Remove GHZDBGNIBISHEMERGE.EXE malware
GHZDBGNIBISHEMERGE.EXE Malware Removal Guide
Manual removal instructions:
Antivirus Report of GHZDBGNIBISHEMERGE.EXE:
ghzdbgnibishemerge.exe
Full path on a computer: %PROGRAM FILES%\CLAPOLY\GHZDBGNIBISHEMERGE.EXE
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\Type: 0x00000110
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\Start: 0x00000002
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\ErrorControl: 0x00000001
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GHZDBGNIBISHEMERGE.EXE\IMAGEPATH: ""%PROGRAM FILES%\CLAPOLY\GHZDBGNIBISHEMERGE.EXE" {C25DA384-2010-45A4-A1ED-BFA540D4789B} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116}"
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\DisplayName: "Ghuzaqujus Debuger"
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\WOW64: 0x00000001
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\ObjectName: "LocalSystem"
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\DelayedAutostart: 0x00000001
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\Description: "Upload the info when Ghuzaqujus crash, make the next version more stable."
Related Files:
%PROGRAM FILES%\4CDC5761-1472494092-11E4-A26A-F0761CB65F67\VNSMB0AC.TMP
%PROGRAM FILES%\CLAPOLY\GHZDBGCEJEPY.EXE
%PROGRAM FILES%\CLAPOLY\GHZDBGNIBISHEMERGE.EXE
%PROGRAM FILES%\CLAPOLY\KWRENG.DLL
%PROGRAM FILES%\CLAPOLY\MSVCR100.DLL
The file GHZDBGNIBISHEMERGE.EXE is malware related.
You must delete the file GHZDBGNIBISHEMERGE.EXE immediately!
Delete the file GHZDBGNIBISHEMERGE.EXE without delay!
Kill the process GHZDBGNIBISHEMERGE.EXE and remove GHZDBGNIBISHEMERGE.EXE from the Windows startup.
GHZDBGNIBISHEMERGE.EXE is related to: a variant of Win32/Obfuscated.NHY, GHZDBGNIBISHEMERGE.EXE.
Virustotal = 3/58
MD5 = 53B27FC823317074A6DC58A84B8E99DE
File Size: 436376
GHZDBGNIBISHEMERGE.EXE | Malware |
GHZDBGNIBISHEMERGE.EXE | Dangerous |
GHZDBGNIBISHEMERGE.EXE | High Risk |
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\Type: 0x00000110
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\Start: 0x00000002
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\ErrorControl: 0x00000001
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GHZDBGNIBISHEMERGE.EXE\IMAGEPATH: ""%PROGRAM FILES%\CLAPOLY\GHZDBGNIBISHEMERGE.EXE" {C25DA384-2010-45A4-A1ED-BFA540D4789B} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116}"
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\DisplayName: "Ghuzaqujus Debuger"
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\WOW64: 0x00000001
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\ObjectName: "LocalSystem"
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\DelayedAutostart: 0x00000001
HKLM\System\CurrentControlSet\Services\ghzDbgNibishemerge.exe\Description: "Upload the info when Ghuzaqujus crash, make the next version more stable."
Related Files:
%PROGRAM FILES%\4CDC5761-1472494092-11E4-A26A-F0761CB65F67\VNSMB0AC.TMP
%PROGRAM FILES%\CLAPOLY\GHZDBGCEJEPY.EXE
%PROGRAM FILES%\CLAPOLY\GHZDBGNIBISHEMERGE.EXE
%PROGRAM FILES%\CLAPOLY\KWRENG.DLL
%PROGRAM FILES%\CLAPOLY\MSVCR100.DLL
The file GHZDBGNIBISHEMERGE.EXE is malware related.
You must delete the file GHZDBGNIBISHEMERGE.EXE immediately!
Delete the file GHZDBGNIBISHEMERGE.EXE without delay!
Kill the process GHZDBGNIBISHEMERGE.EXE and remove GHZDBGNIBISHEMERGE.EXE from the Windows startup.
GHZDBGNIBISHEMERGE.EXE is related to: a variant of Win32/Obfuscated.NHY, GHZDBGNIBISHEMERGE.EXE.
Virustotal = 3/58
MD5 = 53B27FC823317074A6DC58A84B8E99DE
File Size: 436376
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.