We received the file ESEEKYSETTINGSWATCHER.EXE and detected that ESEEKYSETTINGSWATCHER.EXE is not good.
ESEEKYSETTINGSWATCHER.EXE is Adware. You should remove the file ESEEKYSETTINGSWATCHER.EXE.
Kill the process ESEEKYSETTINGSWATCHER.EXE and remove ESEEKYSETTINGSWATCHER.EXE from Windows.
Malware Analysis of ESEEKYSETTINGSWATCHER.EXE
Full path on a computer: %Local Appdata%\Programs\Zugara Investment\Eseeky\EseekySettingsWatcher.exe
Detected by UnHackMe:
ESEEKYSETTINGSWATCHER.EXE
Default location: %Local Appdata%\Programs\Zugara Investment\Eseeky\EseekySettingsWatcher.exe
Removal Results: Success
Number of reboot: 1
ESEEKYSETTINGSWATCHER.EXE is known as:
Adware.PUP.Eseeky
ESEEKYSETTINGSWATCHER.EXE hash:
- MD5: 76079b23c41e7b7cce2ed12f0f46efc6
The file tries to connect to the dangerous web site.
How to quickly detect ESEEKYSETTINGSWATCHER.EXE presence?
Image may be NSFW.
Clik here to view.
Registry:
Clik here to view.
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\EseekySettingsWatcher: “%Local Appdata%\Programs\Zugara Investment\Eseeky\EseekySettingsWatcher.exe”
Image may be NSFW.
Clik here to view.Folders:
Clik here to view.
Folders:- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\searchplugins
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ammfplfdkakimnibcghcebgbiiphabgc
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\en
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\pl
- %Local Appdata%\Programs
- %Local Appdata%\Programs\Zugara Investment
- %Local Appdata%\Programs\Zugara Investment\Eseeky
- %Local Appdata%\Programs\Zugara Investment\Eseeky\sqldrivers
- %Temp%\is-8DNP2.tmp
- %Temp%\is-8DNP2.tmp\ChromeExtension
- %Temp%\is-8DNP2.tmp\enhancer
- %Temp%\is-8DNP2.tmp\enhancer\sqldrivers
- %Temp%\is-8DNP2.tmp\IEExtension
- %Temp%\is-8DNP2.tmp\MSVC
- %Temp%\is-8DNP2.tmp\service
- %Temp%\is-8DNP2.tmp\_isetup
- %Temp%\is-IIVR7.tmp
- %Temp%\is-J31C5.tmp
- %Program Files%\Pirrit
- %Program Files%\Pirrit\IEExtension
Image may be NSFW.
Clik here to view.Files:
Clik here to view.
Files:- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\suggestor@pirrit.com.xpi
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\searchplugins\eseeky-search.xml
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ammfplfdkakimnibcghcebgbiiphabgc\background.html
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ammfplfdkakimnibcghcebgbiiphabgc\background.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ammfplfdkakimnibcghcebgbiiphabgc\icon_128.png
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ammfplfdkakimnibcghcebgbiiphabgc\inject.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ammfplfdkakimnibcghcebgbiiphabgc\jquery.min.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ammfplfdkakimnibcghcebgbiiphabgc\manifest.json
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\en\messages.json
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ammfplfdkakimnibcghcebgbiiphabgc\_locales\pl\messages.json
- %Local Appdata%\Programs\Zugara Investment\Eseeky\BrowserEnhancer.exe
- %Local Appdata%\Programs\Zugara Investment\Eseeky\EseekySettingsWatcher.exe
- %Local Appdata%\Programs\Zugara Investment\Eseeky\msvcp100.dll
- %Local Appdata%\Programs\Zugara Investment\Eseeky\msvcr100.dll
- %Local Appdata%\Programs\Zugara Investment\Eseeky\qjson0.dll
- %Local Appdata%\Programs\Zugara Investment\Eseeky\QtCore4.dll
- %Local Appdata%\Programs\Zugara Investment\Eseeky\QtGui4.dll
- %Local Appdata%\Programs\Zugara Investment\Eseeky\QtNetwork4.dll
- %Local Appdata%\Programs\Zugara Investment\Eseeky\QtSql4.dll
- %Local Appdata%\Programs\Zugara Investment\Eseeky\sqldrivers\qsqlite4.dll
- %Local Appdata%\Programs\Zugara Investment\Eseeky\unins000.dat
- %Local Appdata%\Programs\Zugara Investment\Eseeky\unins000.exe
- %Temp%\copiedFile.bat
- %Temp%\is-8DNP2.tmp\ChangeHomepageAndTab.bat
- %Temp%\is-8DNP2.tmp\ChangeSearch.bat
- %Temp%\is-8DNP2.tmp\ChromeExtension\ammfplfdkakimnibcghcebgbiiphabgc.txt
- %Temp%\is-8DNP2.tmp\enhancer\BrowserEnhancer.exe
- %Temp%\is-8DNP2.tmp\enhancer\msvcp100.dll
- %Temp%\is-8DNP2.tmp\enhancer\msvcr100.dll
- %Temp%\is-8DNP2.tmp\enhancer\qjson0.dll
- %Temp%\is-8DNP2.tmp\enhancer\QtCore4.dll
- %Temp%\is-8DNP2.tmp\enhancer\QtSql4.dll
- %Temp%\is-8DNP2.tmp\enhancer\sqldrivers\qsqlite4.dll
- %Temp%\is-8DNP2.tmp\IEExtension\Config.json
- %Temp%\is-8DNP2.tmp\IEExtension\IEExtension.dll
- %Temp%\is-8DNP2.tmp\IEExtension\install.bat
- %Temp%\is-8DNP2.tmp\IEExtension\Microsoft.mshtml.dll
- %Temp%\is-8DNP2.tmp\IEExtension\Newtonsoft.Json.dll
- %Temp%\is-8DNP2.tmp\InstallPirrit.bat
- %Temp%\is-8DNP2.tmp\InstallPirritPluginOnly.bat
- %Temp%\is-8DNP2.tmp\InstallPirritPluginWithService.bat
- %Temp%\is-8DNP2.tmp\InstallPirritUpdater.bat
- %Temp%\is-8DNP2.tmp\itdownload.dll
- %Temp%\is-8DNP2.tmp\MSVC\msvcp100.dll
- %Temp%\is-8DNP2.tmp\MSVC\msvcr100.dll
- %Temp%\is-8DNP2.tmp\pirrit.zip
- %Temp%\is-8DNP2.tmp\service\AutoUpdater.exe
- %Temp%\is-8DNP2.tmp\service\QtNetwork4.dll
- %Temp%\is-8DNP2.tmp\unzip.exe
- %Temp%\is-8DNP2.tmp\_isetup\_shfoldr.dll
- %Temp%\is-IIVR7.tmp\PirritSuggestor.tmp
- %Temp%\is-J31C5.tmp\Eseeky Search.exe
- %Temp%\is-J31C5.tmp\PirritSuggestor.exe
- %Program Files%\Pirrit\IEExtension\IEExtension.dll
- %Program Files%\Pirrit\IEExtension\Microsoft.mshtml.dll
- %Program Files%\Pirrit\IEExtension\Newtonsoft.Json.dll