Is the file PPHURUN.DLL located on your computer? Then your computer is infected.
We do suggest you should remove PPHURUN.DLL from your computer as soon as possible.
PPHURUN.DLL is Trojan/Backdoor.
Kill the process PPHURUN.DLL and remove PPHURUN.DLL from the Windows startup.
Malware Analysis of PPHURUN.DLL
Full path on a computer: %Program Files Common%\QQDownload\pphurun.dll
Detected by UnHackMe:
PPHURUN.DLL
Default location: %Program Files Common%\QQDownload\pphurun.dll
Removal Results: Success
Number of reboot: 1
PPHURUN.DLL is known as:
Trojan.Agent.5021504.B, Trojan-Downloader.Agent.xzyo, Trojan.Agent.KbrolvlpJM0, TrojWare.Agent.ucil, Trojan.MulDrop4.627, TR.MiniMal.A.120, TrojanDownloader.Agent.ekdi, Troj.Undef.(kcloud), TrojanDownloader.Qvodd, TrojanDownloader.Agent, probably a variant of Win32.Agent.UCI, Trojan.Killav.4D28, Trojan-Downloader.Agent, W32.Redosdru.BED.tr, Agent4.AMDG
PPHURUN.DLL hash:
- MD5: 2caf637d0fa5f713f5242f5cbc1e85b0
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect PPHURUN.DLL presence?
Registry:
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\smsofter: “%Program Files Common%\QQDownload\cionme.exe”
- HKLM\System\CurrentControlSet\Services\MSmanage\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\MSmanage\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\MSmanage\ErrorControl: 0×00000000
- HKLM\System\CurrentControlSet\Services\MSmanage\ImagePath: “%Program Files Common%\QQDownload\pphurun.dll”
- HKLM\System\CurrentControlSet\Services\MSmanage\DisplayName: “windows Disk Manager”
- HKLM\System\CurrentControlSet\Services\MSmanage\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\MSmanage\Description: “?AAI?UAi???UAi