Adware ( 0048ec001 )

Adware ( 0048ec001 ) also known as W32/Qhost.R.gen!Eldorado, TROJ_GEN.R047C0DK913, Trojan/Dropper.Agent.voh.

Malware Analysis of Adware ( 0048ec001 )

Created files:

%SysDir%\INETKO.DLL
%SysDir%\VB6KO.DLL
%WinDir%\fileupinst.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Utilocean\UninstallString: “%Program Files%\Utilocean\Uninstall.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\UtilOcean: “%Program Files%\Utilocean\utiloceanup.exe”

Detected by UnHackMe:

FILEUPINST.EXE
Default location: %WinDir%\FILEUPINST.EXE

Written by 

Malware Hunter.

Leave a Reply

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera