I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here: is unknown, probably legitimate.
If the file is located on your computer, download UnHackMe for free to fix the problem with

Malware Analysis of
Executed: C:\sand-box\update.exe

How to quickly detect malware presence?


Antivirus Version Last Update Result
F-Secure 9.0.16440.0 2011.05.11 -
Kaspersky 2011.05.11 HEUR:Trojan-Downloader.Win32.Generic
Microsoft 1.6802 2011.05.11 -
NOD32 6112 2011.05.11 -


MD5 b170652795284a0dda31e3c4034a7a55

SHA1 fa2628be5702d81a0785f2440b453318f35d9146

SHA256 ce48f153b86cca5d3d688f74e49bcdc9b790b9f458f2ad1d070b940b3d208313


When the program is executed, it creates the following registry subkeys and values:

Values added:1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline: 0×00000000

Files added:7
C:\Documents and Settings\Administrator\Local Settings\Temp\down2.txt

Total changes:8

Recommended software:
UnHackMe anti-rootkit and anti-malware
RegRun Security Suite (Good choice for removal and protection)

I use UnHackMe for cleaning ads and viruses from my friend's computers, because it is extremely fast and effective.

1. Download UnHackMe for free

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

2. Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed has installed the first Scan will start automatically

Review the detected threats

3. Carefully review the detected threats!

Click Remove button or False Positive.