Remove THPTION.EXE malware
THPTION.EXE Malware Removal Guide
Manual removal instructions:
Antivirus Report of THPTION.EXE:
thption.exe
Full path on a computer: %PROGRAM FILES%\YESBND\THPTION.EXE
Autostart registry keys:
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC\8: '%COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\GOOGLE CHROME.LNK %PROGRAM FILES%\YESBND\THPTION.EXE {9D6B0768-E83D-4038-92F2-8BECC069254F} "%PROGRAM FILES%\GOOGLE\CHROME\APPLICATION\CHROME.EXE"'
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC\9: '%COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MOZILLA FIREFOX.LNK %PROGRAM FILES%\YESBND\THPTION.EXE {9D6B0768-E83D-4038-92F2-8BECC069254F} "%PROGRAM FILES%\MOZILLA FIREFOX\FIREFOX.EXE"'
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC\24: '%START MENU%\PROGRAMS\INTERNET QUICK ACCESS\INTERNET QUICK ACCESS.LNK %PROGRAM FILES%\YESBND\THPTION.EXE {9D6B0768-E83D-4038-92F2-8BECC069254F} "%LOCAL APPDATA%\CHROMIUM\APPLICATION\CHROME.EXE"'
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC\25: '%COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\GOOGLE CHROME.LNK %PROGRAM FILES%\YESBND\THPTION.EXE {9D6B0768-E83D-4038-92F2-8BECC069254F} "%PROGRAM FILES%\GOOGLE\CHROME\APPLICATION\CHROME.EXE"'
Related Files:
%PROGRAM FILES%\YESBND\FFEUTER.EXE
%PROGRAM FILES%\YESBND\MBAT.EXE
%PROGRAM FILES%\YESBND\THPTION.EXE
%PROGRAM FILES%\YESBND\UNINST.EXE
%PROGRAM FILES%\YESBND\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
THPTION.EXE is High Risk Trojan.
THPTION.EXE must be removed immediately!
It can used for stealing bank information and users passwords.
THPTION.EXE can download malicious software from hacker's web sites.
THPTION.EXE allow someone to connect to your computer remotely.
THPTION.EXE is related to: Win32.Trojan.WisdomEyes.151026.9950.9981, THPTION.EXE.
Virustotal = 4/57
MD5 = 474737A2D87676A9D1BE5A21357D5C3A
File Size: 796240
THPTION.EXE | Malware |
THPTION.EXE | Dangerous |
THPTION.EXE | High Risk |
Autostart registry keys:
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC\8: '%COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\GOOGLE CHROME.LNK %PROGRAM FILES%\YESBND\THPTION.EXE {9D6B0768-E83D-4038-92F2-8BECC069254F} "%PROGRAM FILES%\GOOGLE\CHROME\APPLICATION\CHROME.EXE"'
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC\9: '%COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MOZILLA FIREFOX.LNK %PROGRAM FILES%\YESBND\THPTION.EXE {9D6B0768-E83D-4038-92F2-8BECC069254F} "%PROGRAM FILES%\MOZILLA FIREFOX\FIREFOX.EXE"'
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC\24: '%START MENU%\PROGRAMS\INTERNET QUICK ACCESS\INTERNET QUICK ACCESS.LNK %PROGRAM FILES%\YESBND\THPTION.EXE {9D6B0768-E83D-4038-92F2-8BECC069254F} "%LOCAL APPDATA%\CHROMIUM\APPLICATION\CHROME.EXE"'
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC\25: '%COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\GOOGLE CHROME.LNK %PROGRAM FILES%\YESBND\THPTION.EXE {9D6B0768-E83D-4038-92F2-8BECC069254F} "%PROGRAM FILES%\GOOGLE\CHROME\APPLICATION\CHROME.EXE"'
Related Files:
%PROGRAM FILES%\YESBND\FFEUTER.EXE
%PROGRAM FILES%\YESBND\MBAT.EXE
%PROGRAM FILES%\YESBND\THPTION.EXE
%PROGRAM FILES%\YESBND\UNINST.EXE
%PROGRAM FILES%\YESBND\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
THPTION.EXE is High Risk Trojan.
THPTION.EXE must be removed immediately!
It can used for stealing bank information and users passwords.
THPTION.EXE can download malicious software from hacker's web sites.
THPTION.EXE allow someone to connect to your computer remotely.
THPTION.EXE is related to: Win32.Trojan.WisdomEyes.151026.9950.9981, THPTION.EXE.
Virustotal = 4/57
MD5 = 474737A2D87676A9D1BE5A21357D5C3A
File Size: 796240
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.