xptuhcq.dll - Dangerous

xptuhcq.dll

Manual removal instructions:

Antivirus Report of xptuhcq.dll:
xptuhcq.dll Malware
xptuhcq.dllDangerous
xptuhcq.dllHigh Risk
xptuhcq.dll
We suggest you to remove xptuhcq.dll from your computer as soon as possible.
Xptuhcq.dll is Trojan/Backdoor.
Kill the file xptuhcq.dll and remove xptuhcq.dll from Windows startup.

File: cq.exe (C:\sand-box\cq.exe)

Classification:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.07.01 Win32:Trojan-gen {Other}
AVG 8.5.0.386 2009.07.01 Downloader.Agent
BitDefender 7.2 2009.07.02 Trojan.Agent.AKDQ
Comodo 1537 2009.07.01 -
DrWeb 5.0.0.12182 2009.07.02 BackDoor.Pigeon.origin
F-Secure 8.0.14470.0 2009.07.02 Trojan-GameThief.Win32.OnLineGames.uaed
Kaspersky 7.0.0.125 2009.07.02 Trojan-GameThief.Win32.OnLineGames.uaed
Microsoft 1.4803 2009.07.01 PWS:Win32/Yokoyou.A
NOD32 4206 2009.07.02 probably a variant of Win32/Genetik
Symantec 1.4.4.12 2009.07.02 Infostealer.Gampass

Additional information
File size: 19850 bytes
MD5 : 1dba0aa5b1c9816bb99e4939102d4fb3
SHA1 : 349e2e2d9c2463c75c9a51280a72fd19c7d00743

Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys added:2
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{C51C4AFB-2A3A-6C2E-BA41-C10F02760731}
HKLM\SOFTWARE\Classes\CLSID\{C51C4AFB-2A3A-6C2E-BA41-C10F02760731}\InProcServer32

----------------------------------
Values added:4
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{C51C4AFB-2A3A-6C2E-BA41-C10F02760731}\InProcServer32\: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xptuhcq.dll"
HKLM\SOFTWARE\Classes\CLSID\{C51C4AFB-2A3A-6C2E-BA41-C10F02760731}\InProcServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{C51C4AFB-2A3A-6C2E-BA41-C10F02760731}\: "Odfink.Abceab.1"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{C51C4AFB-2A3A-6C2E-BA41-C10F02760731}: ""

----------------------------------
Values modified:0
----------------------------------

----------------------------------
Files added:1
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\xptuhcq.dll

----------------------------------
Files deleted:2
----------------------------------
C:\sand-box\cq.exe
C:\WINDOWS\system32\verclsid.exe

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:0
----------------------------------

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:9
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: {C51C4AFB-2A3A-6C2E-BA41-C10F02760731}
Author: Unknown
Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xptuhcq.dll
Type: Shell Execute Hooks

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove xptuhcq.dll now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.