Category Archives: Malware

W32.HfsReno.24d0

Share This: W32.HfsReno.24d0 also known as Trojan/Win32.Genome. Malware Analysis of W32.HfsReno.24d0 Created files: %Program Files%\Temp\inpout32.dll %Program Files%\Temp\lb.dll %Program Files%\Temp\lbp.dll %Program Files%\Temp\legal10.ttf %Program Files%\Temp\legal15.ttf Autostart registry keys: HKLM\Software\Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InProcServer32\: “%SysDir%\MSVBVM60.DLL” Detected by UnHackMe: LBP.DLL Default location: %PROGRAM FILES%\TEMP\LBP.DLL Dropper hash(md5): 05a9d85764750d92d371f19a5e1ad012 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.…

Continue reading

PE:Malware.XPACK-HIE/Heur!1.9C48

Share This: PE:Malware.XPACK-HIE/Heur!1.9C48 also known as Trojan.Agent.BDFO, Trojan.PWS.Panda.5676, Trojan/Win32.Agent. Malware Analysis of PE:Malware.XPACK-HIE/Heur!1.9C48 Created files: %Temp%\Fabuza\toefa.exe %Temp%\TJKD755.bat %SysDir%\drivers\24e83e547f483b1c.sys Autostart registry keys: HKLM\System\CurrentControlSet\Services\24e83e547f483b1c\ImagePath: “\SystemRoot\System32\Drivers\24e83e547f483b1c.sys” HKLM\System\CurrentControlSet\Services\24e83e547f483b1c\DisplayName: “toefa.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Toefa: “”%Temp%\Fabuza\toefa.exe”” Detected by UnHackMe: TOEFA.EXE Default location: %TEMP%\FABUZA\TOEFA.EXE Dropper hash(md5): e281ef6855eca55f0e21ed2321102e02 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe is…

Continue reading

TR/Spy.ZBot.aau.246

Share This: TR/Spy.ZBot.aau.246 also known as PE:Malware.XPACK-HIE/Heur!1.9C48, Zbot.JGV, Trojan.Agent.BDFO. Malware Analysis of TR/Spy.ZBot.aau.246 Created files: %Temp%\Fabuza\toefa.exe %Temp%\TJKD755.bat %SysDir%\drivers\24e83e547f483b1c.sys Autostart registry keys: HKLM\System\CurrentControlSet\Services\24e83e547f483b1c\ImagePath: “\SystemRoot\System32\Drivers\24e83e547f483b1c.sys” HKLM\System\CurrentControlSet\Services\24e83e547f483b1c\DisplayName: “toefa.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Toefa: “”%Temp%\Fabuza\toefa.exe”” Detected by UnHackMe: TOEFA.EXE Default location: %TEMP%\FABUZA\TOEFA.EXE Dropper hash(md5): e281ef6855eca55f0e21ed2321102e02 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe is…

Continue reading

RDN/Generic PWS.y!zd

Share This: RDN/Generic PWS.y!zd also known as Trojan.Win32.Inject.kqcu, Mal/Generic-S. Malware Analysis of RDN/Generic PWS.y!zd Created files: %Temp%\OJTOK90.exe C:\Documents and Settings\All Users\svchost.exe Autostart registry keys: HKLM\Software\Microsoft\Active Setup\Installed Components\{MX3KM146-QKPQ-22N1-8C62-UMI080L0N6SE}\StubPath: “”C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OJTOK90.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched: “C:\Documents and Settings\All Users\svchost.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\update_msinfos: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OJTOK90.exe” Detected by UnHackMe: OJTOK90.EXE Default location: %TEMP%\OJTOK90.EXE Dropper hash(md5): 5dab9a6eac3ce8c2db80660f5f90adcf 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser…

Continue reading

TR/Agent.BDBT.1

Share This: TR/Agent.BDBT.1 also known as Trojan.Agent.BDBT, TROJ_DLOADR.BDL, Trojan-Downloader ( 0049a2801 ). Malware Analysis of TR/Agent.BDBT.1 Created files: %Appdata%\Microsoft\wrksock.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wrksock.exe: “%Appdata%\Microsoft\wrksock.exe” Detected by UnHackMe: WRKSOCK.EXE Default location: %APPDATA%\MICROSOFT\WRKSOCK.EXE Dropper hash(md5): 6ad4978da1ebcc5eb127117967605bde 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe is compatible with most…

Continue reading

Hoax.Foreign

Share This: Hoax.Foreign also known as Trojan.Agent, Trojan:Win32/Emotet.A, Trojan-Ransom.Win32.Foreign.kusm. Malware Analysis of Hoax.Foreign Created files: %Appdata%\Microsoft\wrksock.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wrksock.exe: “%Appdata%\Microsoft\wrksock.exe” Detected by UnHackMe: WRKSOCK.EXE Default location: %APPDATA%\MICROSOFT\WRKSOCK.EXE Dropper hash(md5): 6ad4978da1ebcc5eb127117967605bde 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

RDN/Generic.bfr!he

Share This: RDN/Generic.bfr!he also known as Trojan.Agent.BDBT, Trojan.Agent.BDBT, Trojan.Commofra. Malware Analysis of RDN/Generic.bfr!he Created files: %Appdata%\Microsoft\wrksock.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wrksock.exe: “%Appdata%\Microsoft\wrksock.exe” Detected by UnHackMe: WRKSOCK.EXE Default location: %APPDATA%\MICROSOFT\WRKSOCK.EXE Dropper hash(md5): 6ad4978da1ebcc5eb127117967605bde 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

Downloader.Generic13.CDYT

Share This: Downloader.Generic13.CDYT also known as Trojan.Win32.Downloader.bAOJ, Trojan.Agent. Malware Analysis of Downloader.Generic13.CDYT Created files: %Appdata%\Microsoft\wrksock.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wrksock.exe: “%Appdata%\Microsoft\wrksock.exe” Detected by UnHackMe: WRKSOCK.EXE Default location: %APPDATA%\MICROSOFT\WRKSOCK.EXE Dropper hash(md5): 6ad4978da1ebcc5eb127117967605bde 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Kryptik.CDSJ

Share This: Kryptik.CDSJ also known as Trojan/Win32.Downloader, Win32/Ransom.AHMeVCD, Troj/Ransom-AHN. Malware Analysis of Kryptik.CDSJ Created files: %Appdata%\Microsoft\wrksock.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wrksock.exe: “%Appdata%\Microsoft\wrksock.exe” Detected by UnHackMe: WRKSOCK.EXE Default location: %APPDATA%\MICROSOFT\WRKSOCK.EXE Dropper hash(md5): 6ad4978da1ebcc5eb127117967605bde 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

Win32/Spy.Agent.NYU

Share This: Win32/Spy.Agent.NYU also known as RDN/Generic PWS.y!zd, TROJ_GEN.R03WH06E314, Trojan/Win32.Banki. Malware Analysis of Win32/Spy.Agent.NYU Created files: %Temp%\OJTOK90.exe C:\Documents and Settings\All Users\svchost.exe Autostart registry keys: HKLM\Software\Microsoft\Active Setup\Installed Components\{MX3KM146-QKPQ-22N1-8C62-UMI080L0N6SE}\StubPath: “”C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OJTOK90.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched: “C:\Documents and Settings\All Users\svchost.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\update_msinfos: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OJTOK90.exe” Detected by UnHackMe: OJTOK90.EXE Default location: %TEMP%\OJTOK90.EXE Dropper hash(md5): 5dab9a6eac3ce8c2db80660f5f90adcf 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser…

Continue reading

Mal/NecurSys-A

Share This: Mal/NecurSys-A also known as Trojan.GenericKD.1695734, Trojan[Rootkit]/Win32.Necurs, Trojan.GenericKD.1695734 (B). Malware Analysis of Mal/NecurSys-A Created files: %Temp%\Fabuza\toefa.exe %Temp%\TJKD755.bat %SysDir%\drivers\24e83e547f483b1c.sys Autostart registry keys: HKLM\System\CurrentControlSet\Services\24e83e547f483b1c\ImagePath: “\SystemRoot\System32\Drivers\24e83e547f483b1c.sys” HKLM\System\CurrentControlSet\Services\24e83e547f483b1c\DisplayName: “toefa.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Toefa: “”%Temp%\Fabuza\toefa.exe”” Detected by UnHackMe: 24E83E547F483B1C.SYS Default location: %SYSDIR%\DRIVERS\24E83E547F483B1C.SYS Dropper hash(md5): e281ef6855eca55f0e21ed2321102e02 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe…

Continue reading

Generic Malware

Share This: Generic Malware also known as TROJ_DLOADR.BDL, Trojan.Win32.Generic!BT, Downloader.Generic13.CDYT. Malware Analysis of Generic Malware Created files: %Appdata%\Microsoft\wrksock.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wrksock.exe: “%Appdata%\Microsoft\wrksock.exe” Detected by UnHackMe: WRKSOCK.EXE Default location: %APPDATA%\MICROSOFT\WRKSOCK.EXE Dropper hash(md5): 6ad4978da1ebcc5eb127117967605bde 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe is compatible with most antivirus…

Continue reading

Win32:Malware-gen

Share This: Win32:Malware-gen also known as Trojan[Ransom]/Win32.Foreign, Kryptik.CDSJ, Trojan.DownLoader11.10009. Malware Analysis of Win32:Malware-gen Created files: %Appdata%\Microsoft\wrksock.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wrksock.exe: “%Appdata%\Microsoft\wrksock.exe” Detected by UnHackMe: WRKSOCK.EXE Default location: %APPDATA%\MICROSOFT\WRKSOCK.EXE Dropper hash(md5): 6ad4978da1ebcc5eb127117967605bde 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

Win32/Ransom.AHMeVCD

Share This: Win32/Ransom.AHMeVCD also known as RDN/Generic.bfr!he, Trojan.Email.FakeDoc, Trojan.Malware.Obscu.Gen.002. Malware Analysis of Win32/Ransom.AHMeVCD Created files: %Appdata%\Microsoft\wrksock.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wrksock.exe: “%Appdata%\Microsoft\wrksock.exe” Detected by UnHackMe: WRKSOCK.EXE Default location: %APPDATA%\MICROSOFT\WRKSOCK.EXE Dropper hash(md5): 6ad4978da1ebcc5eb127117967605bde 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

W32/Agent.AOJ!tr.dldr

Share This: W32/Agent.AOJ!tr.dldr also known as Trojan.Agent.BDBT, Win32.Trojan.Foreign.Dwtj, Generic Malware. Malware Analysis of W32/Agent.AOJ!tr.dldr Created files: %Appdata%\Microsoft\wrksock.exe Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wrksock.exe: “%Appdata%\Microsoft\wrksock.exe” Detected by UnHackMe: WRKSOCK.EXE Default location: %APPDATA%\MICROSOFT\WRKSOCK.EXE Dropper hash(md5): 6ad4978da1ebcc5eb127117967605bde 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe is compatible with most antivirus software.…

Continue reading

Crypt3.TIW

Share This: Crypt3.TIW also known as Trojan[Rootkit]/Win32.Necurs, Trojan.GenericKD.1695734, Trojan.GenericKD.1695734. Malware Analysis of Crypt3.TIW Created files: %Temp%\Fabuza\toefa.exe %Temp%\TJKD755.bat %SysDir%\drivers\24e83e547f483b1c.sys Autostart registry keys: HKLM\System\CurrentControlSet\Services\24e83e547f483b1c\ImagePath: “\SystemRoot\System32\Drivers\24e83e547f483b1c.sys” HKLM\System\CurrentControlSet\Services\24e83e547f483b1c\DisplayName: “toefa.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Toefa: “”%Temp%\Fabuza\toefa.exe”” Detected by UnHackMe: 24E83E547F483B1C.SYS Default location: %SYSDIR%\DRIVERS\24E83E547F483B1C.SYS Dropper hash(md5): e281ef6855eca55f0e21ed2321102e02 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe is…

Continue reading

W32/Necurs.A!tr.rkit

Share This: W32/Necurs.A!tr.rkit also known as Win32/TrojanDownloader.Necurs.A, Trojan.Win32.Generic!BT, Trojan.GenericKD.1695734. Malware Analysis of W32/Necurs.A!tr.rkit Created files: %Temp%\Fabuza\toefa.exe %Temp%\TJKD755.bat %SysDir%\drivers\24e83e547f483b1c.sys Autostart registry keys: HKLM\System\CurrentControlSet\Services\24e83e547f483b1c\ImagePath: “\SystemRoot\System32\Drivers\24e83e547f483b1c.sys” HKLM\System\CurrentControlSet\Services\24e83e547f483b1c\DisplayName: “toefa.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Toefa: “”%Temp%\Fabuza\toefa.exe”” Detected by UnHackMe: 24E83E547F483B1C.SYS Default location: %SYSDIR%\DRIVERS\24E83E547F483B1C.SYS Dropper hash(md5): e281ef6855eca55f0e21ed2321102e02 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe is…

Continue reading

HEUR/Malware.QVM00.Gen

Share This: HEUR/Malware.QVM00.Gen also known as Trojan.GenericKD.1695734, Win32:Rootkit-gen [Rtk], W32/Necurs.A!tr.rkit. Malware Analysis of HEUR/Malware.QVM00.Gen Created files: %Temp%\Fabuza\toefa.exe %Temp%\TJKD755.bat %SysDir%\drivers\24e83e547f483b1c.sys Autostart registry keys: HKLM\System\CurrentControlSet\Services\24e83e547f483b1c\ImagePath: “\SystemRoot\System32\Drivers\24e83e547f483b1c.sys” HKLM\System\CurrentControlSet\Services\24e83e547f483b1c\DisplayName: “toefa.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Toefa: “”%Temp%\Fabuza\toefa.exe”” Detected by UnHackMe: 24E83E547F483B1C.SYS Default location: %SYSDIR%\DRIVERS\24E83E547F483B1C.SYS Dropper hash(md5): e281ef6855eca55f0e21ed2321102e02 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe…

Continue reading

PUP.Optional.MultiPlug.A

Share This: Malware Analysis of PUP.Optional.MultiPlug.A Created files: %Program Files%\YoutubeAdblocker\Vpg8E.dll %Program Files%\YoutubeAdblocker\Vpg8E.tlb %Program Files%\YoutubeAdblocker\Vpg8E.x64.dll %SysDir%\msxml3a.dll %WinDir%\Tasks\SW_Booster-S-779027139.job Autostart registry keys: HKLM\Software\Classes\CLSID\{020D5105-06DE-4C30-BB9E-AFB9CE348554}\InprocServer32\: “%Program Files Common%\AVSMedia\ActiveX\AVSMediaFormatSettings3.dll” HKLM\Software\Classes\CLSID\{077C0A16-8AE9-4F61-A16C-0397E4A88014}\InprocServer32\: “%Program Files Common%\AVSMedia\ActiveX\AVSFLVFile3.dll” HKLM\Software\Classes\CLSID\{08694DC4-2D71-40B2-A428-8A4CCD5FBAE9}\InprocServer32\: “%Program Files Common%\AVSMedia\ActiveX\AVSVideoCompress3.dll” HKLM\Software\Classes\CLSID\{0A360E83-8238-4D10-A730-B1CC7DB0A073}\InprocServer32\: “%Program Files Common%\AVSMedia\ActiveX\AVSSWFFile3.dll” HKLM\Software\Classes\CLSID\{0BD8B7AC-B491-42ef-A34E-6DBBC0B1F573}\InprocServer32\: “%Program Files Common%\AVSMedia\ActiveX\AVSCoreDW.dll” HKLM\Software\Classes\CLSID\{0C068D82-534E-6791-04CC-BDE4FE475B2B}\InprocServer32\: “%Program Files%\YoutubeAdblocker\Vpg8E.dll” HKLM\Software\Classes\CLSID\{0EB6B1F8-E170-45B0-882B-E1D833B15F63}\InprocServer32\: “%Program Files Common%\AVSMedia\ActiveX\AVSDVDSubpicture.dll” HKLM\Software\Classes\CLSID\{142B5713-0AA8-4d89-87CC-0AE636F381E9}\InprocServer32\: “%Program Files Common%\AVSMedia\ActiveX\AVSMediaCore3.dll” HKLM\Software\Classes\CLSID\{15757658-E866-49DE-8FDA-980C72757430}\InprocServer32\: “%Program Files Common%\AVSMedia\ActiveX\AVSIFOFiles.dll” HKLM\Software\Classes\CLSID\{174EA295-730D-4132-A830-9C71ED225496}\InprocServer32\:…

Continue reading

Artemis!0B17DD039E8A

Share This: Artemis!0B17DD039E8A also known as Trojan[Rootkit]/Win32.Necurs, HEUR/Malware.QVM00.Gen, Trojan.GenericKD.1695734. Malware Analysis of Artemis!0B17DD039E8A Created files: %Temp%\Fabuza\toefa.exe %Temp%\TJKD755.bat %SysDir%\drivers\24e83e547f483b1c.sys Autostart registry keys: HKLM\System\CurrentControlSet\Services\24e83e547f483b1c\ImagePath: “\SystemRoot\System32\Drivers\24e83e547f483b1c.sys” HKLM\System\CurrentControlSet\Services\24e83e547f483b1c\DisplayName: “toefa.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Toefa: “”%Temp%\Fabuza\toefa.exe”” Detected by UnHackMe: 24E83E547F483B1C.SYS Default location: %SYSDIR%\DRIVERS\24E83E547F483B1C.SYS Dropper hash(md5): e281ef6855eca55f0e21ed2321102e02 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily. UnHackMe is…

Continue reading

Goobzo (fs)

Share This: Goobzo (fs) also known as Malware.QVM10.Gen, Adware.Plugin.209. Malware Analysis of Goobzo (fs) Created files: %Temp%\SAINST\YouTubeAccelerator.exe %Temp%\SAINST\YouTubeAcceleratorService.exe %Temp%\SAINST\YTAHelper.exe %Temp%\SAINST\YTAHUninstall.exe %Temp%\SAINST\ytalsp.dll Autostart registry keys: HKLM\Software\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32\: “%SysDir%\AniGIF.ocx” HKLM\Software\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32\: “%SysDir%\AniGIF.ocx” HKLM\Software\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32\: “%SysDir%\AniGIF.ocx” HKLM\Software\Classes\CLSID\{AACB4436-8055-FBBC-F63D-DB347F3CEAC5}\InprocServer32\: “%SystemRoot%\system32\eapqec.dll” HKLM\Software\Classes\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}\InprocServer32\: “%Common Appdata%\YTAHelper\YTAHelper.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator\DisplayName: “YouTube Accelerator” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator\UninstallString: “”%Program Files%\YouTube Accelerator\YTAUninstall.exe”” HKLM\System\CurrentControlSet\Services\YouTubeAcceleratorService\ImagePath: “C:\PROGRA~1\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm” HKLM\System\CurrentControlSet\Services\YouTubeAcceleratorService\DisplayName: “YouTubeAcceleratorService” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\GoobzoYouTubeAccelerator: “”%Program Files%\YouTube Accelerator\YouTubeAccelerator.exe” /startup”…

Continue reading

Skodna.A8D

Share This: Skodna.A8D also known as a variant of Win32/ShopperPro.A, Adware.Win32.ShopperPro.bA. Malware Analysis of Skodna.A8D Created files: %Temp%\SAINST\YouTubeAccelerator.exe %Temp%\SAINST\YouTubeAcceleratorService.exe %Temp%\SAINST\YTAHelper.exe %Temp%\SAINST\YTAHUninstall.exe %Temp%\SAINST\ytalsp.dll Autostart registry keys: HKLM\Software\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32\: “%SysDir%\AniGIF.ocx” HKLM\Software\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32\: “%SysDir%\AniGIF.ocx” HKLM\Software\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32\: “%SysDir%\AniGIF.ocx” HKLM\Software\Classes\CLSID\{AACB4436-8055-FBBC-F63D-DB347F3CEAC5}\InprocServer32\: “%SystemRoot%\system32\eapqec.dll” HKLM\Software\Classes\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}\InprocServer32\: “%Common Appdata%\YTAHelper\YTAHelper.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator\DisplayName: “YouTube Accelerator” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator\UninstallString: “”%Program Files%\YouTube Accelerator\YTAUninstall.exe”” HKLM\System\CurrentControlSet\Services\YouTubeAcceleratorService\ImagePath: “C:\PROGRA~1\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm” HKLM\System\CurrentControlSet\Services\YouTubeAcceleratorService\DisplayName: “YouTubeAcceleratorService” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\GoobzoYouTubeAccelerator: “”%Program Files%\YouTube Accelerator\YouTubeAccelerator.exe”…

Continue reading

Malware.QVM10.Gen

Share This: Malware.QVM10.Gen also known as a variant of Win32/ShopperPro.A, Skodna.A8D. Malware Analysis of Malware.QVM10.Gen Created files: %Temp%\SAINST\YouTubeAccelerator.exe %Temp%\SAINST\YouTubeAcceleratorService.exe %Temp%\SAINST\YTAHelper.exe %Temp%\SAINST\YTAHUninstall.exe %Temp%\SAINST\ytalsp.dll Autostart registry keys: HKLM\Software\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32\: “%SysDir%\AniGIF.ocx” HKLM\Software\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32\: “%SysDir%\AniGIF.ocx” HKLM\Software\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32\: “%SysDir%\AniGIF.ocx” HKLM\Software\Classes\CLSID\{AACB4436-8055-FBBC-F63D-DB347F3CEAC5}\InprocServer32\: “%SystemRoot%\system32\eapqec.dll” HKLM\Software\Classes\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}\InprocServer32\: “%Common Appdata%\YTAHelper\YTAHelper.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator\DisplayName: “YouTube Accelerator” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator\UninstallString: “”%Program Files%\YouTube Accelerator\YTAUninstall.exe”” HKLM\System\CurrentControlSet\Services\YouTubeAcceleratorService\ImagePath: “C:\PROGRA~1\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm” HKLM\System\CurrentControlSet\Services\YouTubeAcceleratorService\DisplayName: “YouTubeAcceleratorService” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\GoobzoYouTubeAccelerator: “”%Program Files%\YouTube Accelerator\YouTubeAccelerator.exe”…

Continue reading

a variant of Win32/ShopperPro.A

Share This: a variant of Win32/ShopperPro.A also known as Skodna.A8D, Malware.QVM10.Gen. Malware Analysis of a variant of Win32/ShopperPro.A Created files: %Temp%\SAINST\YouTubeAccelerator.exe %Temp%\SAINST\YouTubeAcceleratorService.exe %Temp%\SAINST\YTAHelper.exe %Temp%\SAINST\YTAHUninstall.exe %Temp%\SAINST\ytalsp.dll Autostart registry keys: HKLM\Software\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32\: “%SysDir%\AniGIF.ocx” HKLM\Software\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32\: “%SysDir%\AniGIF.ocx” HKLM\Software\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32\: “%SysDir%\AniGIF.ocx” HKLM\Software\Classes\CLSID\{AACB4436-8055-FBBC-F63D-DB347F3CEAC5}\InprocServer32\: “%SystemRoot%\system32\eapqec.dll” HKLM\Software\Classes\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}\InprocServer32\: “%Common Appdata%\YTAHelper\YTAHelper.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator\DisplayName: “YouTube Accelerator” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator\UninstallString: “”%Program Files%\YouTube Accelerator\YTAUninstall.exe”” HKLM\System\CurrentControlSet\Services\YouTubeAcceleratorService\ImagePath: “C:\PROGRA~1\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm” HKLM\System\CurrentControlSet\Services\YouTubeAcceleratorService\DisplayName: “YouTubeAcceleratorService” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\GoobzoYouTubeAccelerator:…

Continue reading

SVCHOST.JPG is Trojan Backdoor

Share This: We checked up the file SVCHOST.JPG and found it hazardous. The file SVCHOST.JPG must be deleted from the system immediately. Kill the process SVCHOST.JPG and remove SVCHOST.JPG from the Windows startup. Malware Analysis of SVCHOST.JPG Full path on a computer: %WinDir%\svchost.jpg Detected by UnHackMe: SVCHOST.JPG Default location: %WinDir%\svchost.jpg Removal Results: Success Number of…

Continue reading

{f92a9fe4-2850-4198-b9d5-279880e49b16}

Share This: {f92a9fe4-2850-4198-b9d5-279880e49b16} is a browser extension unique ID. A browser extension is a computer program that extends the functionality of a web browser in some way. We suggest you to remove {f92a9fe4-2850-4198-b9d5-279880e49b16} extension from your browser as soon as possible. Also, you should delete files and registry keys, created by {f92a9fe4-2850-4198-b9d5-279880e49b16}. {f92a9fe4-2850-4198-b9d5-279880e49b16} is related…

Continue reading

quick_start@gmail.com

Share This: quick_start@gmail.com is a browser extension unique ID. A browser extension is a computer program that extends the functionality of a web browser in some way. We suggest you to remove quick_start@gmail.com extension from your browser as soon as possible. Also, you should delete files and registry keys, created by quick_start@gmail.com. quick_start@gmail.com is related…

Continue reading

jcdockbgnfkijbblcmnppjpigimigdck

Share This: jcdockbgnfkijbblcmnppjpigimigdck is a browser extension unique ID. A browser extension is a computer program that extends the functionality of a web browser in some way. We suggest you to remove jcdockbgnfkijbblcmnppjpigimigdck extension from your browser as soon as possible. Also, you should delete files and registry keys, created by jcdockbgnfkijbblcmnppjpigimigdck. jcdockbgnfkijbblcmnppjpigimigdck is related…

Continue reading

adhpiademcfnoaninfbhahnilgnpoeaa

Share This: adhpiademcfnoaninfbhahnilgnpoeaa is a browser extension unique ID. A browser extension is a computer program that extends the functionality of a web browser in some way. We suggest you to remove adhpiademcfnoaninfbhahnilgnpoeaa extension from your browser as soon as possible. Also, you should delete files and registry keys, created by adhpiademcfnoaninfbhahnilgnpoeaa. adhpiademcfnoaninfbhahnilgnpoeaa is related…

Continue reading

2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com

Share This: 2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com is a browser extension unique ID. A browser extension is a computer program that extends the functionality of a web browser in some way. We suggest you to remove 2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com extension from your browser as soon as possible. Also, you should delete files and registry keys, created by 2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com. 2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com is related…

Continue reading

HYPERBROWSER.EXE

Share This: The file HYPERBROWSER.EXE is malware related. You must delete the file HYPERBROWSER.EXE immediately! Delete the file HYPERBROWSER.EXE without delay! Kill the process HYPERBROWSER.EXE and remove HYPERBROWSER.EXE from the Windows startup. HYPERBROWSER.EXE Information and Removal: HYPERBROWSER.EXE is known as: Antivirus testing: 8 / 68Dangerous Status: MalwareMalware Aliases: Gen:Variant.Graftor.136242 Gen:Variant.Graftor.136242 Gen:Variant.Graftor.136242 Gen:Variant.Graftor.136242 Gen:Variant.Graftor.136242. MD5 of…

Continue reading

Solved! How to remove Adwerx.com popups

Share This: Adwerx.com web site is claimed in annoying advertisements. Adwerx.com redirect searches, user-entered URLs without clear notification and consent. Sometimes Adwerx.com is installed without a user permission. Some people have big problems with removing Adwerx.com from their computers. Adwerx.com may infects your web browser. Adwerx.com redirects your web search, installs additional browser plugins. Adwerx.com…

Continue reading

MAGNET-DOWNLOADERIE.EXE

Share This: The file MAGNET-DOWNLOADERIE.EXE is malware related. You must delete the file MAGNET-DOWNLOADERIE.EXE immediately! Delete the file MAGNET-DOWNLOADERIE.EXE without delay! Kill the process MAGNET-DOWNLOADERIE.EXE and remove MAGNET-DOWNLOADERIE.EXE from the Windows startup. MAGNET-DOWNLOADERIE.EXE Information and Removal: MAGNET-DOWNLOADERIE.EXE is known as: Orvanpsm Antivirus testing: 16 / 68Dangerous Status: Potentially unwantedMalware Aliases: Riskware.ScrambleWrapper Trojan.Win32.ScrambleWrapper HW32.CDB Trojan.Crossrider.10 Trojan.…

Continue reading

MAGNET DOWNLOADER-HELPER.EXE

Share This: The file MAGNET DOWNLOADER-HELPER.EXE is malware related. You must delete the file MAGNET DOWNLOADER-HELPER.EXE immediately! Delete the file MAGNET DOWNLOADER-HELPER.EXE without delay! Kill the process MAGNET DOWNLOADER-HELPER.EXE and remove MAGNET DOWNLOADER-HELPER.EXE from the Windows startup. MAGNET DOWNLOADER-HELPER.EXE Information and Removal: MAGNET DOWNLOADER-HELPER.EXE is known as: Antivirus testing: 1 / 68Dangerous Status: InconclusiveMalware Aliases:…

Continue reading

WebSearchy.com

Share This: WebSearchy.com web site is claimed in annoying advertisements. WebSearchy.com redirect searches, user-entered URLs without clear notification and consent. Sometimes WebSearchy.com is installed without a user permission. Some people have big problems with removing WebSearchy.com from their computers. WebSearchy.com is related to: Adware, Search Redirecting. 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted…

Continue reading

Solved! How to remove 2014customersurvey.com popups

Share This: 2014customersurvey.com web site is claimed in annoying advertisements. 2014customersurvey.com redirect searches, user-entered URLs without clear notification and consent. Sometimes 2014customersurvey.com is installed without a user permission. Some people have big problems with removing 2014customersurvey.com from their computers. 2014customersurvey.com may infects your web browser. 2014customersurvey.com redirects your web search, installs additional browser plugins. 2014customersurvey.com…

Continue reading

Websearch.fastosearch.info

Share This: Websearch.fastosearch.info web site is claimed in annoying advertisements. Websearch.fastosearch.info redirect searches, user-entered URLs without clear notification and consent. Sometimes Websearch.fastosearch.info is installed without a user permission. Some people have big problems with removing Websearch.fastosearch.info from their computers. Websearch.fastosearch.info is related to: Adware, Sprotector, Search Redirecting. 1. Download UnHackMe free 30-day version UnHackMe removes…

Continue reading

Updates-required.com

Share This: Updates-required.com web site is claimed in annoying advertisements. Updates-required.com redirect searches, user-entered URLs without clear notification and consent. Sometimes Updates-required.com is installed without a user permission. Some people have big problems with removing Updates-required.com from their computers. Updates-required.com is related to: Adware. 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search…

Continue reading

search.buzzdock.com

Share This: search.buzzdock.com web site is claimed in annoying advertisements. search.buzzdock.com redirect searches, user-entered URLs without clear notification and consent. Sometimes search.buzzdock.com is installed without a user permission. Some people have big problems with removing search.buzzdock.com from their computers. search.buzzdock.com is related to: Adware, Search Redirecting. 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted…

Continue reading

RU-MINECRAFT.ORG

Share This: RU-MINECRAFT.ORG web site is claimed in annoying advertisements. RU-MINECRAFT.ORG redirect searches, user-entered URLs without clear notification and consent. Sometimes RU-MINECRAFT.ORG is installed without a user permission. Some people have big problems with removing RU-MINECRAFT.ORG from their computers. RU-MINECRAFT.ORG is related to: Adware, Search Redirecting. 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted…

Continue reading

PENWES.EXE

Share This: The file PENWES.EXE is malware related. You must delete the file PENWES.EXE immediately! Delete the file PENWES.EXE without delay! Kill the process PENWES.EXE and remove PENWES.EXE from the Windows startup. PENWES.EXE Information and Removal: PENWES.EXE is known as: Antivirus testing: 2 / 68Dangerous Status: CleanMalware Aliases: TROJ_GEN.F47V0909. MD5 of PENWES.EXE = 991CAA91E7D0C2AF40DD9609F3BC106C PENWES.EXE…

Continue reading

PCTECHHOTLINE.EXE

Share This: The file PCTECHHOTLINE.EXE is malware related. You must delete the file PCTECHHOTLINE.EXE immediately! Delete the file PCTECHHOTLINE.EXE without delay! Kill the process PCTECHHOTLINE.EXE and remove PCTECHHOTLINE.EXE from the Windows startup. PCTECHHOTLINE.EXE Information and Removal: PCTECHHOTLINE.EXE is known as: Antivirus testing: 2 / 68Dangerous Status: Potentially unwantedMalware Aliases: PUP.Crawler.N. MD5 of PCTECHHOTLINE.EXE = 38F118B9E3DC5DB95D9732B14AFBD0EA…

Continue reading

PCCLAUNCHER.EXE

Share This: The file PCCLAUNCHER.EXE is malware related. You must delete the file PCCLAUNCHER.EXE immediately! Delete the file PCCLAUNCHER.EXE without delay! Kill the process PCCLAUNCHER.EXE and remove PCCLAUNCHER.EXE from the Windows startup. PCCLAUNCHER.EXE Information and Removal: PCCLAUNCHER.EXE is known as: Antivirus testing: 1 / 68Dangerous Status: Inconclusive but possibly unwantedMalware Aliases: PUP.Optional.Startup.SmartPCSolutions.L. MD5 of PCCLAUNCHER.EXE…

Continue reading

APP24X7HOOK64.DLL

Share This: The file APP24X7HOOK64.DLL is malware related. You must delete the file APP24X7HOOK64.DLL immediately! Delete the file APP24X7HOOK64.DLL without delay! Kill the process APP24X7HOOK64.DLL and remove APP24X7HOOK64.DLL from the Windows startup. APP24X7HOOK64.DLL Information and Removal: APP24X7HOOK64.DLL is known as: 24x7Help Hook Library Antivirus testing: 3 / 68Dangerous Status: Potentially unwantedMalware Aliases: Optional.Crawler.N Win64/24x7Help PUP.Crawler.N.…

Continue reading

APP24X7HOOK.DLL

Share This: The file APP24X7HOOK.DLL is malware related. You must delete the file APP24X7HOOK.DLL immediately! Delete the file APP24X7HOOK.DLL without delay! Kill the process APP24X7HOOK.DLL and remove APP24X7HOOK.DLL from the Windows startup. APP24X7HOOK.DLL Information and Removal: APP24X7HOOK.DLL is known as: 24x7Help Hook Library Antivirus testing: 3 / 68Dangerous Status: Potentially unwantedMalware Aliases: Optional.Crawler.L Win32/24x7Help PUP.Crawler.L.…

Continue reading

AGFNAKJGAGASFAUSF.EXE is Trojan BtcMine

Share This: Is the file AGFNAKJGAGASFAUSF.EXE located on your computer? Then your computer is infected. We do suggest you should remove AGFNAKJGAGASFAUSF.EXE from your computer as soon as possible. AGFNAKJGAGASFAUSF.EXE is Trojan/Backdoor. Kill the process AGFNAKJGAGASFAUSF.EXE and remove AGFNAKJGAGASFAUSF.EXE from the Windows startup. Malware Analysis of AGFNAKJGAGASFAUSF.EXE Full path on a computer: %Appdata%\drivergpucpu\agfnakjgagasfausf.exe Detected by…

Continue reading

DUJIZGAQBEAP.EXE is Trojan Cutwail

Share This: Is the file DUJIZGAQBEAP.EXE located on your computer? Then your computer is infected. We do suggest you should remove DUJIZGAQBEAP.EXE from your computer as soon as possible. DUJIZGAQBEAP.EXE is Trojan/Backdoor. Kill the process DUJIZGAQBEAP.EXE and remove DUJIZGAQBEAP.EXE from the Windows startup. Malware Analysis of DUJIZGAQBEAP.EXE Full path on a computer: %Profile%\dujizgaqbeap.exe Detected by…

Continue reading

Searches.vi-view.com

Share This: Searches.vi-view.com web site is claimed in annoying advertisements. Searches.vi-view.com redirect searches, user-entered URLs without clear notification and consent. Sometimes Searches.vi-view.com is installed without a user permission. Some people have big problems with removing Searches.vi-view.com from their computers. Searches.vi-view.com is related to: Adware, Search Redirecting. 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted…

Continue reading

PcUpgradeNow.com

Share This: PcUpgradeNow.com web site is claimed in annoying advertisements. PcUpgradeNow.com redirect searches, user-entered URLs without clear notification and consent. Sometimes PcUpgradeNow.com is installed without a user permission. Some people have big problems with removing PcUpgradeNow.com from their computers. PcUpgradeNow.com is related to: Adware. 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search…

Continue reading

karatohbho.dll

Share This: We received the file karatohbho.dll and detected thatkaratohbho.dll is not good. karatohbho.dll is Adware. You should remove the file karatohbho.dll. Kill the process karatohbho.dll and remove karatohbho.dll from Windows. karatohbho.dll is related to: Adware, Sprotector, Search Redirecting, PUP.Optional.Karatoh. 1. Download UnHackMe free 30-day version UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC…

Continue reading