APCRTLDR.DLL is Trojan Downloader

: Solved!

You should Download Removal Tool here...

The file APCRTLDR.DLL is malware related.
You must delete the file APCRTLDR.DLL immediately!
Delete the file APCRTLDR.DLL without delay!
Kill the process APCRTLDR.DLL and remove APCRTLDR.DLL from the Windows startup.

Malware Analysis of APCRTLDR.DLL
Full path on a computer: %SYSTEM%\APCRTLDR.DLL

Detected by UnHackMe:

APCRTLDR.DLL
Default location: %SYSTEM%\APCRTLDR.DLL

Removal Results: Success
Number of reboot: 1

APCRTLDR.DLL is known as:

Trojan Downloader

APCRTLDR.DLL hash:

    MD5: 5BD590D27CE9267EABC3AF0CDC9416B5
How to quickly detect APCRTLDR.DLL presence?

Files:
  • %COMMONAPPDATA%\DATAMNGR\COORDINATOR.CFG
  • %COMMONAPPDATA%\DATAMNGR\GENERAL.CFG
  • %COMMONAPPDATA%\DATAMNGR\S-1-5-21-606747145-764733703-839522115-1003.CFG
  • %SYSTEM%\LIB\TEST\NULLCERT.PEM
  • %SYSTEM%\APCRTLDR.DLL


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

AUVSSPIO.DLL is Trojan Downloader

: Solved!

You should Download Removal Tool here...

Is the file AUVSSPIO.DLL located on your computer? Then your computer is infected.
We do suggest you should remove AUVSSPIO.DLL from your computer as soon as possible.
AUVSSPIO.DLL is Trojan/Backdoor.
Kill the process AUVSSPIO.DLL and remove AUVSSPIO.DLL from the Windows startup.

Malware Analysis of AUVSSPIO.DLL
Full path on a computer: %SYSDIR%\AUVSSPIO.DLL

Detected by UnHackMe:

AUVSSPIO.DLL
Default location: %SYSDIR%\AUVSSPIO.DLL

Removal Results: Success
Number of reboot: 1

AUVSSPIO.DLL is known as:

Trojan Downloader

How to quickly detect AUVSSPIO.DLL presence?

Files:
  • %SYSDIR%\WBEM\WSAVPSSPI.EXE
  • %SYSDIR%\WSOSONEMD.BD
  • %SYSDIR%\ADVSSPIO.DLL
  • %SYSDIR%\AUVSSPIO.DLL


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

DELPHINATIVE.DLL is Trojan Downloader

: Solved!

You should Download Removal Tool here...

The file DELPHINATIVE.DLL is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete DELPHINATIVE.DLL we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of DELPHINATIVE.DLL
Full path on a computer: %APPDATA%\INTELRAPIDSTART\DELPHINATIVE.DLL

Detected by UnHackMe:

DELPHINATIVE.DLL
Default location: %APPDATA%\INTELRAPIDSTART\DELPHINATIVE.DLL

Removal Results: Success
Number of reboot: 1

DELPHINATIVE.DLL is known as:

Trojan Downloader

How to quickly detect DELPHINATIVE.DLL presence?

Files:
  • %TEMP%\UTMP\TMFGZQZTHC7B4W3V
  • %TEMP%\UTMP\TNYRWUMJFQ1A8V3F
  • %TEMP%\UTMP\RFEBDAIWJI5A3Y9M
  • %TEMP%\UTMP\HDZHJZOXPJ9T0G5D
  • %APPDATA%\INTELRAPIDSTART\DELPHINATIVE.DLL


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

NEW FLOODER BY BADBUZZ TEAM.EXE is Trojan Muldrop5

: Solved!

You should Download Removal Tool here...

The file NEW FLOODER BY BADBUZZ TEAM.EXE is identified as a virus dropper.
The dropper NEW FLOODER BY BADBUZZ TEAM.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file NEW FLOODER BY BADBUZZ TEAM.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the NEW FLOODER BY BADBUZZ TEAM.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the NEW FLOODER BY BADBUZZ TEAM.EXE process and delete the file NEW FLOODER BY BADBUZZ TEAM.EXE.

Malware Analysis of NEW FLOODER BY BADBUZZ TEAM.EXE
Full path on a computer: %APPDATA%\MICROSOFT\WINDOWS\WIN32\NEW FLOODER BY BADBUZZ TEAM.EXE

Detected by UnHackMe:

NEW FLOODER BY BADBUZZ TEAM.EXE
Default location: %APPDATA%\MICROSOFT\WINDOWS\WIN32\NEW FLOODER BY BADBUZZ TEAM.EXE

Removal Results: Success
Number of reboot: 1

NEW FLOODER BY BADBUZZ TEAM.EXE is known as:

Trojan.Muldrop5

How to quickly detect NEW FLOODER BY BADBUZZ TEAM.EXE presence?

Files:
  • %TEMP%\DW.LOG
  • %TEMP%\307A2.DMP
  • %APPDATA%\MICROSOFT\WINDOWS\WIN32\NEW FLOODER BY BADBUZZ TEAM.EXE
  • %APPDATA%\MICROSOFT\WINDOWS\WIN32\HELP.TXT


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

TF2 ITEM ADDER.EXE is Trojan Pws

: Solved!

You should Download Removal Tool here...

Is the file TF2 ITEM ADDER.EXE located on your computer? Then your computer is infected.
We do suggest you should remove TF2 ITEM ADDER.EXE from your computer as soon as possible.
TF2 ITEM ADDER.EXE is Trojan/Backdoor.
Kill the process TF2 ITEM ADDER.EXE and remove TF2 ITEM ADDER.EXE from the Windows startup.

Malware Analysis of TF2 ITEM ADDER.EXE
Full path on a computer: %TEMP%\TF2 ITEM ADDER.EXE

Detected by UnHackMe:

TF2 ITEM ADDER.EXE
Default location: %TEMP%\TF2 ITEM ADDER.EXE

Removal Results: Success
Number of reboot: 1

TF2 ITEM ADDER.EXE is known as:

Trojan.Pws

How to quickly detect TF2 ITEM ADDER.EXE presence?

Files:
  • %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KHMHGZ4F\ACCOUNTS[1].COM&L=&P=
  • %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KHMHGZ4F\ACCOUNTS[1]
  • %APPDATA%MICROSOFT\SYSTEM\SERVICES\18.EXE
  • %TEMP%\ADDER.EXE
  • %TEMP%\TF2 ITEM ADDER.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

YING-UNINSTALL.EXE is Trojan MulDrop4

: Solved!

You should Download Removal Tool here...

We checked up the file YING-UNINSTALL.EXE and found it hazardous.
The file YING-UNINSTALL.EXE must be deleted from the system immediately.
Kill the process YING-UNINSTALL.EXE and remove YING-UNINSTALL.EXE from the Windows startup.

Malware Analysis of YING-UNINSTALL.EXE
Full path on a computer: %WINDIR%\YING-UNINSTALL.EXE

Detected by UnHackMe:

YING-UNINSTALL.EXE
Default location: %WINDIR%\YING-UNINSTALL.EXE

Removal Results: Success
Number of reboot: 1

YING-UNINSTALL.EXE is known as:

Trojan MulDrop4

How to quickly detect YING-UNINSTALL.EXE presence?

Files:
  • %PROFILE%\DESKTOP\A???EO±IEUµCAOE?OAAO?®?«??.LNK
  • %TEMP%\BT36153.BAT
  • %TEMP%\20121023004155562~YINGINSTALL-LANGUAGE.INI
  • %SYSDIR%\YINGINSTALL\409.INI
  • %WINDIR%\YING-UNINSTALL.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

000.VBS is Trojan AVKill

: Solved!

You should Download Removal Tool here...

The file 000.VBS can destroy your system, thus making the computer to work abnormally.
000.VBS is a dangerous file.
Remove000.VBS from your computer immediately.
Kill the process 000.VBS and remove 000.VBS from the Windows startup.

Malware Analysis of 000.VBS
Full path on a computer: %TEMP%\000.VBS

Detected by UnHackMe:

000.VBS
Default location: %TEMP%\000.VBS

Removal Results: Success
Number of reboot: 1

000.VBS is known as:

Trojan AVKill

How to quickly detect 000.VBS presence?

Files:
  • %TEMP%\000.VBS


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

ADF.LY BOT [X-CODE].EXE is Trojan Downloader

: Solved!

You should Download Removal Tool here...

Is the file ADF.LY BOT [X-CODE].EXE located on your computer? Then your computer is infected.
We do suggest you should remove ADF.LY BOT [X-CODE].EXE from your computer as soon as possible.
ADF.LY BOT [X-CODE].EXE is Trojan/Backdoor.
Kill the process ADF.LY BOT [X-CODE].EXE and remove ADF.LY BOT [X-CODE].EXE from the Windows startup.

Malware Analysis of ADF.LY BOT [X-CODE].EXE
Full path on a computer: %PROGRAMFILES%\ADF.LY BOT [X-CODE].EXE

Detected by UnHackMe:

ADF.LY BOT [X-CODE].EXE
Default location: %PROGRAMFILES%\ADF.LY BOT [X-CODE].EXE

Removal Results: Success
Number of reboot: 1

ADF.LY BOT [X-CODE].EXE is known as:

Trojan Downloader

How to quickly detect ADF.LY BOT [X-CODE].EXE presence?

Files:
  • %WINDIR%\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CONFIG\SECURITY.CONFIG.CCH.NEW
  • %TEMP%\SYSTEM32.EXE
  • %WINDIR%\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CONFIG\ENTERPRISESEC.CONFIG.CCH.NEW
  • %TEMP%\2CC00.DMP
  • %PROGRAMFILES%\ADF.LY BOT [X-CODE].EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

BLUESTACKS.EXE is Trojan Downloader

: Solved!

You should Download Removal Tool here...

We checked some samples of BLUESTACKS.EXE and detected the file BLUESTACKS.EXE as threat.
Remove the BLUESTACKS.EXE file from your computer right now.
Removal tool: http://www.unhackme.com

Malware Analysis of BLUESTACKS.EXE
Full path on a computer: %WINDIR%\BLUESTACKS.EXE

Detected by UnHackMe:

BLUESTACKS.EXE
Default location: %WINDIR%\BLUESTACKS.EXE

Removal Results: Success
Number of reboot: 1

BLUESTACKS.EXE is known as:

Trojan Downloader

How to quickly detect BLUESTACKS.EXE presence?

Files:
  • %WINDIR%\WINBLOG0422_88E6680F\SERVERLOGS\%USERNAME%\20-04-2013
  • %WINDIR%\BLUESTACKS.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

DWIN.DLL is Trojan Click

: Solved!

You should Download Removal Tool here...

The file DWIN.DLL is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete DWIN.DLL we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of DWIN.DLL
Full path on a computer: %SYSDIR%\DWIN.DLL

Detected by UnHackMe:

DWIN.DLL
Default location: %SYSDIR%\DWIN.DLL

Removal Results: Success
Number of reboot: 1

DWIN.DLL is known as:

Trojan Click

How to quickly detect DWIN.DLL presence?

Files:
  • %WINDIR%\DATWIN.DAT
  • %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U98D4X8H\CNT[1].PHP
  • %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2VAZY7AN\PRO[1].PHP
  • %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KHMHGZ4F\DATWIN[1].DAT
  • %SYSDIR%\DWIN.DLL


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

MILKCONSTART.EXE is Adware KrAdword.63568

: Solved!

You should Download Removal Tool here...

We received the file MILKCONSTART.EXE and detected that MILKCONSTART.EXE is not good.
MILKCONSTART.EXE is Adware. You should remove the file MILKCONSTART.EXE.
Kill the process MILKCONSTART.EXE and remove MILKCONSTART.EXE from Windows.

Malware Analysis of MILKCONSTART.EXE
Full path on a computer: C:\HSNET\Milkcon\Release\MilkconStart.exe

Detected by UnHackMe:

MILKCONSTART.EXE
Default location: C:\HSNET\Milkcon\Release\MilkconStart.exe

Removal Results: Success
Number of reboot: 1

MILKCONSTART.EXE is known as:

Adware.KrAdword.63568

MILKCONSTART.EXE hash:

  • MD5: e48a370ad58e5784c8bb67e0d58ab26f
The file tries to connect to the dangerous web site.
How to quickly detect MILKCONSTART.EXE presence?

Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Milkcon\DisplayName: “Milkcon 1.0″
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Milkcon\UninstallString: “C:\HSNET\Milkcon\uninst.exe”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Milkcon: “C:\HSNET\Milkcon\Release\MilkconStart.exe”
Folders:
  • %Common Startmenu%\Programs\Milkcon
  • C:\HSNET
  • C:\HSNET\Milkcon
  • C:\HSNET\Milkcon\ext
  • C:\HSNET\Milkcon\img
  • C:\HSNET\Milkcon\log
  • C:\HSNET\Milkcon\props
  • C:\HSNET\Milkcon\Release
Files:
  • %Common Desktopdirectory%\Milkcon.lnk
  • %Common Startmenu%\Programs\Milkcon\Milkcon Uninstall.lnk
  • %Common Startmenu%\Programs\Milkcon\Milkcon.lnk
  • C:\HSNET\Milkcon\ext\Install.exe
  • C:\HSNET\Milkcon\ext\Interop.IWshRuntimeLibrary.dll
  • C:\HSNET\Milkcon\ext\log4net.dll
  • C:\HSNET\Milkcon\ext\MilkconUpdateKnown.exe
  • C:\HSNET\Milkcon\ext\MilkconUpdateUnknown.exe
  • C:\HSNET\Milkcon\ext\UnInstall.exe
  • C:\HSNET\Milkcon\img\close.png
  • C:\HSNET\Milkcon\img\close_toast.png
  • C:\HSNET\Milkcon\img\DesktopMgr.ico
  • C:\HSNET\Milkcon\img\DesktopMgr.png
  • C:\HSNET\Milkcon\img\min.png
  • C:\HSNET\Milkcon\img\more.png
  • C:\HSNET\Milkcon\img\more_close.png
  • C:\HSNET\Milkcon\img\new.png
  • C:\HSNET\Milkcon\img\save.png
  • C:\HSNET\Milkcon\img\setting.png
  • C:\HSNET\Milkcon\img\uninstall.ico
  • C:\HSNET\Milkcon\img\up.png
  • C:\HSNET\Milkcon\log\logfile.2014-04-10.log
  • C:\HSNET\Milkcon\props\DesktopMgr.ini
  • C:\HSNET\Milkcon\props\log4net.xml
  • C:\HSNET\Milkcon\Release\Interop.IWshRuntimeLibrary.dll
  • C:\HSNET\Milkcon\Release\log4net.dll
  • C:\HSNET\Milkcon\Release\Milkcon.exe
  • C:\HSNET\Milkcon\Release\MilkconCheck.exe
  • C:\HSNET\Milkcon\Release\MilkconStart.exe
  • C:\HSNET\Milkcon\uninst.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

NSISFILE.DLL is Trojan Downloader

: Solved!

You should Download Removal Tool here...

The file NSISFILE.DLL is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete NSISFILE.DLL we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of NSISFILE.DLL
Full path on a computer: %TEMP%\NSV4.TMP\NSISFILE.DLL

Detected by UnHackMe:

NSISFILE.DLL
Default location: %TEMP%\NSV4.TMP\NSISFILE.DLL

Removal Results: Success
Number of reboot: 1

NSISFILE.DLL is known as:

Trojan Downloader

How to quickly detect NSISFILE.DLL presence?

Files:
  • %PROGRAM FILES COMMON%\YAZZLE1848OINADMIN.EXE
  • %TEMP%\MSHTML2.EXE
  • %TEMP%\GUQF296\VNK.EXE
  • %TEMP%\NSV4.TMP\NSISFILE.DLL


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

SPEECHENGINES.EXE is Trojan Siggen

: Solved!

You should Download Removal Tool here...

The file SPEECHENGINES.EXE is identified as a virus dropper.
The dropper SPEECHENGINES.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file SPEECHENGINES.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the SPEECHENGINES.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the SPEECHENGINES.EXE process and delete the file SPEECHENGINES.EXE.

Malware Analysis of SPEECHENGINES.EXE
Full path on a computer: %PROGRAM FILES COMMON%\SPEECHENGINES.EXE

Detected by UnHackMe:

SPEECHENGINES.EXE
Default location: %PROGRAM FILES COMMON%\SPEECHENGINES.EXE

Removal Results: Success
Number of reboot: 1

SPEECHENGINES.EXE is known as:

Trojan Siggen

How to quickly detect SPEECHENGINES.EXE presence?

Files:
  • %PROGRAMFILES%\MOVIE MAKER\SHARED\SHARED.EXE
  • %PROGRAMFILES%\MSBUILD\MICROSOFT.EXE
  • %PROGRAMFILES%\MOVIE MAKER\MUI\MUI.EXE
  • %PROGRAMFILES%\MOVIE MAKER\SHARED.EXE
  • %PROGRAM FILES COMMON%\SPEECHENGINES.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

VIDEOPLAYBACK.EXE is Trojan MulDrop4

: Solved!

You should Download Removal Tool here...

The file VIDEOPLAYBACK.EXE is identified as a virus dropper.
The dropper VIDEOPLAYBACK.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file VIDEOPLAYBACK.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the VIDEOPLAYBACK.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the VIDEOPLAYBACK.EXE process and delete the file VIDEOPLAYBACK.EXE.

Malware Analysis of VIDEOPLAYBACK.EXE
Full path on a computer: %TEMP%\VIDEOPLAYBACK.EXE

Detected by UnHackMe:

VIDEOPLAYBACK.EXE
Default location: %TEMP%\VIDEOPLAYBACK.EXE

Removal Results: Success
Number of reboot: 1

VIDEOPLAYBACK.EXE is known as:

Trojan MulDrop4

How to quickly detect VIDEOPLAYBACK.EXE presence?

Files:
  • %COMMON APPDATA%\CSRES.EXE
  • %PROFILE%\DESKTOP\ABIRDS.LNK
  • %COMMON APPDATA%\VIDEOPLAYBACK.EXE
  • %COMMON APPDATA%\EGG.EXE
  • %TEMP%\VIDEOPLAYBACK.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

WERA.EXE is Trojan Downloader

: Solved!

You should Download Removal Tool here...

The file WERA.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete WERA.EXE we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of WERA.EXE
Full path on a computer: %SYSDIR%\WERA.EXE

Detected by UnHackMe:

WERA.EXE
Default location: %SYSDIR%\WERA.EXE

Removal Results: Success
Number of reboot: 1

WERA.EXE is known as:

Trojan Downloader

How to quickly detect WERA.EXE presence?

Files:
  • %SYSDIR%\WERA.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

WMISYM.EXE is Backdoor Irc

: Solved!

You should Download Removal Tool here...

The program WMISYM.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with WMISYM.EXE.
Download for free: http://www.unhackme.com

Malware Analysis of WMISYM.EXE
Full path on a computer: %WINDIR%\SYSTEM\WMISYM.EXE

Detected by UnHackMe:

WMISYM.EXE
Default location: %WINDIR%\SYSTEM\WMISYM.EXE

Removal Results: Success
Number of reboot: 1

WMISYM.EXE is known as:

Backdoor.Irc

How to quickly detect WMISYM.EXE presence?

Files:
  • %WINDIR%\SYSTEM\WMISYM.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

XUNLEI.EXE is Trojan MulDrop4

: Solved!

You should Download Removal Tool here...

The file XUNLEI.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete XUNLEI.EXE we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of XUNLEI.EXE
Full path on a computer: %WINDIR%\WEB\XUNLEI.EXE

Detected by UnHackMe:

XUNLEI.EXE
Default location: %WINDIR%\WEB\XUNLEI.EXE

Removal Results: Success
Number of reboot: 1

XUNLEI.EXE is known as:

Trojan MulDrop4

How to quickly detect XUNLEI.EXE presence?

Files:
  • %SYSDIR%\WBEM\AUTORECOVER\C8463ECBE33BC240263A0B094E46D510.MOF
  • %TEMP%\TMP3.TMP
  • %SYSDIR%\WBEM\AUTORECOVER\23BDE61F1F4FACE17E9B0C01F2A1FD9B.MOF
  • %TEMP%\TMP4.TMP
  • %WINDIR%\WEB\XUNLEI.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

FZGT.EXE is Backdoor Agent.dgnm

: Solved!

You should Download Removal Tool here...

The program FZGT.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with FZGT.EXE.
Download for free: http://www.unhackme.com

Malware Analysis of FZGT.EXE
Full path on a computer: %SysDir%\fzgt.exe

Detected by UnHackMe:

Item Name: up_serv
Author:
Current Setting: %SysDir%\fzgt.exe
Type: Auto Services

Item Name: fzgt.exe
Author: Unknown
Related File: %SYSDIR%\FZGT.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

FZGT.EXE is known as:

Backdoor.Agent.dgnm, Win32.Backdoor.087

FZGT.EXE hash:

  • MD5: 320e7dff7cc10f1f145743b97140774c
How to quickly detect FZGT.EXE presence?

Registry:
  • HKLM\System\CurrentControlSet\Services\up_serv\ImagePath: “%SysDir%\fzgt.exe”
  • HKLM\System\CurrentControlSet\Services\up_serv\DisplayName: “wpupserv”
Files:
  • %SysDir%\fzgt.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Yula

: Solved!

You should Download Removal Tool here...

Yula is a browser extension unique ID.
A browser extension is a computer program that extends the functionality of a web browser in some way.
We suggest you to remove Yula extension from your browser as soon as possible.
Also, you should delete files and registry keys, created by Yula.
Yula is related to: Adware, Search Redirecting.


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

UTUobEAdaBlock

: Solved!

You should Download Removal Tool here...

UTUobEAdaBlock is a browser extension unique ID.
A browser extension is a computer program that extends the functionality of a web browser in some way.
We suggest you to remove UTUobEAdaBlock extension from your browser as soon as possible.
Also, you should delete files and registry keys, created by UTUobEAdaBlock.
UTUobEAdaBlock is related to: Adware, Search Redirecting.


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

TuubeAAdblocKeerr

: Solved!

You should Download Removal Tool here...

TuubeAAdblocKeerr is a browser extension unique ID.
A browser extension is a computer program that extends the functionality of a web browser in some way.
We suggest you to remove TuubeAAdblocKeerr extension from your browser as soon as possible.
Also, you should delete files and registry keys, created by TuubeAAdblocKeerr.
TuubeAAdblocKeerr is related to: Adware, Search Redirecting.


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

TubeAudBlockker

: Solved!

You should Download Removal Tool here...

TubeAudBlockker is a browser extension unique ID.
A browser extension is a computer program that extends the functionality of a web browser in some way.
We suggest you to remove TubeAudBlockker extension from your browser as soon as possible.
Also, you should delete files and registry keys, created by TubeAudBlockker.
TubeAudBlockker is related to: Adware, Search Redirecting.


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

AUDIOC0DEC.EXE is Trojan Xtrat.et

: Solved!

You should Download Removal Tool here...

The file AUDIOC0DEC.EXE is identified as a virus dropper.
The dropper AUDIOC0DEC.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file AUDIOC0DEC.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the AUDIOC0DEC.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the AUDIOC0DEC.EXE process and delete the file AUDIOC0DEC.EXE.

Malware Analysis of AUDIOC0DEC.EXE
Full path on a computer: %Appdata%\Realtek\AudioC0dec.exe

Detected by UnHackMe:

AUDIOC0DEC.EXE
Default location: %Appdata%\Realtek\AudioC0dec.exe

Removal Results: Success
Number of reboot: 1

AUDIOC0DEC.EXE is known as:

Trojan.Xtrat.et, Win32.Remtasu.U

AUDIOC0DEC.EXE hash:

  • MD5: 39a5bfb82e07fe6d2b4f0b61e521208b
The file tries to connect to the dangerous web site.
How to quickly detect AUDIOC0DEC.EXE presence?

Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HKLM: “%Profile%\cSw34Ot\vbc.exe”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\HKCU: “%Profile%\cSw34Ot\vbc.exe”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\oIv63Wd: “C:\DOCUME~1\ADMINI~1\cSw34Ot\vbc.exe”
Folders:
  • %Appdata%\Microsoft\Windows\jckptVXlgk
  • %Appdata%\Realtek
  • %Profile%\cSw34Ot
Files:
  • %Appdata%\Microsoft\Windows\jckptVXlgk\jckptVXlgk.dat
  • %Appdata%\Microsoft\Windows\jckptVXlgk\jckptVXlgk.nfo
  • %Appdata%\Microsoft\Windows\jckptVXlgk\jckptVXlgk.svr
  • %Appdata%\Realtek\AudioC0dec.exe
  • %Profile%\cSw34Ot\gYk.izv
  • %Profile%\cSw34Ot\vbc.exe
  • %Profile%\fIk21Os.SU7


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

GIU.SYS is Trojan Urelas.AC

: Solved!

You should Download Removal Tool here...

We checked some samples of GIU.SYS and detected the file GIU.SYS as threat.
Remove the GIU.SYS file from your computer right now.
Removal tool: http://www.unhackme.com

Malware Analysis of GIU.SYS
Full path on a computer: %SysDir%\drivers\giu.sys

Detected by RegRun Warrior:

Item Name: My_DriverLinkName_test
Author:
Related File: %SYSDIR%\DRIVERS\GIU.SYS
Type: Drivers

Removal Results: Success
Number of reboot: 1

GIU.SYS is known as:

Trojan.Urelas.AC

GIU.SYS hash:

  • MD5: 2348b83571e6fede8fbbefe54d7a5891
How to quickly detect GIU.SYS presence?

Registry:
  • HKLM\System\CurrentControlSet\Services\My_DriverLinkName_test\ImagePath: “\??\%SysDir%\drivers\giu.sys”
  • HKLM\System\CurrentControlSet\Services\My_DriverLinkName_test\DisplayName: “My_DriverLinkName_test”
Folders:
  • %Temp%\tmp.67I
Files:
  • %Temp%\TextLog.dat
  • %Temp%\tmp.67I\explorer_NBA.tgs
  • %SysDir%\drivers\giu.sys


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

MDWHUZMXV.VBS is Trojan Downloader

: Solved!

You should Download Removal Tool here...

The file MDWHUZMXV.VBS is malware related.
You must delete the file MDWHUZMXV.VBS immediately!
Delete the file MDWHUZMXV.VBS without delay!
Kill the process MDWHUZMXV.VBS and remove MDWHUZMXV.VBS from the Windows startup.

Malware Analysis of MDWHUZMXV.VBS
Full path on a computer: %TEMP%\MDWHUZMXV.VBS

Detected by UnHackMe:

MDWHUZMXV.VBS
Default location: %TEMP%\MDWHUZMXV.VBS

Removal Results: Success
Number of reboot: 1

MDWHUZMXV.VBS is known as:

Trojan Downloader

How to quickly detect MDWHUZMXV.VBS presence?

Files:
  • %TEMP%\RUNRESULT.TMP
  • %TEMP%\LANGUAGE\ENGLISH.LANG
  • %TEMP%\ADDNAPAUQUS.EXE
  • %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KHMHGZ4F\SERVER108[1].EXE
  • %TEMP%\MDWHUZMXV.VBS


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

MVSBSPNJ.EXE is Trojan Packed

: Solved!

You should Download Removal Tool here...

Is the file MVSBSPNJ.EXE located on your computer? Then your computer is infected.
We do suggest you should remove MVSBSPNJ.EXE from your computer as soon as possible.
MVSBSPNJ.EXE is Trojan/Backdoor.
Kill the process MVSBSPNJ.EXE and remove MVSBSPNJ.EXE from the Windows startup.

Malware Analysis of MVSBSPNJ.EXE
Full path on a computer: %PROFILE%\MVSBSPNJ.EXE

Detected by UnHackMe:

MVSBSPNJ.EXE
Default location: %PROFILE%\MVSBSPNJ.EXE

Removal Results: Success
Number of reboot: 1

MVSBSPNJ.EXE is known as:

Trojan.Packed

How to quickly detect MVSBSPNJ.EXE presence?

Files:
  • %TEMP%\5732.BAT
  • %PROFILE%\MVSBSPNJ.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

NULUB.EXE is Trojan StartPage

: Solved!

You should Download Removal Tool here...

The file NULUB.EXE is malware related.
You must delete the file NULUB.EXE immediately!
Delete the file NULUB.EXE without delay!
Kill the process NULUB.EXE and remove NULUB.EXE from the Windows startup.

Malware Analysis of NULUB.EXE
Full path on a computer: %SYSDIR%\NULUB.EXE

Detected by UnHackMe:

NULUB.EXE
Default location: %SYSDIR%\NULUB.EXE

Removal Results: Success
Number of reboot: 1

NULUB.EXE is known as:

Trojan StartPage

How to quickly detect NULUB.EXE presence?

Files:
  • %TEMP%\_SANNUY.BAT
  • %TEMP%\KIUXQ.EXE
  • %TEMP%\GOLFINFO.INI
  • %SYSDIR%\NULUB.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

OCSETUPHLP.DLL is Adware OpenCandy

: Solved!

You should Download Removal Tool here...

We received the file OCSETUPHLP.DLL and detected that OCSETUPHLP.DLL is not good.
OCSETUPHLP.DLL is Adware. You should remove the file OCSETUPHLP.DLL.
Kill the process OCSETUPHLP.DLL and remove OCSETUPHLP.DLL from Windows.

Malware Analysis of OCSETUPHLP.DLL
Full path on a computer: %Program Files%\RealArcade\Installer\bin\OCSetupHlp.dll

Detected by UnHackMe:

OCSETUPHLP.DLL
Default location: %Program Files%\RealArcade\Installer\bin\OCSetupHlp.dll

Removal Results: Success
Number of reboot: 1

OCSETUPHLP.DLL is known as:

Adware.OpenCandy

OCSETUPHLP.DLL hash:

  • MD5: 4ec193b95cc7fa7efc42f3ae24858f5c
How to quickly detect OCSETUPHLP.DLL presence?

Registry:
  • HKLM\Software\Classes\CLSID\{102A897A-FC92-4F8B-A7D5-7DE434FE7D3E}\InprocServer32\: “%Program Files%\RealArcade\Installer\bin\InstallerDlg.dll”
  • HKLM\Software\Classes\CLSID\{28DFE5B9-610E-4df7-9ADD-615BE7F7CAFA}\InprocServer32\: “%Program Files%\RealArcade\Installer\bin\GCHROME.dll”
  • HKLM\Software\Classes\CLSID\{5818813E-D53D-47A5-ABBB-37E2A07056B5}\InprocServer32\: “%Program Files%\RealArcade\Installer\bin\InstallerDlg.dll”
  • HKLM\Software\Classes\CLSID\{748744E8-6812-4F07-9F57-5F40395BDE65}\InprocServer32\: “%Program Files%\RealArcade\Installer\bin\InstallerDlg.dll”
  • HKLM\Software\Classes\CLSID\{7B5C103F-DAAF-425E-B3A9-DEDE61F3A6F4}\InprocServer32\: “%Program Files%\RealArcade\Installer\bin\InstallerDlg.dll”
  • HKLM\Software\Classes\CLSID\{80AB3FB6-9660-416C-BE8D-0E2E8AC3138B}\InprocServer32\: “%Program Files%\RealArcade\Installer\bin\InstallerDlg.dll”
  • HKLM\Software\Classes\CLSID\{C8F76629-E4F4-4646-AFC0-665082D167B1}\InprocServer32\: “%Program Files%\RealArcade\Installer\bin\InstallerDlg.dll”
  • HKLM\Software\Classes\RealArcade.rgi\shell\Open\command\: “”%Program Files%\RealArcade\Installer\bin\gameinstaller.exe” “%Program Files%\RealArcade\Installer\bin\..\installerMain.clf” “%1″”
  • HKLM\Software\Classes\RealArcade.rguninst\shell\Open\command\: “”%Program Files%\RealArcade\Installer\bin\gameinstaller.exe” “%Program Files%\RealArcade\Installer\bin\..\installerMain.clf” “%1″”
Folders:
  • %Program Files%\RealArcade
  • %Program Files%\RealArcade\Installer
  • %Program Files%\RealArcade\Installer\bin
  • %Program Files%\RealArcade\Installer\Extensions
  • %Program Files%\RealArcade\Installer\Resources
  • %Program Files%\RealArcade\Installer\Resources\zylom
  • %Program Files%\RealArcade\Installer\socket
  • %Program Files%\RealArcade\Installer\socket\mime
  • %Program Files%\RealArcade\Installer\socket\socket
Files:
  • %Temp%\installLog.txt
  • %Program Files%\RealArcade\Installer\bin\bstrapinstall.exe
  • %Program Files%\RealArcade\Installer\bin\gameinstaller.exe
  • %Program Files%\RealArcade\Installer\bin\gamewrapper.exe
  • %Program Files%\RealArcade\Installer\bin\gcapi_dll.dll
  • %Program Files%\RealArcade\Installer\bin\GCHROME.dll
  • %Program Files%\RealArcade\Installer\bin\gtapi_signed.dll
  • %Program Files%\RealArcade\Installer\bin\gtbCom.dll
  • %Program Files%\RealArcade\Installer\bin\InstallerDlg.dll
  • %Program Files%\RealArcade\Installer\bin\lua50.dll
  • %Program Files%\RealArcade\Installer\bin\luacom.dll
  • %Program Files%\RealArcade\Installer\bin\OCSetupHlp.dll
  • %Program Files%\RealArcade\Installer\bin\RAInstallerPaths.dll
  • %Program Files%\RealArcade\Installer\bin\ServerTransaction.dll
  • %Program Files%\RealArcade\Installer\bin\UnRar.exe
  • %Program Files%\RealArcade\Installer\blank.html
  • %Program Files%\RealArcade\Installer\blob
  • %Program Files%\RealArcade\Installer\compat-5.1.lua
  • %Program Files%\RealArcade\Installer\config.lua
  • %Program Files%\RealArcade\Installer\Extensions\CheckInstallChrome.clf
  • %Program Files%\RealArcade\Installer\Extensions\CheckInstallComcastGamesToolbar.clf
  • %Program Files%\RealArcade\Installer\Extensions\CheckInstallGoogleToolbar.clf
  • %Program Files%\RealArcade\Installer\Extensions\CheckInstallTwcDesktopWeather.clf
  • %Program Files%\RealArcade\Installer\installerMain.clf
  • %Program Files%\RealArcade\Installer\mrClean.clf
  • %Program Files%\RealArcade\Installer\Resources\zylom\spinner.gif
  • %Program Files%\RealArcade\Installer\Resources\zylom\wait.html
  • %Program Files%\RealArcade\Installer\Resources\zylom\waiting_bar.gif
  • %Program Files%\RealArcade\Installer\Resources\zylom\waiting_to_install.gif
  • %Program Files%\RealArcade\Installer\Resources\zylom\waiting_to_install2.gif
  • %Program Files%\RealArcade\Installer\Resources\zylom\waitProc.html
  • %Program Files%\RealArcade\Installer\socket\http.lua
  • %Program Files%\RealArcade\Installer\socket\ltn12.lua
  • %Program Files%\RealArcade\Installer\socket\mime\core.dll
  • %Program Files%\RealArcade\Installer\socket\mime.lua
  • %Program Files%\RealArcade\Installer\socket\socket\core.dll
  • %Program Files%\RealArcade\Installer\socket\socket.lua
  • %Program Files%\RealArcade\Installer\socket\url.lua
  • %Program Files%\RealArcade\Installer\tmp.xml
  • %Program Files%\RealArcade\Installer\wait.html
  • %Program Files%\RealArcade\Installer\waiting_bar.gif
  • %Program Files%\RealArcade\Installer\waiting_to_install.gif
  • %Program Files%\RealArcade\Installer\waitProc.html
  • %Program Files%\RealArcade\installLog.txt


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

OK.EXE is Trojan Keylogger

: Solved!

You should Download Removal Tool here...

The file OK.EXE is malware related.
You must delete the file OK.EXE immediately!
Delete the file OK.EXE without delay!
Kill the process OK.EXE and remove OK.EXE from the Windows startup.

Malware Analysis of OK.EXE
Full path on a computer: %TEMP%\IXP001.TMP\OK.EXE

Detected by UnHackMe:

OK.EXE
Default location: %TEMP%\IXP001.TMP\OK.EXE

Removal Results: Success
Number of reboot: 1

OK.EXE is known as:

Trojan.Keylogger

How to quickly detect OK.EXE presence?

Files:
  • %WINDIR%\CRHIAB.DAT
  • %WINDIR%\DMOFLO.DAT
  • %WINDIR%\UNINSTAL.BAT
  • %WINDIR%\SMSS.EXE
  • %TEMP%\IXP001.TMP\OK.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

OUTFOXTVUPDATER.EXE is Adware PUP.OutfoxTV

: Solved!

You should Download Removal Tool here...

We received the file OUTFOXTVUPDATER.EXE and detected that OUTFOXTVUPDATER.EXE is not good.
OUTFOXTVUPDATER.EXE is Adware. You should remove the file OUTFOXTVUPDATER.EXE.
Kill the process OUTFOXTVUPDATER.EXE and remove OUTFOXTVUPDATER.EXE from Windows.

Malware Analysis of OUTFOXTVUPDATER.EXE
Full path on a computer: %Program Files%\OutfoxTV\OutfoxTvUpdater.exe

Detected by UnHackMe:

Item Name: OutfoxTvUpdater
Author:
Current Setting: %Program Files%\OutfoxTV\OutfoxTvUpdater.exe
Type: Auto Services

Item Name: %PROGRAM FILES%\OUTFOXTV\
Author:
Current Setting: %PROGRAM FILES%\OUTFOXTV\
Type: Unwanted Software Files

Removal Results: Success
Number of reboot: 1

OUTFOXTVUPDATER.EXE is known as:

Adware.PUP.OutfoxTV

OUTFOXTVUPDATER.EXE hash:

  • MD5: c56f28ed5049a1d19a2c4bfa34303086
How to quickly detect OUTFOXTVUPDATER.EXE presence?

Registry:
  • HKLM\System\CurrentControlSet\Services\OutfoxTvUpdater\ImagePath: “%Program Files%\OutfoxTV\OutfoxTvUpdater.exe”
  • HKLM\System\CurrentControlSet\Services\OutfoxTvUpdater\DisplayName: “OutfoxTvUpdater”
Folders:
  • %Program Files%\OutfoxTV
Files:
  • %Program Files%\OutfoxTV\OutfoxTvUpdater.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

« Previous PageNext Page »