YAEMU.EXE is Trojan DNSChanger

June 29, 2012 by NightWatcher
Filed under: Malware 
: Solved!

Fix it immediately:

The file YAEMU.EXE is malware related.
You must delete the file YAEMU.EXE immediately!
Delete the file YAEMU.EXE without delay!
Kill the process YAEMU.EXE and remove YAEMU.EXE from the Windows startup.

Malware Analysis of YAEMU.EXE
Full path on a computer: %SysDir%\yaemu.exe

Detected by UnHackMe:

Item Name: hgqhp.exe
Author: Unknown
Related File: %SYSDIR%\HGQHP.EXE
Type: Registry Run

Item Name: {0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}
Author: This may cause redirecting to malicious sites
Current Setting: 69.50.184.86,85.255.112.9
Type: DNS Changer

Removal Results: Success
Number of reboot: 1

YAEMU.EXE is known as:

Trojan.DNSChanger

YAEMU.EXE hash:

  • MD5: 00aeb83eaeba8bbb4fb8d5736832b3b8
How to quickly detect YAEMU.EXE presence?

Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\yaemu.exe: “%SysDir%\yaemu.exe”
  • HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44AC5DA9-58BE-4488-A4B4-8E8034659B7D}\NameServer: “”
  • HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44AC5DA9-58BE-4488-A4B4-8E8034659B7D}\Domain: “”
  • HKLM\System\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{44AC5DA9-58BE-4488-A4B4-8E8034659B7D}\NameServerList: 00 00
Files:
  • %SysDir%\yaemu.exe


  • Recommended: UnHackMe anti-rootkit and anti-malware

    Premium software: RegRun Security Suite (Good choice for removal and protection)

    Written by

    Malware Hunter.

    Tags: DNSChanger, Trojan, YAEMU.EXE

    Comments

    Tell me what you're thinking...
    and oh, if you want a pic to show with your comment, go get a gravatar!

    You must be logged in to post a comment.