Quantcast
Channel: How to Remove Malware
Viewing all articles
Browse latest Browse all 38585

SNUPDATER.EXE is Trojan Keywsec

$
0
0

The file SNUPDATER.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete SNUPDATER.EXE we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of SNUPDATER.EXE
Full path on a computer: %Program Files%\K14R\snupdater.exe

Detected by UnHackMe:

Item Name: ReputationAlertUpdaterService
Author:
Related File: %Program Files%\K14R\WindowsService.exe
Type: Auto Services

Item Name: WindowsService.exe
Author:
Related File: %PROGRAM FILES%\K14R\WINDOWSSERVICE.EXE
Type: Running Processes

Item Name: SNUPDATER.EXE
Author:
Related File: %PROGRAM FILES%\K14R\SNUPDATER.EXE
Type: Multi AV Detected Files

Item Name: WINDOWSSERVICE.EXE
Author:
Related File: %PROGRAM FILES%\K14R\WINDOWSSERVICE.EXE
Type: Multi AV Detected Files

Removal Results: Success
Number of reboot: 1

SNUPDATER.EXE is known as:

Trojan.Keywsec, Trojan.Clicker.M, Trojan-Clicker.MSIL.Agent.dp, Trojan.CL.Agent.b5OCuAXy.Ag, Trojan.Agent.Gen-Faker[desc], TR.Keywsec.C.6, Trojan:MSIL.Keywsec.C, Trojan.Agent, W32.Trojan.UARD-2982, TrojanClicker.MSIL.Agent, a variant of MSIL.TrojanClicker.Agent.NBG, Trojan-Clicker.BDHP, W32.Agent.DP.tr, Clicker.BDHP

SNUPDATER.EXE hash:

  • MD5: 1c9c30ef5c2baa04e006252271b7d3c5
How to quickly detect SNUPDATER.EXE presence?
Registry:
  • HKLM\System\CurrentControlSet\Services\Eventlog\Application\AutoBackupLogFiles: 0×00000000
  • HKLM\System\CurrentControlSet\Services\Eventlog\Application\ReputationAlertUpdaterService\EventMessageFile: “%WinDir%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll”
  • HKLM\System\CurrentControlSet\Services\ReputationAlertUpdaterService\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
  • HKLM\System\CurrentControlSet\Services\ReputationAlertUpdaterService\Type: 0×00000010
  • HKLM\System\CurrentControlSet\Services\ReputationAlertUpdaterService\Start: 0×00000002
  • HKLM\System\CurrentControlSet\Services\ReputationAlertUpdaterService\ErrorControl: 0×00000001
  • HKLM\System\CurrentControlSet\Services\ReputationAlertUpdaterService\ImagePath: “%Program Files%\K14R\WindowsService.exe”
  • HKLM\System\CurrentControlSet\Services\ReputationAlertUpdaterService\ObjectName: “LocalSystem”
Folders:
  • %Program Files%\K14R
Files:
  • %Program Files%\K14R\snupdater.exe
  • %Program Files%\K14R\uvname.conf
  • %Program Files%\K14R\WindowsService.exe


Viewing all articles
Browse latest Browse all 38585

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>