Remove CHEDOT.EXE malware
CHEDOT.EXE Malware Removal Guide
Manual removal instructions:
Antivirus Report of CHEDOT.EXE:
chedot.exe
Full path on a computer: %LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE
Autostart registry keys:
HKLM\Software\Microsoft\MediaPlayer\ShimInclusionList\chedot.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\chedot.exe
HKLM\SOFTWARE\CLASSES\CHEDOTHTML.IBKILHJPHK4A2Z3HC4Y7GXXDXU\SHELL\OPEN\COMMAND\: ""%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE" -- "%1""
HKLM\SOFTWARE\CLASSES\CHEDOTHTML.IBKILHJPHK4A2Z3HC4Y7GXXDXU\DEFAULTICON\: "%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE,0"
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CHEDOT.IBKILHJPHK4A2Z3HC4Y7GXXDXU\SHELL\OPEN\COMMAND\: ""%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE""
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CHEDOT.IBKILHJPHK4A2Z3HC4Y7GXXDXU\INSTALLINFO\REINSTALLCOMMAND: ""%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE" --MAKE-DEFAULT-BROWSER"
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CHEDOT.IBKILHJPHK4A2Z3HC4Y7GXXDXU\INSTALLINFO\HIDEICONSCOMMAND: ""%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE" --HIDE-ICONS"
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CHEDOT.IBKILHJPHK4A2Z3HC4Y7GXXDXU\INSTALLINFO\SHOWICONSCOMMAND: ""%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE" --SHOW-ICONS"
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CHEDOT.IBKILHJPHK4A2Z3HC4Y7GXXDXU\DEFAULTICON\: "%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE,0"
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CHEDOT.IBKILHJPHK4A2Z3HC4Y7GXXDXU\CAPABILITIES\APPLICATIONICON: "%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE,0"
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\CHEDOT.EXE\: "%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE"
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\CHEDOT.EXE\PATH: "%LOCAL APPDATA%\CHEDOT\APPLICATION"
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CHEDOT: "%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE"
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES\{3FD08C3D-878D-42AF-9135-671C941DE3AA}: "V2.10|ACTION=ALLOW|ACTIVE=TRUE|DIR=IN|PROTOCOL=17|LPORT=5353|APP=%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE|NAME=CHEDOT (MDNS-IN)|DESC=INBOUND RULE FOR CHEDOT TO ALLOW MDNS TRAFFIC.|EMBEDCTXT=CHEDOT|"
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHEDOT\DISPLAYICON: "%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE,0"
HKCU\SOFTWARE\CHEDOT\UPDATE\CLIENTSTATE\{34C02268-5705-4894-941D-FEEB3D2308A9}\INSTALLERSUCCESSLAUNCHCMDLINE: ""%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE""
Related Files:
%LOCAL APPDATA%\CHEDOT\APPLICATION\51.0.2704.532\VISUALELEMENTS\LOGO.PNG
%LOCAL APPDATA%\CHEDOT\APPLICATION\51.0.2704.532\VISUALELEMENTS\SMALLLOGO.PNG
%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE
%LOCAL APPDATA%\CHEDOT\APPLICATION\CHROME.VISUALELEMENTSMANIFEST.XML
%LOCAL APPDATA%\CHEDOT\APPLICATION\DEBUG.LOG
The file CHEDOT.EXE is malware related.
You must delete the file CHEDOT.EXE immediately!
Delete the file CHEDOT.EXE without delay!
Kill the process CHEDOT.EXE and remove CHEDOT.EXE from the Windows startup.
CHEDOT.EXE is related to: PUP.Optional.Ghokswa, CHEDOT.EXE.
Virustotal = 1/56
MD5 = 548CB2A5B585E7EDC25C3A4B7958B058
File Size: 1278464
File information:
OriginalFilename: chedot.exe
FileDescription: Chedot
InternalName: chedot_exe
CompanyName: The Chedot Authors
LegalCopyright: Copyright 2015 The Chedot Authors. All rights reserved.
CHEDOT.EXE | Malware |
CHEDOT.EXE | Dangerous |
CHEDOT.EXE | High Risk |
Autostart registry keys:
HKLM\Software\Microsoft\MediaPlayer\ShimInclusionList\chedot.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\chedot.exe
HKLM\SOFTWARE\CLASSES\CHEDOTHTML.IBKILHJPHK4A2Z3HC4Y7GXXDXU\SHELL\OPEN\COMMAND\: ""%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE" -- "%1""
HKLM\SOFTWARE\CLASSES\CHEDOTHTML.IBKILHJPHK4A2Z3HC4Y7GXXDXU\DEFAULTICON\: "%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE,0"
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CHEDOT.IBKILHJPHK4A2Z3HC4Y7GXXDXU\SHELL\OPEN\COMMAND\: ""%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE""
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CHEDOT.IBKILHJPHK4A2Z3HC4Y7GXXDXU\INSTALLINFO\REINSTALLCOMMAND: ""%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE" --MAKE-DEFAULT-BROWSER"
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CHEDOT.IBKILHJPHK4A2Z3HC4Y7GXXDXU\INSTALLINFO\HIDEICONSCOMMAND: ""%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE" --HIDE-ICONS"
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CHEDOT.IBKILHJPHK4A2Z3HC4Y7GXXDXU\INSTALLINFO\SHOWICONSCOMMAND: ""%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE" --SHOW-ICONS"
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CHEDOT.IBKILHJPHK4A2Z3HC4Y7GXXDXU\DEFAULTICON\: "%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE,0"
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CHEDOT.IBKILHJPHK4A2Z3HC4Y7GXXDXU\CAPABILITIES\APPLICATIONICON: "%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE,0"
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\CHEDOT.EXE\: "%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE"
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\CHEDOT.EXE\PATH: "%LOCAL APPDATA%\CHEDOT\APPLICATION"
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CHEDOT: "%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE"
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES\{3FD08C3D-878D-42AF-9135-671C941DE3AA}: "V2.10|ACTION=ALLOW|ACTIVE=TRUE|DIR=IN|PROTOCOL=17|LPORT=5353|APP=%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE|NAME=CHEDOT (MDNS-IN)|DESC=INBOUND RULE FOR CHEDOT TO ALLOW MDNS TRAFFIC.|EMBEDCTXT=CHEDOT|"
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHEDOT\DISPLAYICON: "%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE,0"
HKCU\SOFTWARE\CHEDOT\UPDATE\CLIENTSTATE\{34C02268-5705-4894-941D-FEEB3D2308A9}\INSTALLERSUCCESSLAUNCHCMDLINE: ""%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE""
Related Files:
%LOCAL APPDATA%\CHEDOT\APPLICATION\51.0.2704.532\VISUALELEMENTS\LOGO.PNG
%LOCAL APPDATA%\CHEDOT\APPLICATION\51.0.2704.532\VISUALELEMENTS\SMALLLOGO.PNG
%LOCAL APPDATA%\CHEDOT\APPLICATION\CHEDOT.EXE
%LOCAL APPDATA%\CHEDOT\APPLICATION\CHROME.VISUALELEMENTSMANIFEST.XML
%LOCAL APPDATA%\CHEDOT\APPLICATION\DEBUG.LOG
The file CHEDOT.EXE is malware related.
You must delete the file CHEDOT.EXE immediately!
Delete the file CHEDOT.EXE without delay!
Kill the process CHEDOT.EXE and remove CHEDOT.EXE from the Windows startup.
CHEDOT.EXE is related to: PUP.Optional.Ghokswa, CHEDOT.EXE.
Virustotal = 1/56
MD5 = 548CB2A5B585E7EDC25C3A4B7958B058
File Size: 1278464
File information:
OriginalFilename: chedot.exe
FileDescription: Chedot
InternalName: chedot_exe
CompanyName: The Chedot Authors
LegalCopyright: Copyright 2015 The Chedot Authors. All rights reserved.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.