Malware Analysis and Removal http://greatis.com/blog Malware Analysis and Removal Mon, 20 May 2013 04:36:57 +0000 en hourly 1 http://wordpress.org/?v=3.1.3 SPD.EXE is Trojan MulDrop4 http://greatis.com/blog/how-to-remove-malware/spd-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/spd-exe.htm#comments Mon, 20 May 2013 04:36:57 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/spd-exe.htm We checked some samples of SPD.EXE and detected the file SPD.EXE as threat.
Remove the SPD.EXE file from your computer right now.
Removal tool: http://www.unhackme.com

Malware Analysis of SPD.EXE
Full path on a computer: %APPDATA%\ADOBE\FLASH PLAYER\SPEEDCACHE\SPD.EXE

Detected by UnHackMe:

SPD.EXE
Default location: %APPDATA%\ADOBE\FLASH PLAYER\SPEEDCACHE\SPD.EXE

Removal Results: Success
Number of reboot: 1

SPD.EXE is known as:

Trojan MulDrop4

How to quickly detect SPD.EXE presence?

Files:
  • %TEMP%\TMP-SETUP.EXE
  • %APPDATA%\ADOBE\FLASH PLAYER\SPEEDCACHE\AFILE.VBS
  • %TEMP%\NSF6.TMP\INSTALLOPTIONS.DLL
  • %APPDATA%\ADOBE\FLASH PLAYER\SPEEDCACHE\PTHREADGC2.DLL
  • %APPDATA%\ADOBE\FLASH PLAYER\SPEEDCACHE\SPD.EXE

]]> http://greatis.com/blog/how-to-remove-malware/spd-exe.htm/feed 0 PRICEPEEP_1.EXE is Trojan Downloader http://greatis.com/blog/how-to-remove-malware/pricepeep_1-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/pricepeep_1-exe.htm#comments Mon, 20 May 2013 04:36:57 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/pricepeep_1-exe.htm We checked some samples of PRICEPEEP_1.EXE and detected the file PRICEPEEP_1.EXE as threat.
Remove the PRICEPEEP_1.EXE file from your computer right now.
Removal tool: http://www.unhackme.com

Malware Analysis of PRICEPEEP_1.EXE
Full path on a computer: %TEMP%\PRICEPEEP_1.EXE

Detected by UnHackMe:

PRICEPEEP_1.EXE
Default location: %TEMP%\PRICEPEEP_1.EXE

Removal Results: Success
Number of reboot: 1

PRICEPEEP_1.EXE is known as:

Trojan Downloader

How to quickly detect PRICEPEEP_1.EXE presence?

Files:
  • %TEMP%\GLUPGRADE\STORAGE.JS
  • %TEMP%\GLUPGRADE\STATS.JS
  • %PROGRAMFILES%\PRICEPEEP\INSTALLER.ICO
  • %PROGRAMFILES%\PRICEPEEP\UNUTIL.EXE
  • %TEMP%\PRICEPEEP_1.EXE

]]> http://greatis.com/blog/how-to-remove-malware/pricepeep_1-exe.htm/feed 0 NOCRYPT.EXE is Trojan Killfiles http://greatis.com/blog/how-to-remove-malware/nocrypt-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/nocrypt-exe.htm#comments Mon, 20 May 2013 04:36:57 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/nocrypt-exe.htm The file NOCRYPT.EXE is identified as a virus dropper.
The dropper NOCRYPT.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file NOCRYPT.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the NOCRYPT.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the NOCRYPT.EXE process and delete the file NOCRYPT.EXE.

Malware Analysis of NOCRYPT.EXE
Full path on a computer: %APPDATA%\NOCRYPT.EXE

Detected by UnHackMe:

NOCRYPT.EXE
Default location: %APPDATA%\NOCRYPT.EXE

Removal Results: Success
Number of reboot: 1

NOCRYPT.EXE is known as:

Trojan.Killfiles

How to quickly detect NOCRYPT.EXE presence?

Files:
  • %TEMP%\WER4050.DIR00\MANIFEST.TXT
  • %TEMP%\WER4050.DIR00\APPCOMPAT.TXT
  • %SYSTEMDRIVE%\SYSTEM VOLUME INFORMATION\_RESTORE{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\_FILELST.CFG
  • %SYSTEMDRIVE%\SYSTEM VOLUME INFORMATION\_RESTORE{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\DRIVETABLE.TXT
  • %APPDATA%\NOCRYPT.EXE

]]> http://greatis.com/blog/how-to-remove-malware/nocrypt-exe.htm/feed 0 MY VIDEOS.EXE is Trojan MulDrop4 http://greatis.com/blog/how-to-remove-malware/my-videos-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/my-videos-exe.htm#comments Mon, 20 May 2013 04:36:57 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/my-videos-exe.htm The file MY VIDEOS.EXE is identified as a virus dropper.
The dropper MY VIDEOS.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file MY VIDEOS.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the MY VIDEOS.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the MY VIDEOS.EXE process and delete the file MY VIDEOS.EXE.

Malware Analysis of MY VIDEOS.EXE
Full path on a computer: %ALLUSERSPROFILE%\DOCUMENTS\MY VIDEOS\MY VIDEOS.EXE

Detected by UnHackMe:

MY VIDEOS.EXE
Default location: %ALLUSERSPROFILE%\DOCUMENTS\MY VIDEOS\MY VIDEOS.EXE

Removal Results: Success
Number of reboot: 1

MY VIDEOS.EXE is known as:

Trojan MulDrop4

How to quickly detect MY VIDEOS.EXE presence?

Files:
  • %SYSTEMDRIVE%\DOCUMENTS AND SETTINGS\DEFAULT USER\APPLICATION DATA\MICROSOFT\MEDIA PLAYER\MEDIA PLAYER.EXE
  • %SYSTEMDRIVE%\DOCUMENTS AND SETTINGS\DEFAULT USER\APPLICATION DATA\MICROSOFT\SYSTEMCERTIFICATES\SYSTEMCERTIFICATES.EXE
  • %SYSTEMDRIVE%\DOCUMENTS AND SETTINGS\DEFAULT USER\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\INTERNET EXPLORER.EXE
  • %SYSTEMDRIVE%\DOCUMENTS AND SETTINGS\DEFAULT USER\APPLICATION DATA\APPLICATION DATA.EXE
  • %ALLUSERSPROFILE%\DOCUMENTS\MY VIDEOS\MY VIDEOS.EXE

]]> http://greatis.com/blog/how-to-remove-malware/my-videos-exe.htm/feed 0 LAHORE SCHOOL OF ECONOMICS STUDENT GIRL TOPLESS HOT PICS.PPS is Trojan Downloader http://greatis.com/blog/how-to-remove-malware/lahore-school-of-economics-student-girl-topless-hot-pics-pps.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/lahore-school-of-economics-student-girl-topless-hot-pics-pps.htm#comments Mon, 20 May 2013 04:36:57 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/lahore-school-of-economics-student-girl-topless-hot-pics-pps.htm The file LAHORE SCHOOL OF ECONOMICS STUDENT GIRL TOPLESS HOT PICS.PPS is malware related.
You must delete the file LAHORE SCHOOL OF ECONOMICS STUDENT GIRL TOPLESS HOT PICS.PPS immediately!
Delete the file LAHORE SCHOOL OF ECONOMICS STUDENT GIRL TOPLESS HOT PICS.PPS without delay!
Kill the process LAHORE SCHOOL OF ECONOMICS STUDENT GIRL TOPLESS HOT PICS.PPS and remove LAHORE SCHOOL OF ECONOMICS STUDENT GIRL TOPLESS HOT PICS.PPS from the Windows startup.

Malware Analysis of LAHORE SCHOOL OF ECONOMICS STUDENT GIRL TOPLESS HOT PICS.PPS
Full path on a computer: %SYSDIR%\MACROMEDLE\LAHORE SCHOOL OF ECONOMICS STUDENT GIRL TOPLESS HOT PICS.PPS

Detected by UnHackMe:

LAHORE SCHOOL OF ECONOMICS STUDENT GIRL TOPLESS HOT PICS.PPS
Default location: %SYSDIR%\MACROMEDLE\LAHORE SCHOOL OF ECONOMICS STUDENT GIRL TOPLESS HOT PICS.PPS

Removal Results: Success
Number of reboot: 1

LAHORE SCHOOL OF ECONOMICS STUDENT GIRL TOPLESS HOT PICS.PPS is known as:

Trojan Downloader

How to quickly detect LAHORE SCHOOL OF ECONOMICS STUDENT GIRL TOPLESS HOT PICS.PPS presence?

Files:
  • %SYSDIR%\MACROMEDLE\SPOOLSV.EXE
  • %SYSDIR%\MACROMEDLE\FTPBACKUP-2012-10-23.LOG
  • %COMMON APPDATA%\MICROSOFT\CRYPTO\RSA\S-1-5-18\6D14E4B1D8CA773BAB785D1BE032546E_23EF5514-3059-436F-A4A7-4CEFAAB20EB1
  • %SYSDIR%\MACROMEDLE\FTPBACKUP.CONFIG
  • %SYSDIR%\MACROMEDLE\LAHORE SCHOOL OF ECONOMICS STUDENT GIRL TOPLESS HOT PICS.PPS

]]> http://greatis.com/blog/how-to-remove-malware/lahore-school-of-economics-student-girl-topless-hot-pics-pps.htm/feed 0 JAVA(TM) PLATFORM SE AUTO UPDATER 2 0.EXE is Trojan AVKill http://greatis.com/blog/how-to-remove-malware/javatm-platform-se-auto-updater-2-0-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/javatm-platform-se-auto-updater-2-0-exe.htm#comments Mon, 20 May 2013 04:36:57 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/javatm-platform-se-auto-updater-2-0-exe.htm The file JAVA(TM) PLATFORM SE AUTO UPDATER 2 0.EXE is malware related.
You must delete the file JAVA(TM) PLATFORM SE AUTO UPDATER 2 0.EXE immediately!
Delete the file JAVA(TM) PLATFORM SE AUTO UPDATER 2 0.EXE without delay!
Kill the process JAVA(TM) PLATFORM SE AUTO UPDATER 2 0.EXE and remove JAVA(TM) PLATFORM SE AUTO UPDATER 2 0.EXE from the Windows startup.

Malware Analysis of JAVA(TM) PLATFORM SE AUTO UPDATER 2 0.EXE
Full path on a computer: %APPDATA%\JAVA(TM) PLATFORM SE AUTO UPDATER 2 0.EXE

Detected by UnHackMe:

JAVA(TM) PLATFORM SE AUTO UPDATER 2 0.EXE
Default location: %APPDATA%\JAVA(TM) PLATFORM SE AUTO UPDATER 2 0.EXE

Removal Results: Success
Number of reboot: 1

JAVA(TM) PLATFORM SE AUTO UPDATER 2 0.EXE is known as:

Trojan AVKill

How to quickly detect JAVA(TM) PLATFORM SE AUTO UPDATER 2 0.EXE presence?

Files:
  • %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KHMHGZ4F\0QF2I[1]
  • %APPDATA%\JAVA(TM) PLATFORM SE AUTO UPDATER 2 0.EXE

]]> http://greatis.com/blog/how-to-remove-malware/javatm-platform-se-auto-updater-2-0-exe.htm/feed 0 CASTING.DLL is Trojan Click http://greatis.com/blog/how-to-remove-malware/casting-dll.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/casting-dll.htm#comments Mon, 20 May 2013 04:36:57 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/casting-dll.htm We checked up the file CASTING.DLL and found it hazardous.
The file CASTING.DLL must be deleted from the system immediately.
Kill the process CASTING.DLL and remove CASTING.DLL from the Windows startup.

Malware Analysis of CASTING.DLL
Full path on a computer: %WINDIR%\CASTING.DLL

Detected by UnHackMe:

CASTING.DLL
Default location: %WINDIR%\CASTING.DLL

Removal Results: Success
Number of reboot: 1

CASTING.DLL is known as:

Trojan Click

How to quickly detect CASTING.DLL presence?

Files:
  • %PROFILE%\ALPHAF.DLL
  • %WINDIR%\CASTING.DLL
  • %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U98D4X8H\NOTIFY[1].PHP
  • %PROFILE%\TMP.VBE

]]> http://greatis.com/blog/how-to-remove-malware/casting-dll.htm/feed 0 TNT2USER.EXE is Trojan Barys http://greatis.com/blog/how-to-remove-malware/tnt2user-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/tnt2user-exe.htm#comments Sun, 19 May 2013 17:10:40 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/tnt2user-exe.htm We checked some samples of TNT2USER.EXE and detected the file TNT2USER.EXE as threat.
Remove the TNT2USER.EXE file from your computer right now.
Removal tool: http://www.unhackme.com

Malware Analysis of TNT2USER.EXE
Full path on a computer: %Local Appdata%\TNT2\2.0.0.1534\TNT2User.exe

Detected by UnHackMe:

TNT2USER.EXE
Default location: %Local Appdata%\TNT2\2.0.0.1534\TNT2User.exe

Removal Results: Success
Number of reboot: 1

TNT2USER.EXE is known as:

Trojan.Barys

TNT2USER.EXE hash:

  • MD5: c89c47f425982d3d5100857af83939c1
How to quickly detect TNT2USER.EXE presence?

Registry:
  • HKLM\Software\Classes\xmlfile\shell\Open\command\: “”%Program Files%\Internet Explorer\IEXPLORE.EXE” -nohome”
  • HKLM\Software\Classes\xslfile\shell\Open\command\: “”%Program Files%\Internet Explorer\IEXPLORE.EXE” -nohome”
Folders:
  • %Local Appdata%\TNT2
  • %Local Appdata%\TNT2\2.0.0.1534
Files:
  • %Local Appdata%\TNT2\2.0.0.1534\Autorun.inf
  • %Local Appdata%\TNT2\2.0.0.1534\crx.tar
  • %Local Appdata%\TNT2\2.0.0.1534\ffassist.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\GLOBALUNINSTALL.TNT
  • %Local Appdata%\TNT2\2.0.0.1534\hmac.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\ie8starter.exe
  • %Local Appdata%\TNT2\2.0.0.1534\iehpr.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\iestage2.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\IEToolbar.dll
  • %Local Appdata%\TNT2\2.0.0.1534\IEToolbar64.dll
  • %Local Appdata%\TNT2\2.0.0.1534\INSTALL.TNT
  • %Local Appdata%\TNT2\2.0.0.1534\log.dll
  • %Local Appdata%\TNT2\2.0.0.1534\npTNT2.dll
  • %Local Appdata%\TNT2\2.0.0.1534\npTNT2Ghost.dll
  • %Local Appdata%\TNT2\2.0.0.1534\OldStyleSB.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\PARTNER.TNT
  • %Local Appdata%\TNT2\2.0.0.1534\passport.dll
  • %Local Appdata%\TNT2\2.0.0.1534\passport64.dll
  • %Local Appdata%\TNT2\2.0.0.1534\pinnedSearch.htm
  • %Local Appdata%\TNT2\2.0.0.1534\pinnedSearch_FindWide.htm
  • %Local Appdata%\TNT2\2.0.0.1534\progress.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\regsvr.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\RemoteSkin.wms
  • %Local Appdata%\TNT2\2.0.0.1534\sqlite.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\tnt2chrome.dll
  • %Local Appdata%\TNT2\2.0.0.1534\TNT2User.exe
  • %Local Appdata%\TNT2\2.0.0.1534\TNT2UserPS.dll
  • %Local Appdata%\TNT2\2.0.0.1534\TNT2UserPS64.dll
  • %Local Appdata%\TNT2\2.0.0.1534\TntMagicDel.dll
  • %Local Appdata%\TNT2\2.0.0.1534\UnInjLib.dll
  • %Local Appdata%\TNT2\2.0.0.1534\UnInjLib64.dll
  • %Local Appdata%\TNT2\2.0.0.1534\UNINSTALL.TNT
  • %Local Appdata%\TNT2\2.0.0.1534\UninstallDlg.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\untar.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\UPDATE.TNT
  • %Local Appdata%\TNT2\2.0.0.1534\xpi.tar
  • %Local Appdata%\TNT2\2.0.0.1534\zipunzip.1.dll

]]> http://greatis.com/blog/how-to-remove-malware/tnt2user-exe.htm/feed 0 WMINIT.EXE is Trojan Downloader http://greatis.com/blog/how-to-remove-malware/wminit-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/wminit-exe.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/wminit-exe.htm The file WMINIT.EXE is malware related.
You must delete the file WMINIT.EXE immediately!
Delete the file WMINIT.EXE without delay!
Kill the process WMINIT.EXE and remove WMINIT.EXE from the Windows startup.

Malware Analysis of WMINIT.EXE
Full path on a computer: %PROGRAM FILES COMMON%\SYSTEM\WMINIT.EXE

Detected by UnHackMe:

WMINIT.EXE
Default location: %PROGRAM FILES COMMON%\SYSTEM\WMINIT.EXE

Removal Results: Success
Number of reboot: 1

WMINIT.EXE is known as:

Trojan Downloader

How to quickly detect WMINIT.EXE presence?

Files:
  • %PROGRAM FILES COMMON%\SYSTEM\WMINIT.EXE
  • %PROGRAM FILES COMMON%\SYSTEM\WMINIT.DAT

]]> http://greatis.com/blog/how-to-remove-malware/wminit-exe.htm/feed 0 WINXPKEY.EXE is Trojan Downloader http://greatis.com/blog/how-to-remove-malware/winxpkey-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/winxpkey-exe.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/winxpkey-exe.htm We checked some samples of WINXPKEY.EXE and detected the file WINXPKEY.EXE as threat.
Remove the WINXPKEY.EXE file from your computer right now.
Removal tool: http://www.unhackme.com

Malware Analysis of WINXPKEY.EXE
Full path on a computer: %SYSTEMDRIVE%\WINXPKEY.EXE

Detected by UnHackMe:

WINXPKEY.EXE
Default location: %SYSTEMDRIVE%\WINXPKEY.EXE

Removal Results: Success
Number of reboot: 1

WINXPKEY.EXE is known as:

Trojan Downloader

How to quickly detect WINXPKEY.EXE presence?

Files:
  • %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KHMHGZ4F\H7H36D8000212102120102010210[1].PAC
  • %PROFILE%\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U98D4X8H\GERAR[1].PHP
  • %SYSTEMDRIVE%\MYINFECT.KEY
  • %SYSTEMDRIVE%\WINXPKEY.EXE

]]> http://greatis.com/blog/how-to-remove-malware/winxpkey-exe.htm/feed 0 SIMPDATA.TLB is Trojan Killfiles http://greatis.com/blog/how-to-remove-malware/simpdata-tlb.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/simpdata-tlb.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/simpdata-tlb.htm The file SIMPDATA.TLB is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete SIMPDATA.TLB we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of SIMPDATA.TLB
Full path on a computer: %WINDIR%\WIN7\SIMPDATA.TLB

Detected by UnHackMe:

SIMPDATA.TLB
Default location: %WINDIR%\WIN7\SIMPDATA.TLB

Removal Results: Success
Number of reboot: 1

SIMPDATA.TLB is known as:

Trojan.Killfiles

How to quickly detect SIMPDATA.TLB presence?

Files:
  • %WINDIR%\WIN7\MSPRIVS.DLL
  • %WINDIR%\WIN7\MSMMSP.DLL
  • %WINDIR%\WIN7\MSRLE32.DLL
  • %WINDIR%\WIN7\MSRALEGACY.TLB
  • %WINDIR%\WIN7\SIMPDATA.TLB

]]> http://greatis.com/blog/how-to-remove-malware/simpdata-tlb.htm/feed 0 PRIMNOG.DLL is Trojan Downloader http://greatis.com/blog/how-to-remove-malware/primnog-dll.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/primnog-dll.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/primnog-dll.htm The file PRIMNOG.DLL is identified as a virus dropper.
The dropper PRIMNOG.DLL is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file PRIMNOG.DLL loads into the computer memory and tries to connect to the dangerous web site.
Usually the PRIMNOG.DLL dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the PRIMNOG.DLL process and delete the file PRIMNOG.DLL.

Malware Analysis of PRIMNOG.DLL
Full path on a computer: %LOCAL APPDATA%\PRIMNOG.DLL

Detected by UnHackMe:

PRIMNOG.DLL
Default location: %LOCAL APPDATA%\PRIMNOG.DLL

Removal Results: Success
Number of reboot: 1

PRIMNOG.DLL is known as:

Trojan Downloader

How to quickly detect PRIMNOG.DLL presence?

Files:
  • %LOCAL APPDATA%\PRIMNOG.DLL

]]> http://greatis.com/blog/how-to-remove-malware/primnog-dll.htm/feed 0 NOIR.ART is Trojan Siggen http://greatis.com/blog/how-to-remove-malware/noir-art.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/noir-art.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/noir-art.htm We checked up the file NOIR.ART and found it hazardous.
The file NOIR.ART must be deleted from the system immediately.
Kill the process NOIR.ART and remove NOIR.ART from the Windows startup.

Malware Analysis of NOIR.ART
Full path on a computer: %TEMP%\NOIR.ART

Detected by UnHackMe:

NOIR.ART
Default location: %TEMP%\NOIR.ART

Removal Results: Success
Number of reboot: 1

NOIR.ART is known as:

Trojan Siggen

How to quickly detect NOIR.ART presence?

Files:
  • %TEMP%\NOIR.ART
  • %TEMP%\AUT1.TMP

]]> http://greatis.com/blog/how-to-remove-malware/noir-art.htm/feed 0 MINERDINSTALL.EXE is Trojan Downloader http://greatis.com/blog/how-to-remove-malware/minerdinstall-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/minerdinstall-exe.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/minerdinstall-exe.htm The file MINERDINSTALL.EXE can destroy your system, thus making the computer to work abnormally.
MINERDINSTALL.EXE is a dangerous file.
RemoveMINERDINSTALL.EXE from your computer immediately.
Kill the process MINERDINSTALL.EXE and remove MINERDINSTALL.EXE from the Windows startup.

Malware Analysis of MINERDINSTALL.EXE
Full path on a computer: %TEMP%\RARSFX0\MINERDINSTALL.EXE

Detected by UnHackMe:

MINERDINSTALL.EXE
Default location: %TEMP%\RARSFX0\MINERDINSTALL.EXE

Removal Results: Success
Number of reboot: 1

MINERDINSTALL.EXE is known as:

Trojan Downloader

How to quickly detect MINERDINSTALL.EXE presence?

Files:
  • %PROGRAMFILES%\MINER\LIBCURL-4.DLL
  • %PROGRAMFILES%\MINER\LIBCURL.DLL
  • %PROGRAMFILES%\MINER\LIBEAY32.DLL
  • %PROGRAMFILES%\MINER\MINERDUNINSTALL.EXE
  • %TEMP%\RARSFX0\MINERDINSTALL.EXE

]]> http://greatis.com/blog/how-to-remove-malware/minerdinstall-exe.htm/feed 0 INS64.EXE is Trojan Downloader http://greatis.com/blog/how-to-remove-malware/ins64-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/ins64-exe.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/ins64-exe.htm We checked up the file INS64.EXE and found it hazardous.
The file INS64.EXE must be deleted from the system immediately.
Kill the process INS64.EXE and remove INS64.EXE from the Windows startup.

Malware Analysis of INS64.EXE
Full path on a computer: %TEMP%\INS\INS64.EXE

Detected by UnHackMe:

INS64.EXE
Default location: %TEMP%\INS\INS64.EXE

Removal Results: Success
Number of reboot: 1

INS64.EXE is known as:

Trojan Downloader

How to quickly detect INS64.EXE presence?

Files:
  • %PROGRAMFILES%\BAIDU\TOOLBAR\IMG\24.ICO
  • %PROGRAMFILES%\BAIDU\TOOLBAR\IMG\23.ICO
  • %PROGRAMFILES%\BAIDU\TOOLBAR\IMG\27.ICO
  • %PROGRAMFILES%\BAIDU\TOOLBAR\IMG\3.ICO
  • %TEMP%\INS\INS64.EXE

]]> http://greatis.com/blog/how-to-remove-malware/ins64-exe.htm/feed 0 IASS.EXE is Trojan MulDrop4 http://greatis.com/blog/how-to-remove-malware/iass-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/iass-exe.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/iass-exe.htm Is the file IASS.EXE located on your computer? Then your computer is infected.
We do suggest you should remove IASS.EXE from your computer as soon as possible.
IASS.EXE is Trojan/Backdoor.
Kill the process IASS.EXE and remove IASS.EXE from the Windows startup.

Malware Analysis of IASS.EXE
Full path on a computer: %SYSDIR%\IASS.EXE

Detected by UnHackMe:

IASS.EXE
Default location: %SYSDIR%\IASS.EXE

Removal Results: Success
Number of reboot: 1

IASS.EXE is known as:

Trojan MulDrop4

How to quickly detect IASS.EXE presence?

Files:
  • \XPDLL.DLL
  • %SYSDIR%\IASS.EXE

]]> http://greatis.com/blog/how-to-remove-malware/iass-exe.htm/feed 0 GXTHLDY.DLL is Trojan AVKill http://greatis.com/blog/how-to-remove-malware/gxthldy-dll.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/gxthldy-dll.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/gxthldy-dll.htm The file GXTHLDY.DLL is malware related.
You must delete the file GXTHLDY.DLL immediately!
Delete the file GXTHLDY.DLL without delay!
Kill the process GXTHLDY.DLL and remove GXTHLDY.DLL from the Windows startup.

Malware Analysis of GXTHLDY.DLL
Full path on a computer: %TEMP%\GXTHLDY\GXTHLDY.DLL

Detected by UnHackMe:

GXTHLDY.DLL
Default location: %TEMP%\GXTHLDY\GXTHLDY.DLL

Removal Results: Success
Number of reboot: 1

GXTHLDY.DLL is known as:

Trojan AVKill

How to quickly detect GXTHLDY.DLL presence?

Files:
  • %LOCAL APPDATA%\MOZILLA\MOZILLA\GXTHLDY.DLL
  • %APPDATA%\MOZILLA\FIREFOX\PROFILES\CWDGT0Y8.DEFAULT\EXTENSIONS\CJACMYCNQJ@CJACMYCNQJ.ORG.XPI
  • %TEMP%\GXTHLDY\GXTHLDY.DLL
  • %TEMP%\NSF2.TMP

]]> http://greatis.com/blog/how-to-remove-malware/gxthldy-dll.htm/feed 0 GOOGLEWORD.EXE is under review http://greatis.com/blog/unknown/googleword-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/unknown/googleword-exe.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/googleword-exe.htm GOOGLEWORD.EXE is unknown, probably legitimate.
If the file GOOGLEWORD.EXE is located on your computer, download UnHackMe for free to fix the problem with GOOGLEWORD.EXE.

Malware Analysis of GOOGLEWORD.EXE
Full path on a computer: %SYSDIR%\GOOGLEWORD.EXE

Detected by UnHackMe:

GOOGLEWORD.EXE
Default location: %SYSDIR%\GOOGLEWORD.EXE

Removal Results: Success
Number of reboot: 1

GOOGLEWORD.EXE is known as:

Dialer.Netvision

How to quickly detect GOOGLEWORD.EXE presence?

Files:
  • %TEMP%\00019CD7.BAT
  • %SYSDIR%\GOOGLEWORD.EXE

]]> http://greatis.com/blog/unknown/googleword-exe.htm/feed 0 GAMELOGIN.EXE is Trojan Downloader http://greatis.com/blog/how-to-remove-malware/gamelogin-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/gamelogin-exe.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/gamelogin-exe.htm We checked up the file GAMELOGIN.EXE and found it hazardous.
The file GAMELOGIN.EXE must be deleted from the system immediately.
Kill the process GAMELOGIN.EXE and remove GAMELOGIN.EXE from the Windows startup.

Malware Analysis of GAMELOGIN.EXE
Full path on a computer: \GAMELOGIN.EXE

Detected by UnHackMe:

GAMELOGIN.EXE
Default location: \GAMELOGIN.EXE

Removal Results: Success
Number of reboot: 1

GAMELOGIN.EXE is known as:

Trojan Downloader

How to quickly detect GAMELOGIN.EXE presence?

Files:
  • \UPDATE.BAT
  • \WGET.EXE
  • \LOGIN.TXT
  • \UP.VBS
  • \GAMELOGIN.EXE

]]> http://greatis.com/blog/how-to-remove-malware/gamelogin-exe.htm/feed 0 FREE DOWNLOAD MANAGER793686.EXE is Adware InstallBrain http://greatis.com/blog/adware/free-download-manager793686-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/adware/free-download-manager793686-exe.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/free-download-manager793686-exe.htm We received the file FREE DOWNLOAD MANAGER793686.EXE and detected that FREE DOWNLOAD MANAGER793686.EXE is not good.
FREE DOWNLOAD MANAGER793686.EXE is Adware. You should remove the file FREE DOWNLOAD MANAGER793686.EXE.
Kill the process FREE DOWNLOAD MANAGER793686.EXE and remove FREE DOWNLOAD MANAGER793686.EXE from Windows.

Malware Analysis of FREE DOWNLOAD MANAGER793686.EXE
Full path on a computer: %TEMP%\FREE DOWNLOAD MANAGER793686.EXE

Detected by UnHackMe:

FREE DOWNLOAD MANAGER793686.EXE
Default location: %TEMP%\FREE DOWNLOAD MANAGER793686.EXE

Removal Results: Success
Number of reboot: 1

FREE DOWNLOAD MANAGER793686.EXE is known as:

Adware InstallBrain

FREE DOWNLOAD MANAGER793686.EXE hash:

    MD5: E57A9AC74B271A8DAE166A25F0CFD4E9
How to quickly detect FREE DOWNLOAD MANAGER793686.EXE presence?

Files:
  • %TEMP%\FREE DOWNLOAD MANAGER793686.EXE

]]> http://greatis.com/blog/adware/free-download-manager793686-exe.htm/feed 0 FILEEXTHANDLER.EXE is Trojan UnwantedProgram http://greatis.com/blog/how-to-remove-malware/fileexthandler-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/fileexthandler-exe.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/fileexthandler-exe.htm The file FILEEXTHANDLER.EXE can destroy your system, thus making the computer to work abnormally.
FILEEXTHANDLER.EXE is a dangerous file.
RemoveFILEEXTHANDLER.EXE from your computer immediately.
Kill the process FILEEXTHANDLER.EXE and remove FILEEXTHANDLER.EXE from the Windows startup.

Malware Analysis of FILEEXTHANDLER.EXE
Full path on a computer: %LOCAL APPDATA%\PC MIGHTYMAX 2012\FILEEXTHANDLER.EXE

Detected by UnHackMe:

FILEEXTHANDLER.EXE
Default location: %LOCAL APPDATA%\PC MIGHTYMAX 2012\FILEEXTHANDLER.EXE

Removal Results: Success
Number of reboot: 1

FILEEXTHANDLER.EXE is known as:

Trojan UnwantedProgram

How to quickly detect FILEEXTHANDLER.EXE presence?

Files:
  • %LOCAL APPDATA%\PC MIGHTYMAX 2012\DIAGNOSTICREPORTER.ICO
  • %LOCAL APPDATA%\PC MIGHTYMAX 2012\ELEVATEHELPER.EXE
  • %PROFILE%\START MENU\PROGRAMS\PC MIGHTYMAX 2012\PC MIGHTYMAX 2012.LNK
  • %LOCAL APPDATA%\PC MIGHTYMAX 2012\ICON.ICO
  • %LOCAL APPDATA%\PC MIGHTYMAX 2012\FILEEXTHANDLER.EXE

]]> http://greatis.com/blog/how-to-remove-malware/fileexthandler-exe.htm/feed 0 D3DX9_21.DLL is Trojan Downloader http://greatis.com/blog/how-to-remove-malware/d3dx9_21-dll.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/d3dx9_21-dll.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/d3dx9_21-dll.htm The file D3DX9_21.DLL is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete D3DX9_21.DLL we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of D3DX9_21.DLL
Full path on a computer: %SYSDIR%\D3DX9_21.DLL

Detected by UnHackMe:

D3DX9_21.DLL
Default location: %SYSDIR%\D3DX9_21.DLL

Removal Results: Success
Number of reboot: 1

D3DX9_21.DLL is known as:

Trojan Downloader

How to quickly detect D3DX9_21.DLL presence?

Files:
  • %SYSDIR%\D3DX9_21.DLL
  • %LOCAL APPDATA%\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\6P5SDOMI\COCOADGSPY_CO19_KR[1]
  • %LOCAL APPDATA%\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\BOWDBRP7\COCOAMSWINSCK_CO19_KR[1]
  • %SYSDIR%\MSWINSCK.OCX

]]> http://greatis.com/blog/how-to-remove-malware/d3dx9_21-dll.htm/feed 0 CRLS.EXE is Trojan Muldrop3 http://greatis.com/blog/how-to-remove-malware/crls-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/crls-exe.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/crls-exe.htm The file CRLS.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete CRLS.EXE we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of CRLS.EXE
Full path on a computer: %SYSTEMDRIVE%\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MICROSOFT\SYSTEMCERTIFICATES\MY\CRLS.EXE

Detected by UnHackMe:

CRLS.EXE
Default location: %SYSTEMDRIVE%\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MICROSOFT\SYSTEMCERTIFICATES\MY\CRLS.EXE

Removal Results: Success
Number of reboot: 1

CRLS.EXE is known as:

Trojan.Muldrop3

How to quickly detect CRLS.EXE presence?

Files:
  • %PROGRAM FILES COMMON%\MICROSOFT SHARED\WEB SERVER EXTENSIONS\40\ISAPI.EXE
  • %PROGRAM FILES COMMON%\MICROSOFT SHARED\WEB SERVER EXTENSIONS\40\BOTS\VINAVBAR.EXE
  • %PROGRAM FILES COMMON%\MICROSOFT SHARED\WEB SERVER EXTENSIONS\40\ISAPI\_VTI_AUT.EXE
  • %PROGRAM FILES COMMON%\MICROSOFT SHARED\WEB SERVER EXTENSIONS\40\ISAPI\_VTI_ADM.EXE
  • %SYSTEMDRIVE%\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MICROSOFT\SYSTEMCERTIFICATES\MY\CRLS.EXE

]]> http://greatis.com/blog/how-to-remove-malware/crls-exe.htm/feed 0 COOKIEMAN.EXE is Adware W3I http://greatis.com/blog/adware/cookieman-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/adware/cookieman-exe.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/cookieman-exe.htm We received the file COOKIEMAN.EXE and detected that COOKIEMAN.EXE is not good.
COOKIEMAN.EXE is Adware. You should remove the file COOKIEMAN.EXE.
Kill the process COOKIEMAN.EXE and remove COOKIEMAN.EXE from Windows.

Malware Analysis of COOKIEMAN.EXE
Full path on a computer: %LOCAL APPDATA%LOW\COOKIEMAN.EXE

Detected by UnHackMe:

COOKIEMAN.EXE
Default location: %LOCAL APPDATA%LOW\COOKIEMAN.EXE

Removal Results: Success
Number of reboot: 1

COOKIEMAN.EXE is known as:

Adware.W3I

How to quickly detect COOKIEMAN.EXE presence?

Files:
  • %TEMP%\PKG_1112322080\DETECTIONRULES.DAT
  • %LOCAL APPDATA%LOW\COOKIEMAN.EXE
  • \DEVICE\HARDDISKVOLUME1\BOOT\BCD
  • \DEVICE\HARDDISKVOLUME1\BOOT\BCD.LOG

]]> http://greatis.com/blog/adware/cookieman-exe.htm/feed 0 COLOUS.EXE is Trojan FrauDrop http://greatis.com/blog/how-to-remove-malware/colous-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/colous-exe.htm#comments Sun, 19 May 2013 14:23:36 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/colous-exe.htm The file COLOUS.EXE can destroy your system, thus making the computer to work abnormally.
COLOUS.EXE is a dangerous file.
RemoveCOLOUS.EXE from your computer immediately.
Kill the process COLOUS.EXE and remove COLOUS.EXE from the Windows startup.

Malware Analysis of COLOUS.EXE
Full path on a computer: %WINDIR%\COLOUS.EXE

Detected by UnHackMe:

COLOUS.EXE
Default location: %WINDIR%\COLOUS.EXE

Removal Results: Success
Number of reboot: 1

COLOUS.EXE is known as:

Trojan FrauDrop

COLOUS.EXE hash:

    MD5: AD83AE05604B32C0380AD26E69CA50CD
How to quickly detect COLOUS.EXE presence?

Files:
  • C:\AT-DESTROYER.TXT
  • %TEMP%\17.TMP\AT-DESTROYER.BAT
  • %TEMP%\AT-DESTROYER\AT-DESTROYER.EXE
  • %WINDIR%\COLOUS.EXE

]]> http://greatis.com/blog/how-to-remove-malware/colous-exe.htm/feed 0 ACTIVEX1.BIN is Trojan SwfDrop http://greatis.com/blog/how-to-remove-malware/activex1-bin.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/activex1-bin.htm#comments Sun, 19 May 2013 14:23:35 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/activex1-bin.htm The file ACTIVEX1.BIN can destroy your system, thus making the computer to work abnormally.
ACTIVEX1.BIN is a dangerous file.
RemoveACTIVEX1.BIN from your computer immediately.
Kill the process ACTIVEX1.BIN and remove ACTIVEX1.BIN from the Windows startup.

Malware Analysis of ACTIVEX1.BIN
Full path on a computer: %TEMP%\WORD\ACTIVEX\ACTIVEX1.BIN

Detected by UnHackMe:

ACTIVEX1.BIN
Default location: %TEMP%\WORD\ACTIVEX\ACTIVEX1.BIN

Removal Results: Success
Number of reboot: 1

ACTIVEX1.BIN is known as:

Trojan SwfDrop

ACTIVEX1.BIN hash:

    MD5: E84119E5D1DBF340AA4F601ACBD82BA2
How to quickly detect ACTIVEX1.BIN presence?

Files:
  • %TEMP%\WORD\ACTIVEX\ACTIVEX1.BIN
  • %TEMP%\WORD\ACTIVEX\_RELS\ACTIVEX1.XML.RELS
  • %TEMP%\WORD\_RELS\DOCUMENT.XML.RELS
  • %TEMP%\_RELS\.RELS

]]> http://greatis.com/blog/how-to-remove-malware/activex1-bin.htm/feed 0 39EIPLUG.DLL is Adware FunWeb http://greatis.com/blog/adware/39eiplug-dll.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/adware/39eiplug-dll.htm#comments Sun, 19 May 2013 14:23:35 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/39eiplug-dll.htm We received the file 39EIPLUG.DLL and detected that 39EIPLUG.DLL is not good.
39EIPLUG.DLL is Adware. You should remove the file 39EIPLUG.DLL.
Kill the process 39EIPLUG.DLL and remove 39EIPLUG.DLL from Windows.

Malware Analysis of 39EIPLUG.DLL
Full path on a computer: %PROGRAMFILES%\MAPSGALAXY_39EI\INSTALLR\1.BIN\39EIPLUG.DLL

Detected by UnHackMe:

39EIPLUG.DLL
Default location: %PROGRAMFILES%\MAPSGALAXY_39EI\INSTALLR\1.BIN\39EIPLUG.DLL

Removal Results: Success
Number of reboot: 1

39EIPLUG.DLL is known as:

Adware FunWeb

39EIPLUG.DLL hash:

    MD5: FF65CDF22CCBD62B9D360DAD3220B41B
How to quickly detect 39EIPLUG.DLL presence?

Files:
  • %PROGRAMFILES%\MAPSGALAXY_39EI\INSTALLR\1.BIN\39EIPLUG.DLL
  • %PROGRAMFILES%\MAPSGALAXY_39EI\INSTALLR\1.BIN\39EZSETP.DLL
  • %PROGRAMFILES%\MAPSGALAXY_39EI\INSTALLR\1.BIN\NP39EISB.DLL

]]> http://greatis.com/blog/adware/39eiplug-dll.htm/feed 0 XF-MCCS6.EXE is Worm AMN http://greatis.com/blog/worm/xf-mccs6-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/worm/xf-mccs6-exe.htm#comments Sat, 18 May 2013 09:08:48 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/xf-mccs6-exe.htm The file XF-MCCS6.EXE is a computer worm.
The worm XF-MCCS6.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the XF-MCCS6.EXE problem as soon as possible!
Delete the file XF-MCCS6.EXE from all infected computers in your network.
Set up your network firewall against XF-MCCS6.EXE intervention.

Malware Analysis of XF-MCCS6.EXE
Full path on a computer: %TEMP%\CRACK-WINDOWS\XF-MCCS6.EXE

Detected by UnHackMe:

XF-MCCS6.EXE
Default location: %TEMP%\CRACK-WINDOWS\XF-MCCS6.EXE

Removal Results: Success
Number of reboot: 1

XF-MCCS6.EXE is known as:

Worm AMN

XF-MCCS6.EXE hash:

    MD5: 1AF76EF8857935EB1D8E46DC9CFE3729
How to quickly detect XF-MCCS6.EXE presence?

Files:
  • %TEMP%\CRACK-WINDOWS\DISABLE_ACTIVATION.CMD
  • %TEMP%\CRACK-WINDOWS\INSTALL.TXT
  • %TEMP%\CRACK-WINDOWS\README.TXT
  • %TEMP%\CRACK-WINDOWS\XF-MCCS6.EXE

]]> http://greatis.com/blog/worm/xf-mccs6-exe.htm/feed 0 VPSCONFIG.EXE is Trojan Downloader http://greatis.com/blog/how-to-remove-malware/vpsconfig-exe.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/how-to-remove-malware/vpsconfig-exe.htm#comments Sat, 18 May 2013 09:08:48 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/vpsconfig-exe.htm Is the file VPSCONFIG.EXE located on your computer? Then your computer is infected.
We do suggest you should remove VPSCONFIG.EXE from your computer as soon as possible.
VPSCONFIG.EXE is Trojan/Backdoor.
Kill the process VPSCONFIG.EXE and remove VPSCONFIG.EXE from the Windows startup.

Malware Analysis of VPSCONFIG.EXE
Full path on a computer: %PROGRAMFILES%\NEWMEDIACODEC\VPSCONFIG.EXE

Detected by UnHackMe:

VPSCONFIG.EXE
Default location: %PROGRAMFILES%\NEWMEDIACODEC\VPSCONFIG.EXE

Removal Results: Success
Number of reboot: 1

VPSCONFIG.EXE is known as:

Trojan Downloader

How to quickly detect VPSCONFIG.EXE presence?

Files:
  • %TEMP%\TMP3.TMP
  • %TEMP%\TMP3.TMP.BAT
  • %TEMP%\NSL2.TMP\NSISDL.DLL
  • %TEMP%\BIT4.TMP
  • %PROGRAMFILES%\NEWMEDIACODEC\VPSCONFIG.EXE

]]> http://greatis.com/blog/how-to-remove-malware/vpsconfig-exe.htm/feed 0 TRULER 120 GAMEZER.JAR is under review http://greatis.com/blog/unknown/truler-120-gamezer-jar.htm#utm_source=feed&utm_medium=feed&utm_campaign=feed http://greatis.com/blog/unknown/truler-120-gamezer-jar.htm#comments Sat, 18 May 2013 09:08:48 +0000 NightWatcher http://greatis.com/blog/how-to-remove-malware/truler-120-gamezer-jar.htm TRULER 120 GAMEZER.JAR is unknown, probably legitimate.
If the file TRULER 120 GAMEZER.JAR is located on your computer, download UnHackMe for free to fix the problem with TRULER 120 GAMEZER.JAR.

Malware Analysis of TRULER 120 GAMEZER.JAR
Full path on a computer: %TEMP%\E4J8.TMP_DIR23867\TRULER 120 GAMEZER.JAR

Detected by UnHackMe:

TRULER 120 GAMEZER.JAR
Default location: %TEMP%\E4J8.TMP_DIR23867\TRULER 120 GAMEZER.JAR

Removal Results: Success
Number of reboot: 1

TRULER 120 GAMEZER.JAR is known as:

Unknow

TRULER 120 GAMEZER.JAR hash:

    MD5: 998C8D43711A6112B5C8A527E9DB0A3B
How to quickly detect TRULER 120 GAMEZER.JAR presence?

Files:
  • %TEMP%\CRVA.EXE
  • %TEMP%\E4J8.TMP_DIR23867\EXE4JLIB.JAR
  • %TEMP%\E4J8.TMP_DIR23867\I4JDEL.EXE
  • %TEMP%\E4J8.TMP_DIR23867\TRULER 120 GAMEZER.JAR

]]> http://greatis.com/blog/unknown/truler-120-gamezer-jar.htm/feed 0