soft.exe - Dangerous
%sysdir%\soft.exe
Manual removal instructions:
Antivirus Report of %sysdir%\soft.exe:
%sysdir%\soft.exe
Trojan Admincash.
Disables Widnows security settings.
Download additional adware components.
Adds "run" = "%System%\soft.exe" to Windows startup registry keys.
Adds the value:
"Web Service" = "%System%\[random file name].exe"
to Active Setup registry keys.
Adds the value:
"DisableSR" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
SystemRestore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
SystemRestore
to disable System Restore.
Adds the value:
"EnableFirewall" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\WindowsFirewall\
DomainProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\
DomainProfile
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\WindowsFirewall\
StandardProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\
StandardProfile
to disable Windows security features.
"NoAutoUpdate" = "0x00000001"
"AUOptions" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\
WindowsUpdate\AU
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\
WindowsUpdate\AU
to disable Windows Auto Update.
Adds the values:
"FirewallDisableNotify" = "0x00000001"
"UpdatesDisableNotify" = "0x00000001"
"AntiVirusDisableNotify" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
to disable notification of disabled firewall.
Creates the following files:
* %Windir%\explorer.new
* %Windir%\wininit.ini
Infects Explorer.exe at next reboot.
Download adware and dialer programs
Removal:
Restore explorer.exe using System File Checker in the Safe mode.
Remove Trojan from Windows startup.
| %sysdir%\soft.exe | Malware |
| %sysdir%\soft.exe | Dangerous |
| %sysdir%\soft.exe | High Risk |
Disables Widnows security settings.
Download additional adware components.
Adds "run" = "%System%\soft.exe" to Windows startup registry keys.
Adds the value:
"Web Service" = "%System%\[random file name].exe"
to Active Setup registry keys.
Adds the value:
"DisableSR" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
SystemRestore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
SystemRestore
to disable System Restore.
Adds the value:
"EnableFirewall" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\WindowsFirewall\
DomainProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\
DomainProfile
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\WindowsFirewall\
StandardProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\
StandardProfile
to disable Windows security features.
"NoAutoUpdate" = "0x00000001"
"AUOptions" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\
WindowsUpdate\AU
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\
WindowsUpdate\AU
to disable Windows Auto Update.
Adds the values:
"FirewallDisableNotify" = "0x00000001"
"UpdatesDisableNotify" = "0x00000001"
"AntiVirusDisableNotify" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
to disable notification of disabled firewall.
Creates the following files:
* %Windir%\explorer.new
* %Windir%\wininit.ini
Infects Explorer.exe at next reboot.
Download adware and dialer programs
Removal:
Restore explorer.exe using System File Checker in the Safe mode.
Remove Trojan from Windows startup.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.