The file SNUPDATER.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete SNUPDATER.EXE we suggest you should use UnHackMe:
http://www.unhackme.com
Malware Analysis of SNUPDATER.EXE
Full path on a computer: %Program Files%\K14R\snupdater.exe
Detected by UnHackMe:
Item Name: ReputationAlertUpdaterService
Author:
Related File: %Program Files%\K14R\WindowsService.exe
Type: Auto Services
Item Name: WindowsService.exe
Author:
Related File: %PROGRAM FILES%\K14R\WINDOWSSERVICE.EXE
Type: Running Processes
Item Name: SNUPDATER.EXE
Author:
Related File: %PROGRAM FILES%\K14R\SNUPDATER.EXE
Type: Multi AV Detected Files
Item Name: WINDOWSSERVICE.EXE
Author:
Related File: %PROGRAM FILES%\K14R\WINDOWSSERVICE.EXE
Type: Multi AV Detected Files
Removal Results: Success
Number of reboot: 1
SNUPDATER.EXE is known as:
Trojan.Keywsec, Trojan.Clicker.M, Trojan-Clicker.MSIL.Agent.dp, Trojan.CL.Agent.b5OCuAXy.Ag, Trojan.Agent.Gen-Faker[desc], TR.Keywsec.C.6, Trojan:MSIL.Keywsec.C, Trojan.Agent, W32.Trojan.UARD-2982, TrojanClicker.MSIL.Agent, a variant of MSIL.TrojanClicker.Agent.NBG, Trojan-Clicker.BDHP, W32.Agent.DP.tr, Clicker.BDHP
SNUPDATER.EXE hash:
- MD5: 1c9c30ef5c2baa04e006252271b7d3c5
Registry:- HKLM\System\CurrentControlSet\Services\Eventlog\Application\AutoBackupLogFiles: 0×00000000
- HKLM\System\CurrentControlSet\Services\Eventlog\Application\ReputationAlertUpdaterService\EventMessageFile: “%WinDir%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll”
- HKLM\System\CurrentControlSet\Services\ReputationAlertUpdaterService\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
- HKLM\System\CurrentControlSet\Services\ReputationAlertUpdaterService\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\ReputationAlertUpdaterService\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\ReputationAlertUpdaterService\ErrorControl: 0×00000001
- HKLM\System\CurrentControlSet\Services\ReputationAlertUpdaterService\ImagePath: “%Program Files%\K14R\WindowsService.exe”
- HKLM\System\CurrentControlSet\Services\ReputationAlertUpdaterService\ObjectName: “LocalSystem”
Folders:- %Program Files%\K14R
Files:- %Program Files%\K14R\snupdater.exe
- %Program Files%\K14R\uvname.conf
- %Program Files%\K14R\WindowsService.exe