mplay.exe - Dangerous
%windir%\mplay.exe
Manual removal instructions:
Antivirus Report of %windir%\mplay.exe:
%windir%\mplay.exe
We suggest you to remove %WinDir%\mplay.exe from your computer as soon as possible.
%WinDir%\mplay.exe is Trojan/Backdoor.
Kill the process %WinDir%\mplay.exe and remove %WinDir%\mplay.exe from Windows startup.
File: mplay.exe
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.07.09 Win32:Trojan-gen {Other}
AVG 8.5.0.387 2009.07.09 Generic13.BKVD
BitDefender 7.2 2009.07.10 Trojan.Dropper.Agent.UOU
Comodo 1601 2009.07.10 -
DrWeb 5.0.0.12182 2009.07.10 BackDoor.Dosia.108
F-Secure 8.0.14470.0 2009.07.10 Trojan.Win32.Buzus.bhtd
Kaspersky 7.0.0.125 2009.07.10 Trojan.Win32.Buzus.bhtd
Microsoft 1.4803 2009.07.10 VirTool:Win32/DelfInject.gen!L
NOD32 4230 2009.07.10 Win32/Naprat.B
Symantec 1.4.4.12 2009.07.10 W32.IRCBot
Additional information
File size: 160768 bytes
MD5 : ce5126b12926220c15d3df3a8ff6a05d
SHA1 : 5b39eaa17ce07ce42036b41fdc45dddd6d5a3605
-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:2
----------------------------------
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7U56KFDB-4036-J8SX-U8JI-6512121AP505}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
----------------------------------
Values added:7
----------------------------------
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7U56KFDB-4036-J8SX-U8JI-6512121AP505}\StubPath: ""C:\WINDOWS\mplay.exe""
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RSA: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\DSA: 0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Media Player: "C:\WINDOWS\mplay.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Media Player: "C:\WINDOWS\mplay.exe"
HKCU\Software\Microsoft\Windows NT\CurrentVersion\<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<: 0x00000001
HKCU\Software\Microsoft\Windows NT\CurrentVersion\: "H1UYEEMA[QRmymn{.nqk"
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:2
----------------------------------
C:\WINDOWS\mplay.exe
C:\WINDOWS\odbcsetup.ini
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:0
----------------------------------
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:11
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Item Name: Windows Media Player
Author: Unknown
Related File: C:\WINDOWS\mplay.exe
Type: Explorer Run
Item Name: {7U56KFDB-4036-J8SX-U8JI-6512121AP505}
Author: Unknown
Related File: "C:\WINDOWS\mplay.exe"
Type: ActiveSetup
Item Name: mplay.exe
Author: Unknown
Related File: C:\WINDOWS\mplay.exe
Type: Detected using Heuristic Algorithm
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
| %windir%\mplay.exe | Malware |
| %windir%\mplay.exe | Dangerous |
| %windir%\mplay.exe | High Risk |
%WinDir%\mplay.exe is Trojan/Backdoor.
Kill the process %WinDir%\mplay.exe and remove %WinDir%\mplay.exe from Windows startup.
File: mplay.exe
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.07.09 Win32:Trojan-gen {Other}
AVG 8.5.0.387 2009.07.09 Generic13.BKVD
BitDefender 7.2 2009.07.10 Trojan.Dropper.Agent.UOU
Comodo 1601 2009.07.10 -
DrWeb 5.0.0.12182 2009.07.10 BackDoor.Dosia.108
F-Secure 8.0.14470.0 2009.07.10 Trojan.Win32.Buzus.bhtd
Kaspersky 7.0.0.125 2009.07.10 Trojan.Win32.Buzus.bhtd
Microsoft 1.4803 2009.07.10 VirTool:Win32/DelfInject.gen!L
NOD32 4230 2009.07.10 Win32/Naprat.B
Symantec 1.4.4.12 2009.07.10 W32.IRCBot
Additional information
File size: 160768 bytes
MD5 : ce5126b12926220c15d3df3a8ff6a05d
SHA1 : 5b39eaa17ce07ce42036b41fdc45dddd6d5a3605
-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:2
----------------------------------
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7U56KFDB-4036-J8SX-U8JI-6512121AP505}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
----------------------------------
Values added:7
----------------------------------
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7U56KFDB-4036-J8SX-U8JI-6512121AP505}\StubPath: ""C:\WINDOWS\mplay.exe""
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RSA: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\DSA: 0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Media Player: "C:\WINDOWS\mplay.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Media Player: "C:\WINDOWS\mplay.exe"
HKCU\Software\Microsoft\Windows NT\CurrentVersion\<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<: 0x00000001
HKCU\Software\Microsoft\Windows NT\CurrentVersion\: "H1UYEEMA[QRmymn{.nqk"
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:2
----------------------------------
C:\WINDOWS\mplay.exe
C:\WINDOWS\odbcsetup.ini
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:0
----------------------------------
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:11
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Item Name: Windows Media Player
Author: Unknown
Related File: C:\WINDOWS\mplay.exe
Type: Explorer Run
Item Name: {7U56KFDB-4036-J8SX-U8JI-6512121AP505}
Author: Unknown
Related File: "C:\WINDOWS\mplay.exe"
Type: ActiveSetup
Item Name: mplay.exe
Author: Unknown
Related File: C:\WINDOWS\mplay.exe
Type: Detected using Heuristic Algorithm
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.