SHLDR.MBR is Tools SpyHunter

July 2, 2012 by NightWatcher
Filed under: Tools 
: Solved!

Fix it immediately:

The file SHLDR.MBR is not a virus.
The program SHLDR.MBR is a system security tool.
But the SHLDR.MBR tool may be used to compromise computer security by the hacker.

Malware Analysis of SHLDR.MBR
Full path on a computer: C:\sh4ldr\shldr.mbr

Detected by UnHackMe:

SHLDR.MBR
Default location: C:\sh4ldr\shldr.mbr

SHLDR.MBR is known as:

Tools.SpyHunter

SHLDR.MBR hash:

  • MD5: 025926b83a938b5215f3c1dcc882f21c
How to quickly detect SHLDR.MBR presence?

Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SpyHunter Security Suite: “%Program Files%\Enigma Software Group\SpyHunter\SpyHunter4.exe”
  • HKLM\System\CurrentControlSet\Services\esgiguard\ImagePath: “\??\%Program Files%\Enigma Software Group\SpyHunter\esgiguard.sys”
  • HKLM\System\CurrentControlSet\Services\esgiguard\DisplayName: “esgiguard”
  • HKLM\System\CurrentControlSet\Services\SpyHunter 4 Service\ImagePath: “C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE”
  • HKLM\System\CurrentControlSet\Services\SpyHunter 4 Service\DisplayName: “SpyHunter 4 Service”
  • HKLM\System\CurrentControlSet\Services\SpyHunter 4 Service\Description: “SpyHunter 4 Helper Service”
Folders:
  • %Appdata%\Microsoft\Installer
  • %Appdata%\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}
  • %Programs%\SpyHunter
  • %Program Files Common%\Wise Installation Wizard
  • %Program Files%\Enigma Software Group
  • %Program Files%\Enigma Software Group\SpyHunter
  • %Program Files%\Enigma Software Group\SpyHunter\Data
  • %Program Files%\Enigma Software Group\SpyHunter\Defs
  • %Program Files%\Enigma Software Group\SpyHunter\Downloads
  • %Program Files%\Enigma Software Group\SpyHunter\Log
  • %Program Files%\Enigma Software Group\SpyHunter\mon
  • %WinDir%\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
  • C:\sh4ldr
Files:
  • %Appdata%\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconCF33A0CE.exe
  • %Appdata%\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconD7F16134.exe
  • %Appdata%\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconF7A21AF7.exe
  • %Desktop%\SpyHunter.lnk
  • %Programs%\SpyHunter\SpyHunter Emergency Startup.lnk
  • %Programs%\SpyHunter\SpyHunter.lnk
  • %Programs%\SpyHunter\Uninstall SpyHunter.lnk
  • %Program Files Common%\Wise Installation Wizard\WIS9E897D0FF80441A3966C7BB6EB5B6BE8_4_9_11_3987.MSI
  • %Program Files%\Enigma Software Group\SpyHunter\Common.dll
  • %Program Files%\Enigma Software Group\SpyHunter\Czech.lng
  • %Program Files%\Enigma Software Group\SpyHunter\Danish.lng
  • %Program Files%\Enigma Software Group\SpyHunter\Data\dns.dat
  • %Program Files%\Enigma Software Group\SpyHunter\Data\proxy.dat
  • %Program Files%\Enigma Software Group\SpyHunter\Defman.dll
  • %Program Files%\Enigma Software Group\SpyHunter\Defs\2012062701.def
  • %Program Files%\Enigma Software Group\SpyHunter\Defs\def.dat
  • %Program Files%\Enigma Software Group\SpyHunter\Dutch.lng
  • %Program Files%\Enigma Software Group\SpyHunter\English.lng
  • %Program Files%\Enigma Software Group\SpyHunter\esgiguard.sys
  • %Program Files%\Enigma Software Group\SpyHunter\ESGRKCHK.exe
  • %Program Files%\Enigma Software Group\SpyHunter\ExecutionGuard.dll
  • %Program Files%\Enigma Software Group\SpyHunter\French.lng
  • %Program Files%\Enigma Software Group\SpyHunter\German.lng
  • %Program Files%\Enigma Software Group\SpyHunter\gil.dat
  • %Program Files%\Enigma Software Group\SpyHunter\INSTALL.LOG
  • %Program Files%\Enigma Software Group\SpyHunter\Italian.lng
  • %Program Files%\Enigma Software Group\SpyHunter\license.txt
  • %Program Files%\Enigma Software Group\SpyHunter\Lithuanian.lng
  • %Program Files%\Enigma Software Group\SpyHunter\Log\SpyHunter4_20120702_114356.log
  • %Program Files%\Enigma Software Group\SpyHunter\Log\SpyHunter4_20120702_114613.log
  • %Program Files%\Enigma Software Group\SpyHunter\native.exe
  • %Program Files%\Enigma Software Group\SpyHunter\Norwegian.lng
  • %Program Files%\Enigma Software Group\SpyHunter\Portuguese.lng
  • %Program Files%\Enigma Software Group\SpyHunter\purl.dat
  • %Program Files%\Enigma Software Group\SpyHunter\safeol.dat
  • %Program Files%\Enigma Software Group\SpyHunter\scanlog.log
  • %Program Files%\Enigma Software Group\SpyHunter\SH4.com
  • %Program Files%\Enigma Software Group\SpyHunter\SH4Service.exe
  • %Program Files%\Enigma Software Group\SpyHunter\SHDS.mht
  • %Program Files%\Enigma Software Group\SpyHunter\ShScanner.dll
  • %Program Files%\Enigma Software Group\SpyHunter\Spanish.lng
  • %Program Files%\Enigma Software Group\SpyHunter\SpyHunter4.exe
  • %Program Files%\Enigma Software Group\SpyHunter\Swedish.lng
  • %Program Files%\Enigma Software Group\SpyHunter\unkcache.dat
  • %WinDir%\Installer\14600.msi
  • %WinDir%\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP\WiseCustomCalla21.exe
  • C:\sh4ldr\initrd.gz
  • C:\sh4ldr\shldr
  • C:\sh4ldr\shldr.mbr
  • C:\sh4ldr\vmlinuz


  • Recommended: UnHackMe anti-rootkit and anti-malware

    Premium software: RegRun Security Suite (Good choice for removal and protection)

    Written by

    Malware Hunter.

    Tags: SHLDR.MBR, SpyHunter, Tools

    Comments

    Tell me what you're thinking...
    and oh, if you want a pic to show with your comment, go get a gravatar!

    You must be logged in to post a comment.