ProMT2.pl
ProMT2.pl.exe is unknown, probably legitimate.
If the file ProMT2.pl.exe is located on your computer, download UnHackMe for free to fix the problem with ProMT2.pl.exe.
Malware Analysis of ProMT2.pl
Executed: C:\sand-box\update.exe
—————————————————————————————————————————-
How to quickly detect malware presence?
—————————————————————————————————————————-
Classification:
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| F-Secure | 9.0.16440.0 | 2011.05.11 | - |
| Kaspersky | 9.0.0.837 | 2011.05.11 | HEUR:Trojan-Downloader.Win32.Generic |
| Microsoft | 1.6802 | 2011.05.11 | - |
| NOD32 | 6112 | 2011.05.11 | - |
—————————————————————————————————————————-
MD5 b170652795284a0dda31e3c4034a7a55
SHA1 fa2628be5702d81a0785f2440b453318f35d9146
SHA256 ce48f153b86cca5d3d688f74e49bcdc9b790b9f458f2ad1d070b940b3d208313
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:
———————————-
Values added:1
———————————-
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline: 0×00000000
———————————-
Files added:7
———————————-
C:\Documents and Settings\Administrator\Local Settings\Temp\down2.txt
C:\sand-box\csrss.sys
C:\sand-box\devil.dll
C:\sand-box\locale.cfg
C:\sand-box\Naprawa.exe
C:\sand-box\PROMT2-START.exe
C:\sand-box\ProMT2.pl.exe
———————————-
Total changes:8
———————————-
—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
