referat.exe - Dangerous
referat.exe
Manual removal instructions:
Antivirus Report of referat.exe:
referat.exe
We suggest you to remove CMedia.dll from your computer as soon as possible.
CMedia.dll is Adware.
Kill the file CMedia.dll and remove CMedia.dll from Windows startup.
Malware dropper: referat.exe
Removed: C:\Documents and Settings\Administrator\Application Data\CMedia\CMedia.dll
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
F-Secure 8.0.14470.0 2009.10.05 -
Kaspersky 7.0.0.125 2009.10.05 -
McAfee 5761 2009.10.04 -
Microsoft 1.5101 2009.10.05 -
NOD32 4479 2009.10.04 -
Symantec 1.4.4.12 2009.10.05 -
Additional information
File size: 2555392 bytes
MD5...: 7322d8a4aebb0149bdf9845a08be2457
SHA1..: 28c39dee132265df583ddde6580a824a39654d8a
Detected by UnHackMe:
Item Name: CMedia
Author: CMedia
Related File: C:\Documents and Settings\Administrator\Application Data\CMedia\CMedia.dll
Type: Shell Icon Overlay Handlers
Registry values added:
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{6B830884-20E3-4AB6-B672-2629F0F72071}\VersionIndependentProgID\: "CMedia"
HKLM\SOFTWARE\Classes\CLSID\{6B830884-20E3-4AB6-B672-2629F0F72071}\ProgID\: "CMedia"
HKLM\SOFTWARE\Classes\CLSID\{6B830884-20E3-4AB6-B672-2629F0F72071}\InprocServer32\: "C:\Documents and Settings\Administrator\Application Data\CMedia\CMedia.dll"
HKLM\SOFTWARE\Classes\CLSID\{6B830884-20E3-4AB6-B672-2629F0F72071}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{6B830884-20E3-4AB6-B672-2629F0F72071}\: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\CMedia\: "{6B830884-20E3-4AB6-B672-2629F0F72071}"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6B830884-20E3-4AB6-B672-2629F0F72071}: "CMedia"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CMedia\DisplayName: "Ainooi e oneiaii aanieaoiiio eiioaioo CMedia"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CMedia\UninstallString: "C:\Documents and Settings\Administrator\Application Data\CMedia\Uninstall.exe"
Files added:23
----------------------------------
C:\Documents and Settings\Administrator\Application Data\CMedia\CMedia.dat
C:\Documents and Settings\Administrator\Application Data\CMedia\CMedia.dll
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\0.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\1.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\10.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\11.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\12.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\13.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\14.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\15.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\2.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\3.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\4.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\5.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\6.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\7.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\8.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\9.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\feed.xml
C:\Documents and Settings\Administrator\Application Data\CMedia\g.fla
C:\Documents and Settings\Administrator\Application Data\CMedia\Uninstall.exe
referat.exe | Malware |
referat.exe | Dangerous |
referat.exe | High Risk |
CMedia.dll is Adware.
Kill the file CMedia.dll and remove CMedia.dll from Windows startup.
Malware dropper: referat.exe
Removed: C:\Documents and Settings\Administrator\Application Data\CMedia\CMedia.dll
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
F-Secure 8.0.14470.0 2009.10.05 -
Kaspersky 7.0.0.125 2009.10.05 -
McAfee 5761 2009.10.04 -
Microsoft 1.5101 2009.10.05 -
NOD32 4479 2009.10.04 -
Symantec 1.4.4.12 2009.10.05 -
Additional information
File size: 2555392 bytes
MD5...: 7322d8a4aebb0149bdf9845a08be2457
SHA1..: 28c39dee132265df583ddde6580a824a39654d8a
Detected by UnHackMe:
Item Name: CMedia
Author: CMedia
Related File: C:\Documents and Settings\Administrator\Application Data\CMedia\CMedia.dll
Type: Shell Icon Overlay Handlers
Registry values added:
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{6B830884-20E3-4AB6-B672-2629F0F72071}\VersionIndependentProgID\: "CMedia"
HKLM\SOFTWARE\Classes\CLSID\{6B830884-20E3-4AB6-B672-2629F0F72071}\ProgID\: "CMedia"
HKLM\SOFTWARE\Classes\CLSID\{6B830884-20E3-4AB6-B672-2629F0F72071}\InprocServer32\: "C:\Documents and Settings\Administrator\Application Data\CMedia\CMedia.dll"
HKLM\SOFTWARE\Classes\CLSID\{6B830884-20E3-4AB6-B672-2629F0F72071}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{6B830884-20E3-4AB6-B672-2629F0F72071}\: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\CMedia\: "{6B830884-20E3-4AB6-B672-2629F0F72071}"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6B830884-20E3-4AB6-B672-2629F0F72071}: "CMedia"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CMedia\DisplayName: "Ainooi e oneiaii aanieaoiiio eiioaioo CMedia"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CMedia\UninstallString: "C:\Documents and Settings\Administrator\Application Data\CMedia\Uninstall.exe"
Files added:23
----------------------------------
C:\Documents and Settings\Administrator\Application Data\CMedia\CMedia.dat
C:\Documents and Settings\Administrator\Application Data\CMedia\CMedia.dll
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\0.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\1.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\10.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\11.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\12.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\13.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\14.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\15.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\2.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\3.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\4.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\5.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\6.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\7.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\8.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\9.jpg
C:\Documents and Settings\Administrator\Application Data\CMedia\Feed\feed.xml
C:\Documents and Settings\Administrator\Application Data\CMedia\g.fla
C:\Documents and Settings\Administrator\Application Data\CMedia\Uninstall.exe
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.