YHB_SERVICE.EXE is Backdoor Nbdd

March 27, 2014, 6:38 am

≫ Next: 3DPARTYMODULE.EXE is Trojan Hllw

≪ Previous: WMI.VBS is Trojan Win32.Inject.kdfy

The program YHB_SERVICE.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with YHB_SERVICE.EXE.
Download for free: http://www.unhackme.com

Malware Analysis of YHB_SERVICE.EXE
Full path on a computer: %Common Appdata%\yhb\yhb_service.exe

Detected by UnHackMe:

YHB_SERVICE.EXE
Default location: %Common Appdata%\yhb\yhb_service.exe

Removal Results: Success
Number of reboot: 1

YHB_SERVICE.EXE is known as:

Backdoor.Nbdd

YHB_SERVICE.EXE hash:

MD5: 7cefcbc9ae21f8748cf1e7e4acb6a26f

The file tries to download information from some web sites.

How to quickly detect YHB_SERVICE.EXE presence?

Registry:

HKLM\Software\Classes\CLSID\{D2E1E807-380C-48E6-B39E-226945AE6364}\InprocServer32\: “%Common Appdata%\yhb\yhb32.dll”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\yhb: “”%Common Appdata%\yhb\yhb_service.exe” start”
HKLM\System\CurrentControlSet\Services\yhbUpdate\ImagePath: “%Common Appdata%\yhb\yhb.exe”
HKLM\System\CurrentControlSet\Services\yhbUpdate\DisplayName: “yhb Server”

Folders:

%Common Appdata%\yhb

Files:

%Common Appdata%\yhb\config.ini
%Common Appdata%\yhb\CoreIo.dll
%Common Appdata%\yhb\modhp.dll
%Common Appdata%\yhb\SE_P100.dll
%Common Appdata%\yhb\so_core.dll
%Common Appdata%\yhb\ToolOper.dll
%Common Appdata%\yhb\Update.exe
%Common Appdata%\yhb\Update_uni.exe
%Common Appdata%\yhb\yhb.exe
%Common Appdata%\yhb\yhb32.dll
%Common Appdata%\yhb\yhb64.dll
%Common Appdata%\yhb\yhb_core.dll
%Common Appdata%\yhb\yhb_service.exe

↧

3DPARTYMODULE.EXE is Trojan Hllw

March 27, 2014, 9:50 am

≫ Next: APLIB64.DLL is Trojan Muldrop5

≪ Previous: YHB_SERVICE.EXE is Backdoor Nbdd

The file 3DPARTYMODULE.EXE is malware related.
You must delete the file 3DPARTYMODULE.EXE immediately!
Delete the file 3DPARTYMODULE.EXE without delay!
Kill the process 3DPARTYMODULE.EXE and remove 3DPARTYMODULE.EXE from the Windows startup.

Malware Analysis of 3DPARTYMODULE.EXE
Full path on a computer: %APPDATA%\3DPARTYMODULE.EXE

Detected by UnHackMe:

3DPARTYMODULE.EXE
Default location: %APPDATA%\3DPARTYMODULE.EXE

Removal Results: Success
Number of reboot: 1

3DPARTYMODULE.EXE is known as:

Trojan Hllw

How to quickly detect 3DPARTYMODULE.EXE presence?

Files:

%WINDIR%\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CONFIG\ENTERPRISESEC.CONFIG.CCH.NEW
%WINDIR%\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CONFIG\SECURITY.CONFIG.CCH.NEW
%APPDATA%\3DPARTYMODULE.EXE

↧

APLIB64.DLL is Trojan Muldrop5

March 27, 2014, 9:50 am

≫ Next: CCSE.EXE is Trojan Downloader

≪ Previous: 3DPARTYMODULE.EXE is Trojan Hllw

The file APLIB64.DLL is malware related.
You must delete the file APLIB64.DLL immediately!
Delete the file APLIB64.DLL without delay!
Kill the process APLIB64.DLL and remove APLIB64.DLL from the Windows startup.

Malware Analysis of APLIB64.DLL
Full path on a computer: %TEMP%\APLIB64.DLL

Detected by UnHackMe:

APLIB64.DLL
Default location: %TEMP%\APLIB64.DLL

Removal Results: Success
Number of reboot: 1

APLIB64.DLL is known as:

Trojan.Muldrop5

How to quickly detect APLIB64.DLL presence?

Files:

%TEMP%\APLIB64.DLL
\CLIENT.DLL
%TEMP%\ZLIB1.DLL
%TEMP%\APLIB.DLL

↧

CCSE.EXE is Trojan Downloader

March 27, 2014, 9:50 am

≫ Next: CLEEN.EXE is Trojan Downloader

≪ Previous: APLIB64.DLL is Trojan Muldrop5

We checked some samples of CCSE.EXE and detected the file CCSE.EXE as threat.
Remove the CCSE.EXE file from your computer right now.
Removal tool: http://www.unhackme.com

Malware Analysis of CCSE.EXE
Full path on a computer: %TEMP%\CCSE.EXE

Detected by UnHackMe:

CCSE.EXE
Default location: %TEMP%\CCSE.EXE

Removal Results: Success
Number of reboot: 1

CCSE.EXE is known as:

Trojan Downloader

How to quickly detect CCSE.EXE presence?

Files:

%TEMP%\CCSE.EXE
%TEMP%\37.EXE

↧

CLEEN.EXE is Trojan Downloader

March 27, 2014, 9:50 am

≫ Next: HWHEJ.EXE is Trojan Hllw

≪ Previous: CCSE.EXE is Trojan Downloader

The file CLEEN.EXE can destroy your system, thus making the computer to work abnormally.
CLEEN.EXE is a dangerous file.
RemoveCLEEN.EXE from your computer immediately.
Kill the process CLEEN.EXE and remove CLEEN.EXE from the Windows startup.

Malware Analysis of CLEEN.EXE
Full path on a computer: %SYSTEMDRIVE%\EXTRACTED\CLEEN.EXE

Detected by UnHackMe:

CLEEN.EXE
Default location: %SYSTEMDRIVE%\EXTRACTED\CLEEN.EXE

Removal Results: Success
Number of reboot: 1

CLEEN.EXE is known as:

Trojan Downloader

How to quickly detect CLEEN.EXE presence?

Files:

%WINDIR%\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CONFIG\SECURITY.CONFIG.CCH.NEW
%WINDIR%\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CONFIG\ENTERPRISESEC.CONFIG.CCH.NEW
%TEMP%\YAHOO.EXE
%TEMP%\SFX.INI
%SYSTEMDRIVE%\EXTRACTED\CLEEN.EXE

↧

HWHEJ.EXE is Trojan Hllw

March 27, 2014, 9:50 am

≫ Next: LANGUAGE LEARNING PACKS COLLECTION (VOL. 2).DOC.PIF is Trojan Hllw

≪ Previous: CLEEN.EXE is Trojan Downloader

The file HWHEJ.EXE can destroy your system, thus making the computer to work abnormally.
HWHEJ.EXE is a dangerous file.
RemoveHWHEJ.EXE from your computer immediately.
Kill the process HWHEJ.EXE and remove HWHEJ.EXE from the Windows startup.

Malware Analysis of HWHEJ.EXE
Full path on a computer: %PROFILE%\HWHEJ.EXE

Detected by UnHackMe:

HWHEJ.EXE
Default location: %PROFILE%\HWHEJ.EXE

Removal Results: Success
Number of reboot: 1

HWHEJ.EXE is known as:

Trojan Hllw

How to quickly detect HWHEJ.EXE presence?

Files:

%PROFILE%\C\SECRET.EXE
%PROFILE%\C\SEXY.EXE
%PROFILE%\C\RCXD.TMP
%PROFILE%\C\AUTORUN.INF
%PROFILE%\HWHEJ.EXE

↧

LANGUAGE LEARNING PACKS COLLECTION (VOL. 2).DOC.PIF is Trojan Hllw

March 27, 2014, 9:50 am

≫ Next: OMF2D.EXE is Trojan Artemis

≪ Previous: HWHEJ.EXE is Trojan Hllw

Is the file LANGUAGE LEARNING PACKS COLLECTION (VOL. 2).DOC.PIF located on your computer? Then your computer is infected.
We do suggest you should remove LANGUAGE LEARNING PACKS COLLECTION (VOL. 2).DOC.PIF from your computer as soon as possible.
LANGUAGE LEARNING PACKS COLLECTION (VOL. 2).DOC.PIF is Trojan/Backdoor.
Kill the process LANGUAGE LEARNING PACKS COLLECTION (VOL. 2).DOC.PIF and remove LANGUAGE LEARNING PACKS COLLECTION (VOL. 2).DOC.PIF from the Windows startup.

Malware Analysis of LANGUAGE LEARNING PACKS COLLECTION (VOL. 2).DOC.PIF
Full path on a computer: %TEMP%\647970497E82693F73\LIBROS\LANGUAGE LEARNING PACKS COLLECTION (VOL. 2).DOC.PIF

Detected by UnHackMe:

LANGUAGE LEARNING PACKS COLLECTION (VOL. 2).DOC.PIF
Default location: %TEMP%\647970497E82693F73\LIBROS\LANGUAGE LEARNING PACKS COLLECTION (VOL. 2).DOC.PIF

Removal Results: Success
Number of reboot: 1

LANGUAGE LEARNING PACKS COLLECTION (VOL. 2).DOC.PIF is known as:

Trojan Hllw

How to quickly detect LANGUAGE LEARNING PACKS COLLECTION (VOL. 2).DOC.PIF presence?

Files:

%TEMP%\647970497E82693F73\JUEGOS\GTA SAN ANDREAS EXTREME EDITION 2011.COM
%TEMP%\647970497E82693F73\JUEGOS\MAGICKA-SKIDROW.COM
%TEMP%\647970497E82693F73\JUEGOS\ROME TOTAL WAR.COM
%TEMP%\647970497E82693F73\JUEGOS\THE.SIMS.3.OUTDOOR.LIVING.STUFF-FLT-[TRACKER.BTARENA.ORG].ISO.COM
%TEMP%\647970497E82693F73\LIBROS\LANGUAGE LEARNING PACKS COLLECTION (VOL. 2).DOC.PIF

↧

OMF2D.EXE is Trojan Artemis

March 27, 2014, 9:50 am

≫ Next: S0UG0U.EXE is Trojan Pws

≪ Previous: LANGUAGE LEARNING PACKS COLLECTION (VOL. 2).DOC.PIF is Trojan Hllw

The file OMF2D.EXE is identified as a virus dropper.
The dropper OMF2D.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file OMF2D.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the OMF2D.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the OMF2D.EXE process and delete the file OMF2D.EXE.

Malware Analysis of OMF2D.EXE
Full path on a computer: %TEMP%\BIN\OMF2D.EXE

Detected by UnHackMe:

OMF2D.EXE
Default location: %TEMP%\BIN\OMF2D.EXE

Removal Results: Success
Number of reboot: 1

OMF2D.EXE is known as:

Trojan Artemis

OMF2D.EXE hash:

MD5: BD0683C8EEFEC853AE1EC03788E20BB1

How to quickly detect OMF2D.EXE presence?

Files:

%TEMP%\OLD\0.0.3\BIN\COMPILE.BAT
%TEMP%\BIN\DCC32.EXE
%TEMP%\BIN\LINK.EXE
%TEMP%\BIN\MSPDB70.DLL
%TEMP%\BIN\OMF2D.EXE

↧

S0UG0U.EXE is Trojan Pws

March 27, 2014, 9:50 am

≫ Next: TASKLIB.DLL is Trojan Muldrop3

≪ Previous: OMF2D.EXE is Trojan Artemis

The file S0UG0U.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete S0UG0U.EXE we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of S0UG0U.EXE
Full path on a computer: %TEMP%\S0UG0U.EXE

Detected by UnHackMe:

S0UG0U.EXE
Default location: %TEMP%\S0UG0U.EXE

Removal Results: Success
Number of reboot: 1

S0UG0U.EXE is known as:

Trojan.Pws

How to quickly detect S0UG0U.EXE presence?

Files:

%TEMP%\GAMEUPDATE.BAT
%TEMP%\S0UG0U.EXE

↧

TASKLIB.DLL is Trojan Muldrop3

March 27, 2014, 9:50 am

≫ Next: TESTDOS.DLL is Trojan Downloader

≪ Previous: S0UG0U.EXE is Trojan Pws

We checked up the file TASKLIB.DLL and found it hazardous.
The file TASKLIB.DLL must be deleted from the system immediately.
Kill the process TASKLIB.DLL and remove TASKLIB.DLL from the Windows startup.

Malware Analysis of TASKLIB.DLL
Full path on a computer: \TASKLIB.DLL

Detected by UnHackMe:

TASKLIB.DLL
Default location: \TASKLIB.DLL

Removal Results: Success
Number of reboot: 1

TASKLIB.DLL is known as:

Trojan.Muldrop3

How to quickly detect TASKLIB.DLL presence?

Files:

\APACH.DLL
%TEMP%\NSB2.TMP
\FILELIB\3
\LOOKPROCESS.DLL
\TASKLIB.DLL

↧

TESTDOS.DLL is Trojan Downloader

March 27, 2014, 9:50 am

≫ Next: ZINME.DLL is Trojan Muldrop3

≪ Previous: TASKLIB.DLL is Trojan Muldrop3

The file TESTDOS.DLL is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete TESTDOS.DLL we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of TESTDOS.DLL
Full path on a computer: %WINDIR%\TESTDOS.DLL

Detected by UnHackMe:

TESTDOS.DLL
Default location: %WINDIR%\TESTDOS.DLL

Removal Results: Success
Number of reboot: 1

TESTDOS.DLL is known as:

Trojan Downloader

How to quickly detect TESTDOS.DLL presence?

Files:

%TEMP%\142015.BAT
%WINDIR%\TESTDOS.DLL

↧

ZINME.DLL is Trojan Muldrop3

March 27, 2014, 9:50 am

≫ Next: Hot Deals!

≪ Previous: TESTDOS.DLL is Trojan Downloader

The file ZINME.DLL is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete ZINME.DLL we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of ZINME.DLL
Full path on a computer: \ZINME.DLL

Detected by UnHackMe:

ZINME.DLL
Default location: \ZINME.DLL

Removal Results: Success
Number of reboot: 1

ZINME.DLL is known as:

Trojan.Muldrop3

How to quickly detect ZINME.DLL presence?

Files:

%TEMP%\DW.LOG
%TEMP%\1A582.DMP
\ZINME.DLL
%PROGRAMFILES%\SVCHOST.EXE

↧

Hot Deals!

March 27, 2014, 9:55 am

≫ Next: KingBrowse Deals

≪ Previous: ZINME.DLL is Trojan Muldrop3

Hot Deals! is a browser extension unique ID.
A browser extension is a computer program that extends the functionality of a web browser in some way.
We suggest you to remove Hot Deals! extension from your browser as soon as possible.
Also, you should delete files and registry keys, created by Hot Deals!.
Hot Deals! is related to: Adware, Search Redirecting.

↧

KingBrowse Deals

March 27, 2014, 10:35 am

≫ Next: EDESKCMN.DLL is Adware D365

≪ Previous: Hot Deals!

KingBrowse Deals is a browser extension unique ID.
A browser extension is a computer program that extends the functionality of a web browser in some way.
We suggest you to remove KingBrowse Deals extension from your browser as soon as possible.
Also, you should delete files and registry keys, created by KingBrowse Deals.
KingBrowse Deals is related to: Adware, Search Redirecting.

↧

EDESKCMN.DLL is Adware D365

March 27, 2014, 10:50 am

≫ Next: Related Searches

≪ Previous: KingBrowse Deals

We received the file EDESKCMN.DLL and detected that EDESKCMN.DLL is not good.
EDESKCMN.DLL is Adware. You should remove the file EDESKCMN.DLL.
Kill the process EDESKCMN.DLL and remove EDESKCMN.DLL from Windows.

Malware Analysis of EDESKCMN.DLL
Full path on a computer: %Temp%\Desk365\Desk_365\edeskcmn.dll

Detected by UnHackMe:

EDESKCMN.DLL
Default location: %Temp%\Desk365\Desk_365\edeskcmn.dll

Removal Results: Success
Number of reboot: 1

EDESKCMN.DLL is known as:

Adware.D365

EDESKCMN.DLL hash:

MD5: 4a48cdf55a41fdaaa9dff68c7a448580

The file tries to download information from some web sites.

How to quickly detect EDESKCMN.DLL presence?

Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365\UninstallString: “%Program Files%\Desk 365\eUninstall.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365\DisplayName: “Desk 365″
HKLM\System\CurrentControlSet\Services\desksvc\ImagePath: “%Program Files%\Desk 365\deskSvc.exe”
HKLM\System\CurrentControlSet\Services\desksvc\DisplayName: “Desk 365 service”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Desk 365: “”%Program Files%\Desk 365\desk365.exe” /autorun”

Folders:

%Appdata%\Desk 365
%Temp%\Desk365
%Common Startmenu%\Programs\Desk 365
%Program Files%\Desk 365

Files:

%Temp%\Desk365\Desk_365\ebase.dll
%Temp%\Desk365\Desk_365\edeskcmn.dll
%Temp%\Desk365\Desk_365\eDhelper.exe
%Temp%\Desk365\Desk_365\eDhelper64.exe
%Temp%\Desk365\Desk_365\edis.dll
%Temp%\Desk365\Desk_365\edis64.dll
%Temp%\Desk365\Desk_365\ElexDbg.dll
%Temp%\Desk365\Desk_365\enotify.dll
%Temp%\Desk365\Desk_365\eUninstall.exe

↧

Websearch.AmaizingSearches.info

March 27, 2014, 11:55 am

≫ Next: ACTIVEDESKTOP.EXE is Trojan Muldrop5

≪ Previous: Related Searches

Websearch.AmaizingSearches.info web site is claimed in annoying advertisements.
Websearch.AmaizingSearches.info redirect searches, user-entered URLs without clear notification and consent.
Sometimes Websearch.AmaizingSearches.info is installed without a user permission.
Some people have big problems with removing Websearch.AmaizingSearches.info from their computers.
Websearch.AmaizingSearches.info is related to: Adware, Search Redirecting.

↧

ACTIVEDESKTOP.EXE is Trojan Muldrop5

March 27, 2014, 9:36 pm

≫ Next: CRASHREPORTER-OVERRIDE.INI .EXE is Trojan Hllw

≪ Previous: Websearch.AmaizingSearches.info

Is the file ACTIVEDESKTOP.EXE located on your computer? Then your computer is infected.
We do suggest you should remove ACTIVEDESKTOP.EXE from your computer as soon as possible.
ACTIVEDESKTOP.EXE is Trojan/Backdoor.
Kill the process ACTIVEDESKTOP.EXE and remove ACTIVEDESKTOP.EXE from the Windows startup.

Malware Analysis of ACTIVEDESKTOP.EXE
Full path on a computer: %WINDIR%\WEB\WALLPAPER\ACTIVEDESKTOP.EXE

Detected by UnHackMe:

ACTIVEDESKTOP.EXE
Default location: %WINDIR%\WEB\WALLPAPER\ACTIVEDESKTOP.EXE

Removal Results: Success
Number of reboot: 1

ACTIVEDESKTOP.EXE is known as:

Trojan.Muldrop5

How to quickly detect ACTIVEDESKTOP.EXE presence?

Files:

%WINDIR%\WEB\WALLPAPER\MINI\MINI.SWF
%WINDIR%\WEB\WALLPAPER\MINI.HTM
%WINDIR%\WEB\WALLPAPER\ACTIVEDESKTOP.EXE
%WINDIR%\WEB\WALLPAPER\MINI\CALENDER2.SWF

↧

CRASHREPORTER-OVERRIDE.INI .EXE is Trojan Hllw

March 27, 2014, 9:36 pm

≫ Next: EP1KDL20.DLL is Trojan Muldrop5

≪ Previous: ACTIVEDESKTOP.EXE is Trojan Muldrop5

Is the file CRASHREPORTER-OVERRIDE.INI .EXE located on your computer? Then your computer is infected.
We do suggest you should remove CRASHREPORTER-OVERRIDE.INI .EXE from your computer as soon as possible.
CRASHREPORTER-OVERRIDE.INI .EXE is Trojan/Backdoor.
Kill the process CRASHREPORTER-OVERRIDE.INI .EXE and remove CRASHREPORTER-OVERRIDE.INI .EXE from the Windows startup.

Malware Analysis of CRASHREPORTER-OVERRIDE.INI .EXE
Full path on a computer: %PROGRAMFILES%\FIREFOX\CRASHREPORTER-OVERRIDE.INI .EXE

Detected by UnHackMe:

CRASHREPORTER-OVERRIDE.INI .EXE
Default location: %PROGRAMFILES%\FIREFOX\CRASHREPORTER-OVERRIDE.INI .EXE

Removal Results: Success
Number of reboot: 1

CRASHREPORTER-OVERRIDE.INI .EXE is known as:

Trojan Hllw

How to quickly detect CRASHREPORTER-OVERRIDE.INI .EXE presence?

Files:

%WINDIR%\MICROSOFT.NET\FRAMEWORK\V3.5\MICROSOFT .NET FRAMEWORK 3.5 SP1\LOCDATA.1053.INI .EXE
%WINDIR%\MICROSOFT.NET\FRAMEWORK\V3.5\MICROSOFT .NET FRAMEWORK 3.5 SP1\LOCDATA.1055.INI .EXE
%WINDIR%\MICROSOFT.NET\FRAMEWORK\V3.5\MICROSOFT .NET FRAMEWORK 3.5 SP1\LOCDATA.1046.INI .EXE
%WINDIR%\MICROSOFT.NET\FRAMEWORK\V3.5\MICROSOFT .NET FRAMEWORK 3.5 SP1\LOCDATA.1049.INI .EXE
%PROGRAMFILES%\FIREFOX\CRASHREPORTER-OVERRIDE.INI .EXE

↧

EP1KDL20.DLL is Trojan Muldrop5

March 27, 2014, 9:36 pm

≫ Next: HNFGS.DLL is Trojan Pws

≪ Previous: CRASHREPORTER-OVERRIDE.INI .EXE is Trojan Hllw

We checked up the file EP1KDL20.DLL and found it hazardous.
The file EP1KDL20.DLL must be deleted from the system immediately.
Kill the process EP1KDL20.DLL and remove EP1KDL20.DLL from the Windows startup.