6244.exe - Dangerous
6244.exe
Manual removal instructions:
Antivirus Report of 6244.exe:
6244.exe
We suggest you to remove 6244.exe from your computer as soon as possible.
6244.exe is Trojan/Backdoor.
Kill the process 6244.exe and remove 6244.exe from Windows startup.
File:
C:\sand-box\6244.exe
Classification:
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.18 Trojan-Dropper.Win32.Nonaco!IK
AVG 8.5.0.339 2009.06.17 BHO.IME.dropper
BitDefender 7.2 2009.06.18 Trojan.Generic.1628199
Comodo 1357 2009.06.18 TrojWare.Win32.Trojan.Agent.
Gen
DrWeb 5.0.0.12182 2009.06.17 Trojan.DownLoad.36180
F-Secure 8.0.14470.0 2009.06.17 Trojan-Dropper.Win32.BHO.bo
K7AntiVirus 7.10.766 2009.06.17 Trojan-Dropper.Win32.BHO.bh
NOD32 4164 2009.06.17 Win32/BHO.NOE
Symantec 1.4.4.12 2009.06.18 Trojan.Zlob
Additional information
File size: 16896 bytes
MD5 : a42f1934f5505ec2601b257f3e6484bc
SHA1 : e8b99ee7eeff5988df72fb82b2f89f0d797c91a8
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:22
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\ProgID
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\Programmable
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\TypeLib
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
HKLM\SOFTWARE\Classes\y537.y537mgr
HKLM\SOFTWARE\Classes\y537.y537mgr\CLSID
HKLM\SOFTWARE\Classes\y537.y537mgr\CurVer
HKLM\SOFTWARE\Classes\y537.y537mgr.1
HKLM\SOFTWARE\Classes\y537.y537mgr.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}
----------------------------------
Values added:23
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\VersionIndependentProgID\: "y537.y537mgr"
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\TypeLib\: "{E63648F7-3933-440E-AAAA-A8584DD7B7EB}"
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\ProgID\: "y537.y537mgr.1"
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\InprocServer32\: "C:\WINDOWS\system32\796525\796525.dll"
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\: "796525 Class"
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib\: "{E63648F7-3933-440E-B4F6-A8584DD7B7EB}"
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib\Version: "1.0"
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\: "Ie405mgr"
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32\: "C:\WINDOWS\system32\796525\796525.dll"
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR\: "C:\WINDOWS\system32\796525\"
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS\: "0"
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\: "796525 1.0 Type Library"
HKLM\SOFTWARE\Classes\y537.y537mgr\CurVer\: "y537.y537mgr.1"
HKLM\SOFTWARE\Classes\y537.y537mgr\CLSID\: "{E7F15AC4-E0A9-43F0-921B-70DFEA621220}"
HKLM\SOFTWARE\Classes\y537.y537mgr\: "796525 Class"
HKLM\SOFTWARE\Classes\y537.y537mgr.1\CLSID\: "{E7F15AC4-E0A9-43F0-921B-70DFEA621220}"
HKLM\SOFTWARE\Classes\y537.y537mgr.1\: "796525 Class"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\: "796525 helper"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\NoHOPA: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\NoExplorer: 0x00000001
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:1
----------------------------------
C:\WINDOWS\system32\796525\796525.dll
----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\6244.exe
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:1
----------------------------------
C:\WINDOWS\system32\796525
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:48
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Type: Browser Helper Objects
Item Name: {E7F15AC4-E0A9-43F0-921B-70DFEA621220}
Related File: C:\WINDOWS\system32\796525\796525.dll
Removal Results: Success
Number of reboot: 1
6244.exe | Malware |
6244.exe | Dangerous |
6244.exe | High Risk |
6244.exe is Trojan/Backdoor.
Kill the process 6244.exe and remove 6244.exe from Windows startup.
File:
C:\sand-box\6244.exe
Classification:
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.18 Trojan-Dropper.Win32.Nonaco!IK
AVG 8.5.0.339 2009.06.17 BHO.IME.dropper
BitDefender 7.2 2009.06.18 Trojan.Generic.1628199
Comodo 1357 2009.06.18 TrojWare.Win32.Trojan.Agent.
Gen
DrWeb 5.0.0.12182 2009.06.17 Trojan.DownLoad.36180
F-Secure 8.0.14470.0 2009.06.17 Trojan-Dropper.Win32.BHO.bo
K7AntiVirus 7.10.766 2009.06.17 Trojan-Dropper.Win32.BHO.bh
NOD32 4164 2009.06.17 Win32/BHO.NOE
Symantec 1.4.4.12 2009.06.18 Trojan.Zlob
Additional information
File size: 16896 bytes
MD5 : a42f1934f5505ec2601b257f3e6484bc
SHA1 : e8b99ee7eeff5988df72fb82b2f89f0d797c91a8
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:22
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\ProgID
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\Programmable
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\TypeLib
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
HKLM\SOFTWARE\Classes\y537.y537mgr
HKLM\SOFTWARE\Classes\y537.y537mgr\CLSID
HKLM\SOFTWARE\Classes\y537.y537mgr\CurVer
HKLM\SOFTWARE\Classes\y537.y537mgr.1
HKLM\SOFTWARE\Classes\y537.y537mgr.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}
----------------------------------
Values added:23
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\VersionIndependentProgID\: "y537.y537mgr"
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\TypeLib\: "{E63648F7-3933-440E-AAAA-A8584DD7B7EB}"
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\ProgID\: "y537.y537mgr.1"
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\InprocServer32\: "C:\WINDOWS\system32\796525\796525.dll"
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\: "796525 Class"
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib\: "{E63648F7-3933-440E-B4F6-A8584DD7B7EB}"
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib\Version: "1.0"
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\: "Ie405mgr"
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32\: "C:\WINDOWS\system32\796525\796525.dll"
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR\: "C:\WINDOWS\system32\796525\"
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS\: "0"
HKLM\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\: "796525 1.0 Type Library"
HKLM\SOFTWARE\Classes\y537.y537mgr\CurVer\: "y537.y537mgr.1"
HKLM\SOFTWARE\Classes\y537.y537mgr\CLSID\: "{E7F15AC4-E0A9-43F0-921B-70DFEA621220}"
HKLM\SOFTWARE\Classes\y537.y537mgr\: "796525 Class"
HKLM\SOFTWARE\Classes\y537.y537mgr.1\CLSID\: "{E7F15AC4-E0A9-43F0-921B-70DFEA621220}"
HKLM\SOFTWARE\Classes\y537.y537mgr.1\: "796525 Class"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\: "796525 helper"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\NoHOPA: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7F15AC4-E0A9-43F0-921B-70DFEA621220}\NoExplorer: 0x00000001
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:1
----------------------------------
C:\WINDOWS\system32\796525\796525.dll
----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\6244.exe
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:1
----------------------------------
C:\WINDOWS\system32\796525
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:48
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Type: Browser Helper Objects
Item Name: {E7F15AC4-E0A9-43F0-921B-70DFEA621220}
Related File: C:\WINDOWS\system32\796525\796525.dll
Removal Results: Success
Number of reboot: 1
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.