows startup.
Malware Analysis of IEXP10RE.EXE
Full path on a computer: %Program Files Common%Microsoft SharedMSInfoiexp10re.exe
Detected by UnHackMe:
IEXP10RE.EXE
Default location: %Program Files Common%Microsoft SharedMSInfoiexp10re.exe
Removal Results: Success
Number of reboot: 1
IEXP10RE.EXE is known as:
Trojan.Injector
IEXP10RE.EXE hash:
- MD5: 80db975415550c77c6fccb0e71e88910
Registry:- HKLMSystemCurrentControlSetServicesNetwork Location.ImagePath: “C:PROGRA~1COMMON~1MICROS~1MSInfoiexp10re.exe”
Files:- %Recent%iexp10re.lnk
- %Recent%Startup.lnk
- %Startup%iexp10re.vbs
- %Program Files Common%Microsoft SharedMSInfoiexp10re.exe
- %Program Files%iiexp10re.exe
- %SysDir%iexp10re.vbs
IIEXP10RE.EXE is Trojan Injector
Is the file IIEXP10RE.EXE located on your computer? Then your computer is infected.
We do suggest you should remove IIEXP10RE.EXE from your computer as soon as possible.
IIEXP10RE.EXE is Trojan/Backdoor.
Kill the process IIEXP10RE.EXE and remove IIEXP10RE.EXE from the Windows startup.
Malware Analysis of IIEXP10RE.EXE
Full path on a computer: %Program Files%iiexp10re.exe
Detected by UnHackMe:
IIEXP10RE.EXE
Default location: %Program Files%iiexp10re.exe
Removal Results: Success
Number of reboot: 1
IIEXP10RE.EXE is known as:
Trojan.Injector
IIEXP10RE.EXE hash:
- MD5: 80db975415550c77c6fccb0e71e88910
Registry:- MSystemCurrentControlSetServicesNetwork Location.ImagePath: “C:PROGRA~1COMMON~1MICROS~1MSInfoiexp10re.exe”
Files:- %Recent%iexp10re.lnk
- %Recent%Startup.lnk
- %Startup%iexp10re.vbs
- %Program Files Common%Microsoft SharedMSInfoiexp10re.exe
- %Program Files%iiexp10re.exe
- %SysDir%iexp10re.vbs
BEMA.EXE is Backdoor Sdbot
The program BEMA.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with BEMA.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of BEMA.EXE
Full path on a computer: %Program Files Common%Systembema.exe
Detected by UnHackMe:
Item Name: Windows System
Author: Unknown
Related File: %PROGRAM FILES COMMON%SYSTEMBEMA.EXE
Type: Registry Run
Item Name: bema.exe
Author: Unknown
Related File: %PROGRAM FILES COMMON%SYSTEMBEMA.EXE
Type: Running Processes
Removal Results: Success
Number of reboot: 1
BEMA.EXE is known as:
Backdoor.Sdbot
BEMA.EXE hash:
- MD5: 787a03ad6c04fe42a06aa8e96ed6b9d4
Registry:- HKLMSoftwareMicrosoftWindowsCurrentVersionRunWindows System: “%Program Files Common%Systembema.exe”
Folders:- %Program Files Common%System
Files:- %Program Files Common%Systembema.exe
UFIVE17.EXE is Virus Virut
The file UFIVE17.EXE is a computer worm.
The worm UFIVE17.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the UFIVE17.EXE problem as soon as possible!
Delete the file UFIVE17.EXE from all infected computers in your network.
Set up your network firewall against UFIVE17.EXE intervention.
Malware Analysis of UFIVE17.EXE
Full path on a computer: C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1170ufive17.exe
Detected by UnHackMe:
UFIVE17.EXE
Default location: C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1170ufive17.exe
Removal Results: Success
Number of reboot: 1
UFIVE17.EXE is known as:
Virus.Virut, Worm.Ngrbot, Trojan.Lethic
UFIVE17.EXE hash:
- MD5: 58cc9057c31f18a8481e3a507c959244
Registry:- HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonTaskman: “C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1170ufive17.exe”
- HKCUSoftwareMicrosoftWindowsCurrentVersionRunuzfive172: “C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1170ufive17.exe”
- HKCUSoftwareMicrosoftWindows NTCurrentVersionWinlogonShell: “explorer.exe,C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1170ufive17.exe”
Folders:- C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1170
Files:- C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1170Desktop.ini
- C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1170ufive17.exe
VISIO.EXE is Trojan Dialer
We checked up the file VISIO.EXE and found it hazardous.
The file VISIO.EXE must be deleted from the system immediately.
Kill the process VISIO.EXE and remove VISIO.EXE from the Windows startup.
Malware Analysis of VISIO.EXE
Full path on a computer: %Program Files%Montorgueilvisiovisio.exe
Detected by UnHackMe:
VISIO.EXE
Default location: %Program Files%Montorgueilvisiovisio.exe
Removal Results: Success
Number of reboot: 1
VISIO.EXE is known as:
Trojan.Dialer, Dialer.CarpeDiem, Application.Dialer.CDDial
VISIO.EXE hash:
- MD5: ec7db8c794f6d55cfea5dd0bf39f40cd
Folders:- %Program Files%Montorgueil
Files:- %Program Files%Montorgueil14.04948
- %Program Files%Montorgueilvisiovisio.exe
- %Program Files%Montorgueilvisiovisio.ico
LAASS.EXE
The file LAASS.EXE is not a virus.
The program LAASS.EXE is a system security tool.
But the LAASS.EXE tool may be used to compromise computer security by the hacker.
Use the LAASS.EXE file at your own risk!
You can delete the LAASS.EXE program from your computer with problems.
Malware Analysis of LAASS.EXE
Full path on a computer: %Program Files%%Program Files%laass.exe
LAASS.EXE hash:
- MD5: 359c541c07a39ab11bb45aad29b2d2ce
Folders:- %Program Files%%Program Files%
Files:- %Program Files%%Program Files%1029.URL
- %Program Files%%Program Files%1031.URL
- %Program Files%%Program Files%Cest.bat
- %Program Files%%Program Files%Dest.BAt
- %Program Files%%Program Files%laass.exe
SOUND.EXE is Trojan Banker
The file SOUND.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete SOUND.EXE we suggest you should use UnHackMe:
http://www.unhackme.com
Malware Analysis of SOUND.EXE
Full path on a computer: %Common Startmenu%ProgramsStartupSOUND.exe
Detected by UnHackMe:
Item Name: SOUND
Author:
Related File: C:Arquivos de programasSOUND.exe
Type: Registry Run
Item Name: SOUND.exe
Author: Microsoft Corporation
Related File: %COMMON STARTMENU%PROGRAMSSTARTUPSOUND.EXE
Type: Common Startup Folder
Removal Results: Success
Number of reboot: 1
SOUND.EXE is known as:
Trojan.Banker
SOUND.EXE hash:
- MD5: 46a3c4d67a8fe956b6e4f8d1cbc9835e
Registry:- HKLMSoftwareMicrosoftWindowsCurrentVersionRunSOUND: “C:Arquivos de programasSOUND.exe”
Files:- %Common Startmenu%ProgramsStartupSOUND.exe
PANP.EXE is Backdoor Shakydos
The program PANP.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with PANP.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of PANP.EXE
Full path on a computer: %SysDir%panp.exe
Detected by UnHackMe:
PANP.EXE
Default location: %SysDir%panp.exe
Removal Results: Success
Number of reboot: 1
PANP.EXE is known as:
Backdoor.Shakydos, Trojan.Agent, Trojan.DownLoader1
PANP.EXE hash:
- MD5: 3308628053ee3152a398308aaa2e0649
Registry:- HKLMSystemCurrentControlSetEnumRootLEGACY_VMSERVICES�000Service: “VMservices”
- HKLMSystemCurrentControlSetEnumRootLEGACY_VMSERVICES�000DeviceDesc: “VMservices”
- HKLMSystemCurrentControlSetServicesVMservicesImagePath: “%SysDir%panp.exe”
- HKLMSystemCurrentControlSetServicesVMservicesDisplayName: “VMservices”
Files:- %SysDir%panp.exe
LSMASS.EXE is Trojan Dapato
Is the file LSMASS.EXE located on your computer? Then your computer is infected.
We do suggest you should remove LSMASS.EXE from your computer as soon as possible.
LSMASS.EXE is Trojan/Backdoor.
Kill the process LSMASS.EXE and remove LSMASS.EXE from the Windows startup.
Malware Analysis of LSMASS.EXE
Full path on a computer: %Program Files Common%lsmass.exe
Detected by UnHackMe:
Item Name: Windows-Network Component
Author:
Related File: %PROGRAM FILES COMMON%LSMASS.EXE
Type: Explorer Run
WSCNTFY.EXE
Default location: %COMMON APPDATA%WSCNTFY.EXE
Removal Results: Success
Number of reboot: 1
LSMASS.EXE is known as:
Trojan.Dapato
LSMASS.EXE hash:
- MD5: 676f69219417672c46a1948aa183ec3c
Registry:- HKLMSoftwareMicrosoftActive SetupInstalled Components{61832be3-2feb-11de-a55e-806d6172696f}StubPath: “%Common Appdata%wscntfy.exe -r”
- HKLMSoftwareMicrosoftWindowsCurrentVersionpoliciesExplorerRunWindows-Network Component: “%Program Files Common%lsmass.exe”
- HKLMSoftwareMicrosoftWindowsCurrentVersionRunWindows-Audio Driver: “%Common Appdata%wscntfy.exe”
Files:- %Temp%qrJgN3j1wV.exe
- %Common Appdata%wscntfy.exe
- %Program Files Common%lsmass.exe
SPFDRV.DLL is Rootkit ZeroAccess
Rootkit SPFDRV.DLL is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of SPFDRV.DLL may be a very difficult process.
You should use anti-rootkit software to fix the SPFDRV.DLL problem.
Malware Analysis of SPFDRV.DLL
Full path on a computer: %SysDir%SPFDRV.dll
Detected by RegRun Warrior:
SPFDRV.DLL
Default location: %SysDir%SPFDRV.dll
Removal Results: Success
Number of reboot: 1
SPFDRV.DLL is known as:
Rootkit.ZeroAccess, Trojan.Sirefef, Trojan.Agent, Backdoor.Maxplus
SPFDRV.DLL hash:
- MD5: 11028c6a84a967070cb1286550f2058f
Registry:- HKLMSystemCurrentControlSetEnumRootLEGACY_VAIOMEDIAPLATFORM-MUSICSERVER-APPSERVER�000Service: “vaiomediaplatform-musicserver-appserver”
- HKLMSystemCurrentControlSetEnumRootLEGACY_VAIOMEDIAPLATFORM-MUSICSERVER-APPSERVER�000DeviceDesc: “Avgfwsrv”
- HKLMSystemCurrentControlSetServicesvaiomediaplatform-musicserver-appserverParametersServiceDll: “%systemroot%system32SPFDRV.dll”
- HKLMSystemCurrentControlSetServicesvaiomediaplatform-musicserver-appserverDisplayName: “Avgfwsrv”
- HKLMSystemCurrentControlSetServicesvaiomediaplatform-musicserver-appserverDescription: “Avgfwsrv”
Folders:- %WinDir%$NtUninstallKB62478$
Files:- %SysDir%dds_trash_log.cmd
- %SysDir%SPFDRV.dll
CVASDS0.DLL is Worm Taterf
The file CVASDS0.DLL is malware related.
You must delete the file CVASDS0.DLL immediately!
Delete the file CVASDS0.DLL without delay!
Kill the process CVASDS0.DLL and remove CVASDS0.DLL from the Windows startup.
Malware Analysis of CVASDS0.DLL
Full path on a computer: %Temp%cvasds0.dll
Detected by UnHackMe:
CVASDS0.DLL
Default location: %Temp%cvasds0.dll
Removal Results: Success
Number of reboot: 1
CVASDS0.DLL is known as:
Worm.Taterf, TrojWare.GameThief
CVASDS0.DLL hash:
- MD5: 921f2b559fbe9fc8d2ddb526d89d5b67
Registry:- HKCUSoftwareMicrosoftWindowsCurrentVersionRuncdoosoft: “%Temp%herss.exe”
Files:- %Temp%cvasds0.dll
- %Temp%herss.exe
- C:autorun.inf
- C:se12ydam.exe
SE12YDAM.EXE is Trojan Vaklik
We checked some samples of SE12YDAM.EXE and detected the file SE12YDAM.EXE as threat.
Remove the SE12YDAM.EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of SE12YDAM.EXE
Full path on a computer: C:se12ydam.exe
Detected by UnHackMe:
SE12YDAM.EXE
Default location: C:se12ydam.exe
Removal Results: Success
Number of reboot: 1
SE12YDAM.EXE is known as:
Trojan.Vaklik, Worm.Taterf
SE12YDAM.EXE hash:
- MD5: 35bbdfba9e1c8c249d6135de865d4edb
Registry:- HKCUSoftwareMicrosoftWindowsCurrentVersionRuncdoosoft: “%Temp%herss.exe”
Files:- %Temp%cvasds0.dll
- %Temp%herss.exe
- C:autorun.inf
- C:se12ydam.exe
RREJOICE2010.EXE is Trojan Sasfis
The file RREJOICE2010.EXE is malware related.
You must delete the file RREJOICE2010.EXE immediately!
Delete the file RREJOICE2010.EXE without delay!
Kill the process RREJOICE2010.EXE and remove RREJOICE2010.EXE from the Windows startup.
Malware Analysis of RREJOICE2010.EXE
Full path on a computer: %Program Files%rrejoice2010.exe
Detected by UnHackMe:
RREJOICE2010.EXE
Default location: %Program Files%rrejoice2010.exe
Removal Results: Success
Number of reboot: 1
RREJOICE2010.EXE is known as:
Trojan.Sasfis, Trojan.Hupigon, Backdoor.Spook
RREJOICE2010.EXE hash:
- MD5: c769e72d02004a447b4aa74e99f6befa
Registry:- HKLMSystemCurrentControlSetEnumRootLEGACY_WINDOWS_REJOICE2010�000Service: “Windows_rejoice2010″
- HKLMSystemCurrentControlSetEnumRootLEGACY_WINDOWS_REJOICE2010�000DeviceDesc: “Windows_rejoice2010″
- HKLMSystemCurrentControlSetServicesWindows_rejoice2010ImagePath: “%WinDir%rejoice2010.exe”
- HKLMSystemCurrentControlSetServicesWindows_rejoice2010DisplayName: “Windows_rejoice2010″
Files:- %Program Files%rrejoice2010.exe
- %WinDir%rejoice2010.exe
REJOICE2010.EXE is Trojan Sasfis
Is the file REJOICE2010.EXE located on your computer? Then your computer is infected.
We do suggest you should remove REJOICE2010.EXE from your computer as soon as possible.
REJOICE2010.EXE is Trojan/Backdoor.
Kill the process REJOICE2010.EXE and remove REJOICE2010.EXE from the Windows startup.
Malware Analysis of REJOICE2010.EXE
Full path on a computer: %WinDir%rejoice2010.exe
Detected by UnHackMe:
Item Name: Windows_rejoice2010
Author:
Related File: %WinDir%rejoice2010.exe
Type: Auto Services
After first reboot detected by UnHackMe:
Item Name: Windows_rejoice2010
Author:
Related File: %WinDir%rejoice2010.exe
Type: Auto Services
Removal Results: Success
Number of reboot: 2
REJOICE2010.EXE is known as:
Trojan.Sasfis, Trojan.Hupigon, Backdoor.Spook
REJOICE2010.EXE hash:
- MD5: c769e72d02004a447b4aa74e99f6befa
Registry:- HKLMSystemCurrentControlSetEnumRootLEGACY_WINDOWS_REJOICE2010�000Service: “Windows_rejoice2010″
- HKLMSystemCurrentControlSetEnumRootLEGACY_WINDOWS_REJOICE2010�000DeviceDesc: “Windows_rejoice2010″
- HKLMSystemCurrentControlSetServicesWindows_rejoice2010ImagePath: “%WinDir%rejoice2010.exe”
- HKLMSystemCurrentControlSetServicesWindows_rejoice2010DisplayName: “Windows_rejoice2010″
Files:- %Program Files%rrejoice2010.exe
- %WinDir%rejoice2010.exe
A7.DLL is Trojan Pincav
We checked up the file A7.DLL and found it hazardous.
The file A7.DLL must be deleted from the system immediately.
Kill the process A7.DLL and remove A7.DLL from the Windows startup.
Malware Analysis of A7.DLL
Full path on a computer: %SysDir%a7.dll
Detected by UnHackMe:
Item Name: a7.dll
Author:
Related File: %SysDir%A7.DLL
Type: LSA Notification Packages
Removal Results: Success
Number of reboot: 1
A7.DLL is known as:
Trojan.Pincav, Trojan.Cosmu, BScope.Cerera, Backdoor.DDOS
A7.DLL hash:
- MD5: d216ffd58fbbd5beaa55f578b0219cfc
Registry:- HKLMSystemCurrentControlSetControlLsaNotification Packages: ‘a7.dll scecli’
Files:- %Temp%s1.tmp
- %SysDir%a7.dll
TRYANDDECIDESERVICE.DLL is Rootkit ZeroAccess
Rootkit TRYANDDECIDESERVICE.DLL is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of TRYANDDECIDESERVICE.DLL may be a very difficult process.
You should use anti-rootkit software to fix the TRYANDDECIDESERVICE.DLL problem.
Malware Analysis of TRYANDDECIDESERVICE.DLL
Full path on a computer: %SysDir%TryAndDecideService.dll
Detected by RegRun Warrior:
TRYANDDECIDESERVICE.DLL
Default location: %SysDir%TryAndDecideService.dll
Removal Results: Success
Number of reboot: 1
TRYANDDECIDESERVICE.DLL is known as:
Rootkit.ZeroAccess, Trojan.Sirefef, Trojan.Agent, Backdoor.Maxplus
TRYANDDECIDESERVICE.DLL hash:
- MD5: 11028c6a84a967070cb1286550f2058f
Registry:- HKLMSystemCurrentControlSetEnumRootLEGACY_SMTPSVC�000Service: “SMTPSVC”
- HKLMSystemCurrentControlSetEnumRootLEGACY_SMTPSVC�000DeviceDesc: “Hibernation”
- HKLMSystemCurrentControlSetServicesSMTPSVCParametersServiceDll: “%systemroot%system32TryAndDecideService.dll”
- HKLMSystemCurrentControlSetServicesSMTPSVCDisplayName: “Hibernation”
- HKLMSystemCurrentControlSetServicesSMTPSVCDescription: “Hibernation”
Folders:- %WinDir%$NtUninstallKB62478$
Files:- %SysDir%dds_trash_log.cmd
- %SysDir%TryAndDecideService.dll
FONT32.EXE is Trojan Banker
The file FONT32.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete FONT32.EXE we suggest you should use UnHackMe:
http://www.unhackme.com
Malware Analysis of FONT32.EXE
Full path on a computer: %WinDir%font32.exe
Detected by UnHackMe:
Item Name: font32
Author: mp3
Related File: %WinDir%FONT32.EXE
Type: Registry Run
Item Name: font32.exe
Author:
Related File: %WinDir%FONT32.EXE
Type: Running Processes
Removal Results: Success
Number of reboot: 1
FONT32.EXE is known as:
Trojan.Banker, Trojan.Sisron, Trojan.CSon
FONT32.EXE hash:
- MD5: dd642cf540ed75202b1a74c90ad1eeff
Files:- %Temp%aviso.bak
- %WinDir%font32.exe
X11.EXE is Trojan Buzus
We checked some samples of X11.EXE and detected the file X11.EXE as threat.
Remove the X11.EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of X11.EXE
Full path on a computer: %Startup%x11.exe
Detected by UnHackMe:
Item Name: 1.exe
Author: Unknown
Related File: %APPDATA%1.EXE
Type: Detected using Heuristic Algorithm
Item Name: 3.exe
Author: Unknown
Related File: %APPDATA%3.EXE
Type: Detected using Heuristic Algorithm
Item Name: Microsoft DXX Registration
Author: Unknown
Related File: %APPDATA%REGSRV67.EXE
Type: Registry Run
Item Name: x11.exe
Author: Unknown
Related File: %STARTUP%X11.EXE
Type: Startup Folder
Item Name: regsrv67.exe
Author: Unknown
Related File: %APPDATA%REGSRV67.EXE
Type: Detected using Heuristic Algorithm
After first reboot detected by UnHackMe:
Item Name: Cyzqzs
Author: Unknown
Related File: %APPDATA%CYZQZS.EXE
Type: Registry Run
Item Name: Cyzqzs.exe
Author: Unknown
Related File: %APPDATA%CYZQZS.EXE
Type: Detected using Heuristic Algorithm
Removal Results: Success
Number of reboot: 2
X11.EXE is known as:
Trojan.Buzus, Trojan.CoinMiner, Worm.Dorkbot, Trojan.OneX
X11.EXE hash:
- MD5: 50ff7516dca46a0aa88437d86a0155e9
Registry:- HKCUSoftwareMicrosoftWindowsCurrentVersionRunCyzqzs: “%Appdata%Cyzqzs.exe”
- HKCUSoftwareMicrosoftWindowsCurrentVersionRunMicrosoft DXX Registration: “%Appdata%regsrv67.exe”
Files:- %Appdata%1.exe
- %Appdata%3.exe
- %Appdata%Cyzqzs.exe
- %Appdata%regsrv67.exe
- %Startup%x11.exe
VISIT.EXE is Backdoor Darkshell
The program VISIT.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with VISIT.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of VISIT.EXE
Full path on a computer: %SysDir%visit.exe
Detected by UnHackMe:
Item Name: visit
Author: Beijing Rising Information Technology Co., Ltd.
Related File: %SysDir%visit.exe
Type: Auto Services
Removal Results: Success
Number of reboot: 1
VISIT.EXE is known as:
Backdoor.Darkshell, Backdoor.Yoddos, Trojan.SystemHijack
VISIT.EXE hash:
- MD5: b660d1af935d87f8cabe3a81f9d51e04
Registry:- HKLMSystemCurrentControlSetEnumRootLEGACY_VISIT�000Service: “visit”
- HKLMSystemCurrentControlSetEnumRootLEGACY_VISIT�000DeviceDesc: “Windows Help visit”
- HKLMSystemCurrentControlSetServicesvisitImagePath: “%SysDir%visit.exe”
- HKLMSystemCurrentControlSetServicesvisitDisplayName: “Windows Help visit”
- HKLMSystemCurrentControlSetServicesvisitDescription: “Windows Help System for X32 windows visit”
Files:- %SysDir%visit.exe
MSKSSRV.DLL is Rootkit ZeroAccess
Rootkit MSKSSRV.DLL is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of MSKSSRV.DLL may be a very difficult process.
You should use anti-rootkit software to fix the MSKSSRV.DLL problem.
Malware Analysis of MSKSSRV.DLL
Full path on a computer: %SysDir%mskssrv.dll
Detected by RegRun Warrior:
MSKSSRV.DLL
Default location: %SysDir%mskssrv.dll
Removal Results: Success
Number of reboot: 1
MSKSSRV.DLL is known as:
Rootkit.ZeroAccess, Trojan.Sirefef, Trojan.Agent
MSKSSRV.DLL hash:
- MD5: 11028c6a84a967070cb1286550f2058f
Registry:- HKLMSystemCurrentControlSetEnumRootLEGACY_ELBYDELAY�000Service: “elbydelay”
- HKLMSystemCurrentControlSetEnumRootLEGACY_ELBYDELAY�000DeviceDesc: “Mdm”
- HKLMSystemCurrentControlSetServiceselbydelayParametersServiceDll: “%systemroot%system32mskssrv.dll”
- HKLMSystemCurrentControlSetServiceselbydelayDisplayName: “Mdm”
- HKLMSystemCurrentControlSetServiceselbydelayDescription: “Mdm”
Folders:- %WinDir%$NtUninstallKB62478$
Files:- %SysDir%dds_trash_log.cmd
- %SysDir%mskssrv.dll
HPDSKFLT.DLL is Rootkit ZeroAccess
Rootkit HPDSKFLT.DLL is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of HPDSKFLT.DLL may be a very difficult process.
You should use anti-rootkit software to fix the HPDSKFLT.DLL problem.
Malware Analysis of HPDSKFLT.DLL
Full path on a computer: %SysDir%hpdskflt.dll
Detected by RegRun Warrior:
HPDSKFLT.DLL
Default location: %SysDir%hpdskflt.dll
Removal Results: Success
Number of reboot: 1
HPDSKFLT.DLL is known as:
Rootkit.ZeroAccess, Trojan.Sirefef, Trojan.Agent, Backdoor.Maxplus
HPDSKFLT.DLL hash:
- MD5: 11028c6a84a967070cb1286550f2058f
Registry:- HKLMSystemCurrentControlSetEnumRootLEGACY_PDENGINE�000Service: “pdengine”
- HKLMSystemCurrentControlSetEnumRootLEGACY_PDENGINE�000DeviceDesc: “CoachVc”
- HKLMSystemCurrentControlSetServicespdengineParametersServiceDll: “%systemroot%system32hpdskflt.dll”
- HKLMSystemCurrentControlSetServicespdengineDisplayName: “CoachVc”
- HKLMSystemCurrentControlSetServicespdengineDescription: “CoachVc”
Folders:- %WinDir%$NtUninstallKB62478$
Files:- %SysDir%dds_trash_log.cmd
- %SysDir%hpdskflt.dll
ASWLSVC.DLL is Rootkit ZeroAccess
Rootkit ASWLSVC.DLL is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of ASWLSVC.DLL may be a very difficult process.
You should use anti-rootkit software to fix the ASWLSVC.DLL problem.
Malware Analysis of ASWLSVC.DLL
Full path on a computer: %SysDir%aswlsvc.dll
Detected by RegRun Warrior:
ASWLSVC.DLL
Default location: %SysDir%aswlsvc.dll
Removal Results: Success
Number of reboot: 1
ASWLSVC.DLL is known as:
Rootkit.ZeroAccess, Trojan.Sirefef, Trojan.Agent
ASWLSVC.DLL hash:
- MD5: 11028c6a84a967070cb1286550f2058f
Registry:- HKLMSystemCurrentControlSetEnumRootLEGACY_MSMFRAMEWORK�000Service: “msmframework”
- HKLMSystemCurrentControlSetEnumRootLEGACY_MSMFRAMEWORK�000DeviceDesc: “Roxliveshare”
- HKLMSystemCurrentControlSetServicesmsmframeworkParametersServiceDll: “%systemroot%system32aswlsvc.dll”
- HKLMSystemCurrentControlSetServicesmsmframeworkDisplayName: “Roxliveshare”
- HKLMSystemCurrentControlSetServicesmsmframeworkDescription: “Roxliveshare”
Folders:- %WinDir%$NtUninstallKB62478$
Files:- %SysDir%aswlsvc.dll
- %SysDir%dds_trash_log.cmd
WINSCVR.EXE is Trojan Sisron
Is the file WINSCVR.EXE located on your computer? Then your computer is infected.
We do suggest you should remove WINSCVR.EXE from your computer as soon as possible.
WINSCVR.EXE is Trojan/Backdoor.
Kill the process WINSCVR.EXE and remove WINSCVR.EXE from the Windows startup.
Malware Analysis of WINSCVR.EXE
Full path on a computer: %WinDir%systemwinscvr.exe
Detected by UnHackMe:
WINSCVR.EXE
Default location: %WinDir%systemwinscvr.exe
Removal Results: Success
Number of reboot: 1
WINSCVR.EXE is known as:
Trojan.Sisron, Trojan.DownLoader5, Trojan.VB, Trojan.Zbot
WINSCVR.EXE hash:
- MD5: 0153c336ddea0d54b11a13e4dd56ac90
Registry:- HKCUSoftwareMicrosoftWindowsCurrentVersionRunWinssrc: “”%WinDir%systemwinscvr.exe”"
Files:- %WinDir%systemwinscvr.exe
QHIJKLMNO.BMP is Backdoor Farfli
The program QHIJKLMNO.BMP is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with QHIJKLMNO.BMP.
Download for free: http://www.unhackme.com
Malware Analysis of QHIJKLMNO.BMP
Full path on a computer: %Program Files%LhijQhijklmno.bmp
Detected by UnHackMe:
QHIJKLMNO.BMP
Default location: %Program Files%LhijQhijklmno.bmp
Removal Results: Success
Number of reboot: 1
QHIJKLMNO.BMP is known as:
Backdoor.Farfli
QHIJKLMNO.BMP hash:
- MD5: e74bdb24c825f9f9f509f691c3856846
Registry:- HKLMSystemCurrentControlSetServicesGhijkl Nopqrstu WxyParametersServiceDll: “%Program Files%LhijQhijklmno.bmp”
Folders:- %Program Files%Lhij
Files:- %Program Files%LhijQhijklmno.bmp
- Remember: the best way to remove rootkits is from the outside!
