P1kAlMiG2Kb7Fz.exe
P1kAlMiG2Kb7Fz.exe is a virus file associated with malware threats. P1kAlMiG2Kb7Fz.exe is a part of the rogue anti-spyware applications named System Repair and System Recovery. Once your computer system is infected with P1kAlMiG2Kb7Fz.exe, your PC keeps loading a critical error. P1kAlMiG2Kb7Fz.exe makes all your desktop icons and documents to disappear. P1kAlMiG2Kb7Fz.exe can hide and change your files, remove all programs from Start Menu. It is strongly recommended to remove P1kAlMiG2Kb7Fz.exe immediately upon detection.
File System Details
P1kAlMiG2Kb7Fz.exe may create the following file(s):
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %LocalAppData%\.exe | |
2. | %Temp%\.dll | |
3. |
C:\Users\ |
|
4. | C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{92FCA38A-53CE-85FC-855A-93CEE77A02A6}-P1kAlMiG2Kb7Fz.exe detected: Trojan.Win32.FakeSysdef!IK | |
5. | %StartMenu%\Programs\ | |
6. | C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{43237D74-5335-2BEF-6FC1-7976901FB060}-P1kAlMiG2Kb7Fz.exe detected: Trojan.Win32.FakeSysdef!IK | |
7. | %UserProfile%\Desktop\.lnk | |
8. |
C:\Users\ |
Registry Details
P1kAlMiG2Kb7Fz.exe may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU "MRUList"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[RANDOM CHARACTERS].exe"
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.