Restored: C:\WINDOWS\system32\appmgmts.dll

Dmitry Sokolov recommends UnHackMe!


UnHackMe quickly removes pop-up ads, search redirecting, browser hijack, spyware, keyloggers, PC slowdown issues. Download Now!

Download free e-book [PDF]: "How to Easily Remove Malware with UnHackMe"

Join us on Facebook
Click to Download
Solved! The issue has been fixed!
5 Stars (5 / 5)


Share This:

Malware: 75.exe

—————————————————————————————————————————-

Restored:
C:\WINDOWS\system32\appmgmts.dll

—————————————————————————————————————————-
Detected by UnHackMe:


Your Vote?
0 0

Item Name: APPMGMTS.DLL
Author: Unknown
Related File: C:\WINDOWS\SYSTEM32\APPMGMTS.DLL
Type: Infected System Files

The original APPMGMTS.DLL has been successfully restore using RegRun Warrior from the Windows installation CD.

Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.15370.0 2010.04.05 Worm.Generic.229192
Kaspersky 7.0.0.125 2010.04.05 Trojan-Downloader.Win32.Agent.daxa
Microsoft 1.5605 2010.04.04 TrojanDropper:Win32/Jadtre.B
NOD32 4999 2010.04.04 Win32/AutoRun.AntiAV.T

—————————————————————————————————————————-
Additional information
File size: 249344 bytes
MD5 : 47db988d2201cda76a4ffb072328320c
SHA1 : bdbc41a0351e7a3d8eac937086307715c630dda3
SHA256: b68e9fd2463c85e7ed20efd9602e0cbacac6225ae9432a977380fcf970abc115
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys deleted:124
———————————-
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Base
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
/…/
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

———————————-
Keys added:67
———————————-
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe
/…/
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\?????ยค??.exe
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_FORTER
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_FORTER\0000

———————————-
Values deleted:122
———————————-
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\: “Human Interface Devices”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}\: “Volume”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}\: “Floppy disk drive”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}\: “System”
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}\: “SCSIAdapter”
/…/
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot file system\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Base\: “Driver Group”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AppMgmt\: “Service”
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AFD\: “Service”

———————————-
Values added:71
———————————-
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe\Debugger: 6E 74 73 64 20 2D 64
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe\Debugger: 6E 74 73 64 20 2D 64
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe\Debugger: 6E 74 73 64 20 2D 64
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe\Debugger: 6E 74 73 64 20 2D 64
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe\Debugger: 6E 74 73 64 20 2D 64
/…/
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TMBMSRV.exe\Debugger: 6E 74 73 64 20 2D 64
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TmProxy.exe\Debugger: 6E 74 73 64 20 2D 64
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UfSeAgnt.exe\Debugger: 6E 74 73 64 20 2D 64
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\Debugger: 6E 74 73 64 20 2D 64
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe\Debugger: 6E 74 73 64 20 2D 64
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_FORTER\0000\Service: “Forter”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_FORTER\0000\Legacy: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_FORTER\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_FORTER\0000\Class: “LegacyDriver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_FORTER\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_FORTER\0000\DeviceDesc: “Forter”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_FORTER\NextInstance: 0×00000001

———————————-
Values modified:2
———————————-
(-) HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable: 0×00000001
(+) HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable: 0×00000000
(-) HKLM\System\CurrentControlSet\Services\AppMgmt\Start: 0×00000003
(+) HKLM\System\CurrentControlSet\Services\AppMgmt\Start: 0×00000002

———————————-
Files added:1
———————————-
C:\Documents and Settings\NetworkService\Favorites\Desktop.ini

———————————-
Files deleted:1
———————————-
C:\sand-box\75.exe

———————————-
Files [attributes?] modified:5
———————————-
C:\Documents and Settings\NetworkService\Cookies\index.dat
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\WINDOWS\system32\appmgmts.dll

———————————-
Folders added:1
———————————-
C:\Documents and Settings\NetworkService\Favorites

———————————-
Folders attributes changed:2
———————————-
C:\Documents and Settings\NetworkService\Local Settings\History
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files

———————————-
Total changes:396
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com

1. Download UnHackMe free 30-day version

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

2. Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed has installed the first Scan will start automatically

Review the detected threats

3. Carefully review the detected threats!

Click Remove button or False Positive.

What to do if you are unable to solve a problem?

UnHackMe Remote Assistant
  1. Open UnHackMe main screen.
  2. Click on a Remote Assistant button.
  3. Follow instructions on a screen.
  4. We will contact you and send a solution of your problem.
  5. Remote assistance is free during trial period.

Enjoy!

Dmitry Sokolov - author of UnHackMe