referat.exe - Dangerous

referat.exe

Manual removal instructions:

Antivirus Report of referat.exe:
referat.exe Malware
referat.exeDangerous
referat.exeHigh Risk
referat.exe
We suggest you to remove CMedia.dll from your computer as soon as possible.
CMedia.dll is Adware.
Kill the file CMedia.dll and remove CMedia.dll from Windows startup.

Malware dropper: referat.exe
Removed: C:\Documents and Settings\Administrator\Application Data\CMedia\CMedia.dll
-------------------------------------------------------------------------------------
Classification:
Code:

Antivirus Version Last Update Result
F-Secure 8.0.14470.0 2009.10.05 -
Kaspersky 7.0.0.125 2009.10.05 -
McAfee 5761 2009.10.04 -
Microsoft 1.5101 2009.10.05 -
NOD32 4479 2009.10.04 -
Symantec 1.4.4.12 2009.10.05 -

Additional information
File size: 2555392 bytes
MD5...: 7322d8a4aebb0149bdf9845a08be2457
SHA1..: 28c39dee132265df583ddde6580a824a39654d8a

Detected by UnHackMe:

Item Name: CMedia
Author: CMedia
Related File: C:\Documents and Settings\Administrator\Application Data\CMedia\CMedia.dll
Type: Shell Icon Overlay Handlers

Registry values added:
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{6B830884-20E3-4AB6-B672-2629F0F72071}\VersionIndependentProgID\: "CMedia"
HKLM\SOFTWARE\Classes\CLSID\{6B830884-20E3-4AB6-B672-2629F0F72071}\ProgID\: "CMedia"
HKLM\SOFTWARE\Classes\CLSID\{6B830884-20E3-4AB6-B672-2629F0F72071}\InprocServer32\: "C:\Documents and Settings\Administrator\Application Data\CMedia\CMedia.dll"
HKLM\SOFTWARE\Classes\CLSID\{6B830884-20E3-4AB6-B672-2629F0F72071}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{6B830884-20E3-4AB6-B672-2629F0F72071}\: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\CMedia\: "{6B830884-20E3-4AB6-B672-2629F0F72071}"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6B830884-20E3-4AB6-B672-2629F0F72071}: "CMedia"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CMedia\DisplayName: "Ainooi e oneiaii aanieaoiiio eiioaioo CMedia"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CMedia\UninstallString: "C:\Documents and Settings\Administrator\Application Data\CMedia\Uninstall.exe"

Files added:23
----------------------------------
C:\Documents and Settings\Administrator\Application Data\CMedia\CMedia.dat
C:\Documents and Settings\Administrator\Application Data\CMedia\CMedia.dll
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\0.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\1.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\10.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\11.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\12.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\13.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\14.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\15.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\2.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\3.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\4.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\5.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\6.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\7.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\8.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\9.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\feed.xml
C:\Documents and Settings\Administrator\Application Data\CMedia\g.fla
C:\Documents and Settings\Administrator\Application Data\CMedia\Uninstall.exe

Remove referat.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.