Remove HAO123JUZI.EXE malware
HAO123JUZI.EXE Malware Removal Guide
Manual removal instructions:
Antivirus Report of HAO123JUZI.EXE:
hao123juzi.exe
Full path on a computer: %APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE
Autostart registry keys:
HKLM\SOFTWARE\CLASSES\HAO123CHPROGID\SHELL\OPEN\COMMAND\: ""%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE" "%1""
HKLM\SOFTWARE\CLASSES\HAO123CHPROGID\DEFAULTICON\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE,1"
HKLM\SOFTWARE\CLASSES\IE.ASSOCFILE.HTML\SHELL\OPEN\COMMAND\: ""%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE" "%1""
HKLM\SOFTWARE\CLASSES\IE.ASSOCFILE.HTML\DEFAULTICON\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE,1"
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\HAO123JUZIBROWSER.EXE\SHELL\OPEN\COMMAND\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE"
HKLM\Software\Microsoft\Windows\Windows Error Reporting\ExcludedApplications\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66C90826-4384-4020-AA28-D3A4FA5FD31F}\AppName: "hao123Juzi.exe"
HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F552F265-6686-4422-84E5-C695E35D863A}\AppName: "hao123Juzi.exe"
HKCU\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5108fab9_0\: "{2}.\\?\hdaudio#func_01&ven_10ec&dev_0235&subsys_17aa381d&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume2\Users\test\AppData\Roaming\hao123JuziBrowser\hao123Juzi.exe%b{00000000-0000-0000-0000-000000000000}"
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WEBOC_OMNAVIGATOR_IMPLEMENTATION\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_SECURITY_THUNKS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_QME_FOR_TOPLEVEL_DOCS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_LEGACY_JSCRIPT\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TABBED_BROWSING\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PAINT_INSIDE_WMPAINT\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\hao123Juzi.exe: 0x0000000C
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\hao123Juzi.exe: 0x0000000C
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LAYOUT9_QUIRKS_EMULATION\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_RESOLUTION_AWARE\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_DISABLE_UNTRUSTEDPROTOCOL\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_WEB_CONTROL_VISUALS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_Logging\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING_V2\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\hao123Juzi.exe: 0x00002AF8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_HIGHFREQ_TIMERS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALIGNED_TIMERS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C5E2255C-66FA-4187-8EB6-5176247C4723}\DISPLAYICON: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE"
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\HAO123JUZIBROWSER.EXE\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE"
HKLM\SOFTWARE\CLASSES\HTMLFILE\DEFAULTICON\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE,1"
HKLM\SOFTWARE\CLASSES\HTMLFILE\SHELL\OPEN\COMMAND\: ""%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE" "%1""
HKLM\SOFTWARE\CLASSES\HTTP\SHELL\OPEN\COMMAND\: ""%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE" "%1""
HKLM\SOFTWARE\CLASSES\HTTPS\SHELL\OPEN\COMMAND\: ""%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE" "%1""
HKLM\SOFTWARE\CLASSES\IE.ASSOCFILE.HTM\DEFAULTICON\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE,1"
HKLM\SOFTWARE\CLASSES\IE.ASSOCFILE.HTM\SHELL\OPEN\COMMAND\: ""%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE" "%1""
HKLM\SOFTWARE\CLASSES\IE.ASSOCFILE.MHT\DEFAULTICON\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE,1"
HKLM\SOFTWARE\CLASSES\MHTMLFILE\DEFAULTICON\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE,1"
HKLM\SOFTWARE\CLASSES\MHTMLFILE\SHELL\OPEN\COMMAND\: ""%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE" "%1""
Related Files:
%APPDATA%\HAO123\1.0.5.1037\KRLDR.DAT
%APPDATA%\HAO123\HSERVICE.EXE
%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE
%APPDATA%\HAO123JUZIBROWSER\INSTALLER\ADBEPT.DAT
%APPDATA%\HAO123JUZIBROWSER\INSTALLER\ADBRAW.DAT
The file HAO123JUZI.EXE is malware related.
You must delete the file HAO123JUZI.EXE immediately!
Delete the file HAO123JUZI.EXE without delay!
Kill the process HAO123JUZI.EXE and remove HAO123JUZI.EXE from the Windows startup.
HAO123JUZI.EXE is related to: Generic.7E6, HAO123JUZI.EXE.
Virustotal = 3/56
MD5 = 8DDDEC044D227773042D6B4BF1FB7462
File Size: 4623352
File information:
OriginalFilename: hao123Juzi.exe
FileDescription: hao123?????
InternalName: hao123Juzi.exe
CompanyName: 123Juzi.COM
LegalCopyright: Copyright @ 2016 123Juzi.COM. All Rights Reserved.
| HAO123JUZI.EXE | Malware |
| HAO123JUZI.EXE | Dangerous |
| HAO123JUZI.EXE | High Risk |
Autostart registry keys:
HKLM\SOFTWARE\CLASSES\HAO123CHPROGID\SHELL\OPEN\COMMAND\: ""%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE" "%1""
HKLM\SOFTWARE\CLASSES\HAO123CHPROGID\DEFAULTICON\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE,1"
HKLM\SOFTWARE\CLASSES\IE.ASSOCFILE.HTML\SHELL\OPEN\COMMAND\: ""%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE" "%1""
HKLM\SOFTWARE\CLASSES\IE.ASSOCFILE.HTML\DEFAULTICON\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE,1"
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\HAO123JUZIBROWSER.EXE\SHELL\OPEN\COMMAND\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE"
HKLM\Software\Microsoft\Windows\Windows Error Reporting\ExcludedApplications\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66C90826-4384-4020-AA28-D3A4FA5FD31F}\AppName: "hao123Juzi.exe"
HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F552F265-6686-4422-84E5-C695E35D863A}\AppName: "hao123Juzi.exe"
HKCU\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5108fab9_0\: "{2}.\\?\hdaudio#func_01&ven_10ec&dev_0235&subsys_17aa381d&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume2\Users\test\AppData\Roaming\hao123JuziBrowser\hao123Juzi.exe%b{00000000-0000-0000-0000-000000000000}"
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WEBOC_OMNAVIGATOR_IMPLEMENTATION\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_SECURITY_THUNKS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_QME_FOR_TOPLEVEL_DOCS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_LEGACY_JSCRIPT\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TABBED_BROWSING\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PAINT_INSIDE_WMPAINT\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\hao123Juzi.exe: 0x0000000C
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\hao123Juzi.exe: 0x0000000C
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LAYOUT9_QUIRKS_EMULATION\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_RESOLUTION_AWARE\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_DISABLE_UNTRUSTEDPROTOCOL\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_WEB_CONTROL_VISUALS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_Logging\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING_V2\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\hao123Juzi.exe: 0x00002AF8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION\hao123Juzi.exe: 0x00000000
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_HIGHFREQ_TIMERS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALIGNED_TIMERS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION\hao123Juzi.exe: 0x00000001
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C5E2255C-66FA-4187-8EB6-5176247C4723}\DISPLAYICON: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE"
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\HAO123JUZIBROWSER.EXE\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE"
HKLM\SOFTWARE\CLASSES\HTMLFILE\DEFAULTICON\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE,1"
HKLM\SOFTWARE\CLASSES\HTMLFILE\SHELL\OPEN\COMMAND\: ""%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE" "%1""
HKLM\SOFTWARE\CLASSES\HTTP\SHELL\OPEN\COMMAND\: ""%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE" "%1""
HKLM\SOFTWARE\CLASSES\HTTPS\SHELL\OPEN\COMMAND\: ""%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE" "%1""
HKLM\SOFTWARE\CLASSES\IE.ASSOCFILE.HTM\DEFAULTICON\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE,1"
HKLM\SOFTWARE\CLASSES\IE.ASSOCFILE.HTM\SHELL\OPEN\COMMAND\: ""%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE" "%1""
HKLM\SOFTWARE\CLASSES\IE.ASSOCFILE.MHT\DEFAULTICON\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE,1"
HKLM\SOFTWARE\CLASSES\MHTMLFILE\DEFAULTICON\: "%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE,1"
HKLM\SOFTWARE\CLASSES\MHTMLFILE\SHELL\OPEN\COMMAND\: ""%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE" "%1""
Related Files:
%APPDATA%\HAO123\1.0.5.1037\KRLDR.DAT
%APPDATA%\HAO123\HSERVICE.EXE
%APPDATA%\HAO123JUZIBROWSER\HAO123JUZI.EXE
%APPDATA%\HAO123JUZIBROWSER\INSTALLER\ADBEPT.DAT
%APPDATA%\HAO123JUZIBROWSER\INSTALLER\ADBRAW.DAT
The file HAO123JUZI.EXE is malware related.
You must delete the file HAO123JUZI.EXE immediately!
Delete the file HAO123JUZI.EXE without delay!
Kill the process HAO123JUZI.EXE and remove HAO123JUZI.EXE from the Windows startup.
HAO123JUZI.EXE is related to: Generic.7E6, HAO123JUZI.EXE.
Virustotal = 3/56
MD5 = 8DDDEC044D227773042D6B4BF1FB7462
File Size: 4623352
File information:
OriginalFilename: hao123Juzi.exe
FileDescription: hao123?????
InternalName: hao123Juzi.exe
CompanyName: 123Juzi.COM
LegalCopyright: Copyright @ 2016 123Juzi.COM. All Rights Reserved.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.