udpioz64.exe - Dangerous
udpioz64.exe
Manual removal instructions:
Antivirus Report of udpioz64.exe:
udpioz64.exe
We suggest you to remove nal1wgw0.exe from your computer as soon as possible.
Nal1wgw0.exe is Trojan/Backdoor.
Kill the process nal1wgw0.exe and remove nal1wgw0.exe from Windows startup.
Malware dropper: setup.exe
Removed: SoftSafenessSvc.exe, nal1wgw0.exe
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1351.0 2009.09.14 -
AVG 8.5.0.412 2009.09.14 -
BitDefender 7.2 2009.09.15 -
Comodo 2323 2009.09.15 -
DrWeb 5.0.0.12182 2009.09.15 -
F-Secure 8.0.14470.0 2009.09.15 -
Kaspersky 7.0.0.125 2009.09.15 -
Microsoft 1.5005 2009.09.15 -
NOD32 4425 2009.09.14 -
Symantec 1.4.4.12 2009.09.15 -
Additional information
File size: 61265 bytes
MD5...: 2cc0bafc0c5121e6b53b6139c1482f8f
SHA1..: f4eb14bbabc4130015a77c9a2f9e858c13d048ca
-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys deleted:1
----------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
----------------------------------
Keys added:8
----------------------------------
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftSafeness
HKLM\SOFTWARE\SoftSafeness
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\0000
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\Security
HKCU\Software\SoftSafeness
----------------------------------
Values deleted:0
----------------------------------
----------------------------------
Values added:28
----------------------------------
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name: "SoftSafeness.exe"
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID: 0x42C927D4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\cf: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\tr: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftSafeness\DisplayName: "SoftSafeness"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftSafeness\UninstallString: ""C:\Program Files\SoftSafeness Software\SoftSafeness\uninstall.exe""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftSafeness\NoModify: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftSafeness\NoRepair: 0x00000001
HKLM\SOFTWARE\SoftSafeness\Lang: "English"
HKLM\SOFTWARE\SoftSafeness\Install_Dir: "C:\Program Files\SoftSafeness Software\SoftSafeness"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\0000\Service: "SoftSafenessSvc"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\0000\DeviceDesc: "SoftSafeness Security Service"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\Type: 0x00000010
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\ImagePath: "C:\Program Files\SoftSafeness Software\SoftSafeness\SoftSafenessSvc.exe"
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\DisplayName: "SoftSafeness Security Service"
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\ObjectName: "LocalSystem"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\nal1wgw0.exe: "C:\WINDOWS\system32\nal1wgw0.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SoftSafeness: "C:\Program Files\SoftSafeness Software\SoftSafeness\SoftSafeness.exe -min"
HKCU\Software\SoftSafeness\CurrentVersion: "771eb5b6f272744584a5567cff88f8a7488db9ff725819bf101e13a05be2b81fa0a1b07e8710a4b241c97b55c9b466298c3486f666dfd2ed819ce519df95b07cbec8852cfbf64087887d3ab4aa2590860751ef0196eb00986cd805f60f292dd71e3468d6ee2dc2042c26b2c4032dc7c0"
HKCU\Software\SoftSafeness\AgentsSettings: 0x00000001
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:737
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\nal1wgw0.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd3.tmp\time.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv5.tmp\nsProcess.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv5.tmp\nsSCM.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\udpioz64.exe
C:\Documents and Settings\All Users\Desktop\SoftSafeness.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SoftSafeness\1 SoftSafeness.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SoftSafeness\2 Homepage.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SoftSafeness\3 Uninstall.lnk
C:\Program Files\SoftSafeness Software\SoftSafeness\SoftSafeness.exe
C:\Program Files\SoftSafeness Software\SoftSafeness\uninstall.exe
C:\WINDOWS\system32\10063not-z-viru953f.dll
C:\WINDOWS\system32\101z9spy552.bin
C:\WINDOWS\system32\10531trzj9f5.bin
/.../
C:\WINDOWS\ze05spy95re916.cpl
C:\WINDOWS\zf93downloa5er54.cpl
C:\WINDOWS\zfb6v5r3159.dll
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:5
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv5.tmp
C:\Documents and Settings\All Users\Start Menu\Programs\SoftSafeness
C:\Program Files\SoftSafeness Software
C:\Program Files\SoftSafeness Software\SoftSafeness
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:779
----------------------------------
-------------------------------------------------------------------------------------
Internet activity:
Code:
HTTP GET http://www.softsafeness.com/softsafeness...
HTTP GET http://www.softsafeness.com/softsafeness...
HTTP POST http://www.softsafeness.com/report
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Item Name: SoftSafenessSvc
Author:
Related File: C:\Program Files\SoftSafeness Software\SoftSafeness\SoftSafenessSvc.exe
Type: Auto Services
Item Name: nal1wgw0.exe
Author: Microsoft Corporation
Related File: C:\WINDOWS\system32\nal1wgw0.exe
Type: Registry Run
Item Name: SoftSafeness
Author: Microsoft Corporation
Related File: C:\Program Files\SoftSafeness Software\SoftSafeness\SoftSafeness.exe -min
Type: Registry Run
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
udpioz64.exe | Malware |
udpioz64.exe | Dangerous |
udpioz64.exe | High Risk |
Nal1wgw0.exe is Trojan/Backdoor.
Kill the process nal1wgw0.exe and remove nal1wgw0.exe from Windows startup.
Malware dropper: setup.exe
Removed: SoftSafenessSvc.exe, nal1wgw0.exe
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1351.0 2009.09.14 -
AVG 8.5.0.412 2009.09.14 -
BitDefender 7.2 2009.09.15 -
Comodo 2323 2009.09.15 -
DrWeb 5.0.0.12182 2009.09.15 -
F-Secure 8.0.14470.0 2009.09.15 -
Kaspersky 7.0.0.125 2009.09.15 -
Microsoft 1.5005 2009.09.15 -
NOD32 4425 2009.09.14 -
Symantec 1.4.4.12 2009.09.15 -
Additional information
File size: 61265 bytes
MD5...: 2cc0bafc0c5121e6b53b6139c1482f8f
SHA1..: f4eb14bbabc4130015a77c9a2f9e858c13d048ca
-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys deleted:1
----------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
----------------------------------
Keys added:8
----------------------------------
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftSafeness
HKLM\SOFTWARE\SoftSafeness
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\0000
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\Security
HKCU\Software\SoftSafeness
----------------------------------
Values deleted:0
----------------------------------
----------------------------------
Values added:28
----------------------------------
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name: "SoftSafeness.exe"
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID: 0x42C927D4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\cf: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\tr: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftSafeness\DisplayName: "SoftSafeness"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftSafeness\UninstallString: ""C:\Program Files\SoftSafeness Software\SoftSafeness\uninstall.exe""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftSafeness\NoModify: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftSafeness\NoRepair: 0x00000001
HKLM\SOFTWARE\SoftSafeness\Lang: "English"
HKLM\SOFTWARE\SoftSafeness\Install_Dir: "C:\Program Files\SoftSafeness Software\SoftSafeness"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\0000\Service: "SoftSafenessSvc"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\0000\DeviceDesc: "SoftSafeness Security Service"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\Type: 0x00000010
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\ImagePath: "C:\Program Files\SoftSafeness Software\SoftSafeness\SoftSafenessSvc.exe"
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\DisplayName: "SoftSafeness Security Service"
HKLM\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc\ObjectName: "LocalSystem"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\nal1wgw0.exe: "C:\WINDOWS\system32\nal1wgw0.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SoftSafeness: "C:\Program Files\SoftSafeness Software\SoftSafeness\SoftSafeness.exe -min"
HKCU\Software\SoftSafeness\CurrentVersion: "771eb5b6f272744584a5567cff88f8a7488db9ff725819bf101e13a05be2b81fa0a1b07e8710a4b241c97b55c9b466298c3486f666dfd2ed819ce519df95b07cbec8852cfbf64087887d3ab4aa2590860751ef0196eb00986cd805f60f292dd71e3468d6ee2dc2042c26b2c4032dc7c0"
HKCU\Software\SoftSafeness\AgentsSettings: 0x00000001
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:737
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\nal1wgw0.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd3.tmp\time.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv5.tmp\nsProcess.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv5.tmp\nsSCM.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\udpioz64.exe
C:\Documents and Settings\All Users\Desktop\SoftSafeness.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SoftSafeness\1 SoftSafeness.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SoftSafeness\2 Homepage.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SoftSafeness\3 Uninstall.lnk
C:\Program Files\SoftSafeness Software\SoftSafeness\SoftSafeness.exe
C:\Program Files\SoftSafeness Software\SoftSafeness\uninstall.exe
C:\WINDOWS\system32\10063not-z-viru953f.dll
C:\WINDOWS\system32\101z9spy552.bin
C:\WINDOWS\system32\10531trzj9f5.bin
/.../
C:\WINDOWS\ze05spy95re916.cpl
C:\WINDOWS\zf93downloa5er54.cpl
C:\WINDOWS\zfb6v5r3159.dll
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:5
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv5.tmp
C:\Documents and Settings\All Users\Start Menu\Programs\SoftSafeness
C:\Program Files\SoftSafeness Software
C:\Program Files\SoftSafeness Software\SoftSafeness
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:779
----------------------------------
-------------------------------------------------------------------------------------
Internet activity:
Code:
HTTP GET http://www.softsafeness.com/softsafeness...
HTTP GET http://www.softsafeness.com/softsafeness...
HTTP POST http://www.softsafeness.com/report
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Item Name: SoftSafenessSvc
Author:
Related File: C:\Program Files\SoftSafeness Software\SoftSafeness\SoftSafenessSvc.exe
Type: Auto Services
Item Name: nal1wgw0.exe
Author: Microsoft Corporation
Related File: C:\WINDOWS\system32\nal1wgw0.exe
Type: Registry Run
Item Name: SoftSafeness
Author: Microsoft Corporation
Related File: C:\Program Files\SoftSafeness Software\SoftSafeness\SoftSafeness.exe -min
Type: Registry Run
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.