UDS:DangerousObject.Multi.Generic

UDS:DangerousObject.Multi.Generic Description

UDS:DangerousObject.Multi.Generic is a malware threat, which is often found simultaneously in a variety of locations on a corrupted PC. The most often reported location UDS:DangerousObject.Multi.Generic locates itself is Documents and Settings, commonly as a component of C drive. UDS:DangerousObject.Multi.Generic is hard to find and uninstall from the affected computer by many security applications. The detection of UDS:DangerousObject.Multi.Generic is only available for adding to exclusions, ignoring, browsing to location incorporating it, or threat description could be produced. PC users are either taken to the empty folder or cannot access the object.

Aliases: JS.Downloader.BSO [Ikarus], VBS/Dldr.Rowm.A, VBS.Siggen.7444 [DrWeb], UnclassifiedMalware [Comodo], Script.Trojan.Suspic.Pdcl, Trojan.Script.Siggen.degalj, Trojan.Script.Suspic.gen [Kaspersky], Script.Trojan.Agent.FZPT9I [GData], Win.Worm.Agent-4608 [ClamAV], JS:Downloader-BSP [Trj] [Avast], VBS/Agent.NCO, VBS.Downloader.Trojan [Symantec], Trojan.MSIL.Agent.QOJ, MSIL/Agent.QOJ!tr [Fortinet] and Trojan/Win32.Agent [AhnLab-V3].

Do You Suspect Your PC May Be Infected with UDS:DangerousObject.Multi.Generic & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like UDS:DangerousObject.Multi.Generic as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

UDS:DangerousObject.Multi.Generic creates the following file(s):
# File Name Size MD5 Detection Count
1 %SYSTEMDRIVE%\users\amir\appdata\local\b124250f-81ec-4d78-b396-a937d30d6932\9708506446.exe\9708506446.exe 598,528 799d9ab8c8505c1f27e405bf0c28a408 7,576
2 %SYSTEMDRIVE%\users\fred\appdata\local\970549c9-5ae5-42ea-bdad-c4143424994a\8374170846.exe\8374170846.exe 428,544 20c36b9b033128894aca4b343ea73c12 6,005
3 %SYSTEMDRIVE%\users\rumpl kamra\appdata\local\20c1674c-bb48-4642-a241-1e6c152abecf\6050621143.exe\6050621143.exe 493,568 0ffdd5af2faa1c40c1656808a17db8b5 4,452
4 %SYSTEMDRIVE%\Users\Vinicius\AppData\Local\Temp\3B08.tmp.exe\3B08.tmp.exe 341,504 3cfb94b9c529b516182f0580567998c5 2,775
5 %SYSTEMDRIVE%\users\bappy\appdata\local\074b75d8-9c63-4408-8bb5-dfe9c1900730\4158809208.exe\4158809208.exe 414,208 b620552de1d539aaa4534ce709d96dc0 1,947
6 %SYSTEMDRIVE%\Users\NITRO\AppData\Roaming\GFHjhvb.exe\GFHjhvb.exe 3,002,908 7929c67c6fca01decf21c71e6e9dc73d 620
7 %SYSTEMDRIVE%\Users\INVESTA NIAGA ABADI\AppData\Local\Temp\BB56.tmp.exe\BB56.tmp.exe 435,200 d4ab761ceeb9855cca7b096ae1b9928e 608
8 %SYSTEMDRIVE%\users\acer\appdata\local\db62d3bb-1ac2-47cf-a6ce-e59f89ba12b1\1495591727.exe\1495591727.exe 513,536 0b43f70e4fa6826b0df776bdcadf1202 398
9 c:\windows\system32\rkytittg\uzmmpoej.exe 14,971,392 2b4da1dcfe426440084e20f17f25a904 88
10 %ALLUSERSPROFILE%\Catalogs\mprext.exe\mprext.exe 1,983,488 bfadf0489b5962defcbd93d4399980d0 54
11 C:\Users\Privado\AppData\Roaming\fdfv.exe 133,136 10dd0dcc36c9edbc4d727f59b0438421 23
12 %SYSTEMDRIVE%\users\koye\appdata\local\1152e9c6-55c4-4b70-bcfb-849a4408ca4c\9963868907.exe 498,630 6013d81cb9b7a183fdc7476ed4cfc4b4 18
13 C:\Users\vh\Desktop\CHINAUPDATE\BYPASS\九重天论坛处理.exe 105,177,088 0253f00d10aa5ec0f15020962ddae618 15
14 C:\Users\bkmbti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NvidiaService.exe 2,614,669 c7d1652753ef2234c9d6b715887ca287 11
15 %PROGRAMFILES(x86)%\wryly\wryly.exe\wryly.exe 9,216 e3fb3fdba3d023c1f0a86002d11a3577 8
16 c:\users\test\appdata\local\temp\4261018493 - copy.exe 697,856 6b73b162a774ebf9077588c2a7c08448 3
17 c:\users\user\desktop\arsium builder\arsium ransomware builder [dll] [desktop]\arsium ransomware builder [dll] [desktop].exe 655,872 36b85cdc3e9bdc557b77b227dd9d4155 1
18 b72448af5f58e70c225ab6525126cf8b 548,352 b72448af5f58e70c225ab6525126cf8b 0
19 2868447eebdf897bdd6b7ce2a18f4609 535,040 2868447eebdf897bdd6b7ce2a18f4609 0
20 1ad16f26272b2148f2969538f40b0b5a 557,568 1ad16f26272b2148f2969538f40b0b5a 0
21 59891d3679de1d7d295353e454d579a3 1,183,248 59891d3679de1d7d295353e454d579a3 0
22 7cbd6f7662cc2f33e9647c272d0ac534 1,183,248 7cbd6f7662cc2f33e9647c272d0ac534 0
23 931138cb570fdaf0ada2692c1ab1ce48 49,664 931138cb570fdaf0ada2692c1ab1ce48 0
24 9b8232315e4b9d9a4efdab03fedca99a 3,186,688 9b8232315e4b9d9a4efdab03fedca99a 0
25 852c0299c8b17235551b5ea2c82e648b 4,341,581 852c0299c8b17235551b5ea2c82e648b 0
26 f84de0a584ae7e02fb0ffe679f96db8d 998,131 f84de0a584ae7e02fb0ffe679f96db8d 0
27 3a3bad366916aa3198fd1f76f3c29f24 501,101 3a3bad366916aa3198fd1f76f3c29f24 0
28 8f360227e7ee415ff509c2e443370e56 789,349 8f360227e7ee415ff509c2e443370e56 0
More files

Registry Details

UDS:DangerousObject.Multi.Generic creates the following registry entry or registry entries:
Regexp file mask
%ALLUSERSPROFILE%\[RANDOM CHARACTERS].scr
%ALLUSERSPROFILE%\a9d3772275\hkmoov.exe
%ALLUSERSPROFILE%\adobe.js
%ALLUSERSPROFILE%\Adobe\Licenses\ColorCodes.exe
%ALLUSERSPROFILE%\Adobe\system32\process.exe
%ALLUSERSPROFILE%\analporn.dll
%ALLUSERSPROFILE%\Application Data\[RANDOM CHARACTERS].scr
%ALLUSERSPROFILE%\Application Data\a9d3772275\hkmoov.exe
%ALLUSERSPROFILE%\Application Data\adobe.js
%ALLUSERSPROFILE%\Application Data\Adobe\Licenses\ColorCodes.exe
%ALLUSERSPROFILE%\Application Data\Adobe\System32\process.exe
%ALLUSERSPROFILE%\Application Data\analporn.dll
%ALLUSERSPROFILE%\Application Data\apps\svvhosts.exe
%ALLUSERSPROFILE%\Application Data\audio.exe
%ALLUSERSPROFILE%\Application Data\BPSUnlock.exe
%ALLUSERSPROFILE%\Application Data\cf4620d67a\hkmoov.exe
%ALLUSERSPROFILE%\Application Data\eanavigator\eanavigator.exe
%ALLUSERSPROFILE%\Application Data\hosting.exe
%ALLUSERSPROFILE%\Application Data\loader.exe
%ALLUSERSPROFILE%\Application Data\Microsoft\Network\exp.exe
%ALLUSERSPROFILE%\Application Data\Miher.exe
%ALLUSERSPROFILE%\Application Data\ms.exe
%ALLUSERSPROFILE%\Application Data\plainupdate.exe
%ALLUSERSPROFILE%\Application Data\RealtekHD\taskhost[RANDOM CHARACTERS].exe
%ALLUSERSPROFILE%\Application Data\Resef.exe
%ALLUSERSPROFILE%\Application Data\rundll\svhost.exe
%ALLUSERSPROFILE%\Application Data\search.exe
%ALLUSERSPROFILE%\Application Data\SoftwareData\sihost.exe
%ALLUSERSPROFILE%\Application Data\svc.exe
%ALLUSERSPROFILE%\Application Data\systemidle.exe
%ALLUSERSPROFILE%\Application Data\SystemService.vbs
%allusersprofile%\application data\temp[RANDOM CHARACTERS].exe
%ALLUSERSPROFILE%\Application Data\TimeManager.exe
%ALLUSERSPROFILE%\Application Data\Tirow.exe
%ALLUSERSPROFILE%\Application Data\UpdateManager.exe
%ALLUSERSPROFILE%\Application Data\updates\updl.dll
%ALLUSERSPROFILE%\Application Data\Vakers.exe
%allusersprofile%\application data\windows.bat
%ALLUSERSPROFILE%\apps\svvhosts.exe
%ALLUSERSPROFILE%\audio.exe
%ALLUSERSPROFILE%\beleza.exe
%ALLUSERSPROFILE%\BPSUnlock.exe
%ALLUSERSPROFILE%\cf4620d67a\hkmoov.exe
%ALLUSERSPROFILE%\Chr0me.exe
%ALLUSERSPROFILE%\eanavigator\eanavigator.exe
%ALLUSERSPROFILE%\hosting.exe
%allusersprofile%\images.exe
%ALLUSERSPROFILE%\load32.exe
%ALLUSERSPROFILE%\loader.exe
%ALLUSERSPROFILE%\Microsoft\Network\exp.exe
%ALLUSERSPROFILE%\Miher.exe
%ALLUSERSPROFILE%\ms.exe
%ALLUSERSPROFILE%\plainupdate.exe
%ALLUSERSPROFILE%\RealtekHD\taskhost[RANDOM CHARACTERS].exe
%ALLUSERSPROFILE%\reducenv.exe
%ALLUSERSPROFILE%\reductor.exe
%ALLUSERSPROFILE%\Resef.exe
%ALLUSERSPROFILE%\rundll\svhost.exe
%ALLUSERSPROFILE%\search.exe
%ALLUSERSPROFILE%\SoftwareData\sihost.exe
%ALLUSERSPROFILE%\Start Menu\Programs\Startup\plugin-container.exe
%ALLUSERSPROFILE%\svc.exe
%ALLUSERSPROFILE%\systemidle.exe
%ALLUSERSPROFILE%\SystemService.vbs
%allusersprofile%\temp[RANDOM CHARACTERS].exe
%ALLUSERSPROFILE%\Tirow.exe
%ALLUSERSPROFILE%\UpdateManager.exe
%ALLUSERSPROFILE%\updates\updl.dll
%ALLUSERSPROFILE%\Vakers.exe
%allusersprofile%\windows.bat
%APPADATA%\acrotray.exe
%APPDATA%\[RANDOM CHARACTERS]
%APPDATA%\[RANDOM CHARACTERS]-wchelper.dll
%APPDATA%\[RANDOM CHARACTERS].scr
%APPDATA%\[RANDOM CHARACTERS].vbs
%APPDATA%\[RANDOM CHARACTERS]srss.exe
%APPDATA%\Adobe Acrobat Services\Adobe Acrobat Services.exe
%APPDATA%\AdobeAR.exe
%APPDATA%\Autorunner.exe
%APPDATA%\Boot\CallAfterBootSystem.exe
%APPDATA%\Casocika.exe
%APPDATA%\cbvbfxcb.exe
%APPDATA%\CDRom.dll
%APPDATA%\Certificates\sibmfxsv.exe
%APPDATA%\Certificates\sishost.exe
%APPDATA%\chrome_update.exe
%appdata%\chromium caster.exe
%APPDATA%\ClientHost.exe
%APPDATA%\Config\windefender.exe
%APPDATA%\Constatplus.exe
%APPDATA%\d+.tmp.JS
%APPDATA%\DAS.exe
%APPDATA%\dgbsz.exe
%APPDATA%\dhelper.exe
%APPDATA%\dweather.dll
%APPDATA%\dynevu.exe
%APPDATA%\Eset.exe
%APPDATA%\explorer.exe
%APPDATA%\fdfbvd.exe
%APPDATA%\file_sock.exe
%APPDATA%\Filename[NUMBERS].exe
%APPDATA%\fins.exe
%appdata%\firefox utility.exe
%APPDATA%\firfox.scr
%APPDATA%\FlashPlayerVaytix.exe
%APPDATA%\googleup.exe
%appdata%\gtreefcd.exe
%APPDATA%\IFSUtilityyDLL.exe
%APPDATA%\index\index.exe
%APPDATA%\Install\Host.exe
%APPDATA%\iplog.url
%APPDATA%\Jucheckx64.exe
%APPDATA%\KoDriver\mpgvec.exe
%APPDATA%\learn\drop.exe
%APPDATA%\lol.exe
%APPDATA%\mama\un[RANDOM CHARACTERS].exe
%APPDATA%\mcpu.exe
%APPDATA%\Media\sys32.exe
%APPDATA%\mgpu.exe
%APPDATA%\microsoft audio\audiodg.exe
%APPDATA%\Microsoft\manager.exe
%APPDATA%\Microsoft\SystemCertificates\My\CTLs\Core\InterCore.exe
%APPDATA%\Microsoft\Windows\SendTo\wusa.exe
%APPDATA%\microsoft\windows\start menu\programs\images.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\arros.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\BOOT.exe.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\CARTA-COBRO.vbs
%AppData%\Microsoft\Windows\Start Menu\Programs\Startup\d+.tmp.JS
%APPDATA%\microsoft\windows\start menu\programs\startup\dead.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Driver.url
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\FACTUR[RANDOM CHARACTERS].VBS
%APPDATA%\microsoft\windows\start menu\programs\startup\java update.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\myapp.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Nvideo_driver.js
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\plugin-container.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\run.lnk
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\RuntimeBroker.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\servicas.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\startup\svchost..exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\TT_Copy.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\typeperf.url
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Worm.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\w{1,10}.tmp.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Startup\1apple.exe
%APPDATA%\MicrosoftSec.exe
%APPDATA%\MSDCSC\msdcsc.exe
%APPDATA%\MyApp\MyApp.exe
%APPDATA%\neduke.exe
%APPDATA%\null
%APPDATA%\paint.exe
%APPDATA%\PC\app.exe
%APPDATA%\Pilot.exe
%APPDATA%\radeonwin.exe
%APPDATA%\RDP.exe
%APPDATA%\regdrv.exe
%appdata%\rtgefwd.exe
%APPDATA%\Sarat.exe
%appdata%\search.exe
%APPDATA%\Security\svchost.exe
%APPDATA%\ServiceHelper.exe
%APPDATA%\sgvhost.exe
%APPDATA%\Skypez.exe
%APPDATA%\SSJK.exe
%APPDATA%\start.exe
%APPDATA%\Suporte.exe
%APPDATA%\svc.exe
%APPDATA%\svchostx64.exe
%APPDATA%\svcs.exe
%APPDATA%\svhost
%APPDATA%\SystemService.vbs
%APPDATA%\SysTrayAgent\SystemTrayAgent.exe
%APPDATA%\tasklist.exe.1
%APPDATA%\Telegram.exe
%APPDATA%\Template\App.exe
%APPDATA%\terra.exe
%APPDATA%\timetophoto.exe
%APPDATA%\tmp546.dat
%APPDATA%\TouchEnKey[RANDOM CHARACTERS].exe
%APPDATA%\update\update.exe
%APPDATA%\viddl.exe
%APPDATA%\view\viewU.exe
%APPDATA%\vsmic.exe
%APPDATA%\WindowsSearchHostFilter.exe
%APPDATA%\w{3,4}.tmp.exe
%APPDATA%\zae.exe
%COMMONPROGRAMFILES%\notepad.exe
%COMMONPROGRAMFILES%\system\srv.exe
%COMMONPROGRAMFILES%\system\sysmenu64.dll
%COMMONPROGRAMFILES(x86)%\notepad.exe
%COMMONPROGRAMFILES(x86)%\system\srv.exe
%COMMONPROGRAMFILES(x86)%\system\sysmenu64.dll
%HOMEDRIVE%\$Recycle.Bin\find_me.tmp
%HOMEDRIVE%\[NUMBERS].exe
%HOMEDRIVE%\GOOGLE[NUMBERS].exe
%HOMEDRIVE%\Intel\testing.exe
%HOMEDRIVE%\RECYCLER\find_me.tmp
%HOMEDRIVE%\System Volume\Adobe!.exe
%HOMEDRIVE%\sysupdater\sysupdater.exe
%LOCALAPPDATA%\exploit-main.dll
%LOCALAPPDATA%\explorer\explorer.exe
%LOCALAPPDATA%\GenericTools\DocBlue.exe
%LOCALAPPDATA%\GenericTools\SiSoft.exe
%LOCALAPPDATA%\GenericTools\WebSoft.exe
%LOCALAPPDATA%\JaxxLiberty\ServiceHub.IdentityHost.exe
%LOCALAPPDATA%\protect.exe
%LOCALAPPDATA%\schost.exe
%LOCALAPPDATA%\sSSDOptimizerV13.exe
%LOCALAPPDATA%\svc.exe
%LOCALAPPDATA%\svdata.exe
%LOCALAPPDATA%\svs.exe
%LOCALAPPDATA%\svsc.exe
%LOCALAPPDATA%\SystemService.vbs
%LOCALAPPDATA%\Temp/Server.exe
%LOCALAPPDATA%\vrchost.exe
%PROGRAMFILES%\[NUMBERS].exe
%PROGRAMFILES%\Win\Realtek.exe
%PROGRAMFILES%\Win\service.bat
%PROGRAMFILES%\Win\service.exe
%PROGRAMFILES%\windowsupdate\winupdate.exe
%PROGRAMFILES(x86)%\[NUMBERS].exe
%PROGRAMFILES(x86)%\Win\Realtek.exe
%PROGRAMFILES(x86)%\Win\service.bat
%PROGRAMFILES(x86)%\Win\service.exe
%PROGRAMFILES(x86)%\windowsupdate\winupdate.exe
%PUBLIC%\[RANDOM CHARACTERS].scr
%PUBLIC%\WindowsDefender.exe
%PUBLIC%\w{3,4}.exe
%SYSTEMDRIVE%\launcher.bat
%TEMP%\1payload.exe
%TEMP%\a[NUMBERS].exe
%TEMP%\cholericly.exe
%TEMP%\data7.exe
%TEMP%\decrypt0r.exe
%TEMP%\Disk.sys
%TEMP%\dllhost.exe
%TEMP%\googlehandler.exe
%TEMP%\gooogl.exe
%TEMP%\Infect.exe
%TEMP%\LUCKYGUY2NEW.exe
%TEMP%\MyApp\myapp.exe
%temp%\rat.exe
%TEMP%\ronde.dll
%TEMP%\rundll64.bat
%TEMP%\SBOTshot
%TEMP%\scrss.exe
%TEMP%\seescenicelfe.exe
%TEMP%\seescenicelfu.exe
%TEMP%\subconcious\subconcious.exe
%TEMP%\sysguard.exe
%TEMP%\sysqem[RANDOM CHARACTERS].exe
%TEMP%\System32.exe
%TEMP%\SystemService.vbs
%TEMP%\troyaj.exe
%TEMP%\Upd.exe
%TEMP%\update.vbs
%TEMP%\vam.exe
%TEMP%\xelpi[RANDOM CHARACTERS].exe
%TEMP%\xtex[RANDOM CHARACTERS].exe
%USERPROFILE%\[RANDOM CHARACTERS].scr
%USERPROFILE%\AdobeUpdate.exe
%USERPROFILE%\appdata\intbl[RANDOM CHARACTERS].app
%userprofile%\desktop\decrypt0r.exe
%USERPROFILE%\Documents\DocumentsManager.exe
%USERPROFILE%\Documents\Windows.exe
%USERPROFILE%\Downloads\blessup.exe
%userprofile%\downloads\decrypt0r.exe
%USERPROFILE%\Downloads\moritocryp.exe
%USERPROFILE%\filename.exe
%UserProfile%\Local Settings\Application Data\exploit-main.dll
%UserProfile%\Local Settings\Application Data\explorer\explorer.exe
%UserProfile%\Local Settings\Application Data\JaxxLiberty\ServiceHub.IdentityHost.exe
%UserProfile%\Local Settings\Application Data\protect.exe
%UserProfile%\Local Settings\Application Data\sSSDOptimizerV13.exe
%UserProfile%\Local Settings\Application Data\svc.exe
%UserProfile%\Local Settings\Application Data\svdata.exe
%UserProfile%\Local Settings\Application Data\svs.exe
%UserProfile%\Local Settings\Application Data\SystemService.vbs
%UserProfile%\Local Settings\Application Data\Temp/Server.exe
%USERPROFILE%\Local Settings\vrchost.exe
%USERPROFILE%\Msframework.exe
%USERPROFILE%\windefender.exe
%USERPROFILE%\winlog.exe
%USERPROFILE%\wins\bootloaders.exe
%WINDIR%\back\back.bat
%WINDIR%\csc\start.vbs
%WINDIR%\Debug\Publisher\Windows\chromes.exe
%WINDIR%\Fonts\data\services.exe
%WINDIR%\Fonts\LMS.exe
%WINDIR%\Fonts\sqlup32bit.exe
%WINDIR%\hoststools.exe
%WINDIR%\Migration\WTR\IME\iMonSet.exe
%WINDIR%\pla\system\chromes.exe
%WINDIR%\root\WinUpdate.exe
%WINDIR%\root\WinUpdats.exe
%WINDIR%\server_name.exe
%WINDIR%\servicing\starter.exe
%WINDIR%\sistem.exe
%WINDIR%\sndsvc.exe
%WINDIR%\System32\[NUMBERS].bak
%WINDIR%\system32\chunkordered.exe
%WINDIR%\system32\config\systemprofile\appdata\local\microsoft\windows\inetcache\ie\app[[NUMBERS]].exe
%WINDIR%\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\app[[NUMBERS]].exe
%WINDIR%\System32\cubanjavamommy.exe
%WINDIR%\System32\drivers\64.exe
%WINDIR%\system32\en\sclog.exe
%WINDIR%\System32\Gold Fish.scr
%WINDIR%\System32\skype.lnk
%WINDIR%\System32\Tasks\Time Trigger Task
%WINDIR%\System32\Tasks\Update[NUMBERS]
%WINDIR%\system\my1.bat
%WINDIR%\SysWOW64\[NUMBERS].bak
%WINDIR%\SysWOW64\chunkordered.exe
%WINDIR%\syswow64\cubanjavamommy.exe
%WINDIR%\SysWOW64\skype.lnk
%WINDIR%\Tasks\Time Trigger Task.job
%WINDIR%\Tasks\Update[NUMBERS].job
%WINDIR%\TEMP\clearcache.dll
%WINDIR%\temp\hey.exe
%WINDIR%\vpnplugins\servicing\ibhost.exe
%WINDIR%\win32.bat
%WINDIR%\wmmgr.exe
%WINDIR%\wmsvc.exe
Directory
%ALLUSERSPROFILE%\Application Data\Chrome 67
%ALLUSERSPROFILE%\Application Data\flashplayer
%ALLUSERSPROFILE%\Application Data\iTranslator
%ALLUSERSPROFILE%\Application Data\Microsoft\ChromeHost
%ALLUSERSPROFILE%\Application Data\migvctgvwf
%ALLUSERSPROFILE%\Application Data\mplockservice
%ALLUSERSPROFILE%\Application Data\padur
%ALLUSERSPROFILE%\Application Data\Process
%ALLUSERSPROFILE%\Application Data\subfolder
%ALLUSERSPROFILE%\Application Data\Time Manager
%ALLUSERSPROFILE%\Application Data\xgrruglcri
%ALLUSERSPROFILE%\Chrome 67
%ALLUSERSPROFILE%\CreativeAudio
%ALLUSERSPROFILE%\dellhd
%ALLUSERSPROFILE%\flashplayer
%ALLUSERSPROFILE%\gpuoptimizer
%ALLUSERSPROFILE%\ig stories downloader
%ALLUSERSPROFILE%\iTranslator
%ALLUSERSPROFILE%\Microsoft\ChromeHost
%ALLUSERSPROFILE%\migvctgvwf
%ALLUSERSPROFILE%\mplockservice
%ALLUSERSPROFILE%\padur
%ALLUSERSPROFILE%\Process
%ALLUSERSPROFILE%\softwaredata
%ALLUSERSPROFILE%\subfolder
%ALLUSERSPROFILE%\SystemNetwork
%ALLUSERSPROFILE%\Time Manager
%ALLUSERSPROFILE%\xgrruglcri
%ALLUSERSPROFILE%\ybetnetrosh
%APPDATA%\adobe\x64v8
%APPDATA%\adobe\x86v8
%APPDATA%\al files
%APPDATA%\amd64_dual
%APPDATA%\amd64_microsoft-windows-com-complus-admin
%APPDATA%\amd64_microsoft-windows-mspaint.resources
%APPDATA%\amd64_networking-mpssvc-admin
%APPDATA%\AudioDG
%APPDATA%\device association helper
%APPDATA%\Estrella
%APPDATA%\HttpFilter
%APPDATA%\Intel Rapid
%APPDATA%\kuru
%APPDATA%\lucidswapper
%APPDATA%\Microsoft\Autoroxy
%appdata%\MSOCache
%APPDATA%\Path
%APPDATA%\PresentationHost
%APPDATA%\RAVBg64
%APPDATA%\realtek sound blaster
%APPDATA%\runtimeservice
%APPDATA%\runtimeservices
%APPDATA%\Security Updater
%APPDATA%\Sys_Processes
%APPDATA%\SysDriver
%APPDATA%\TempFolderPath
%APPDATA%\terminal
%APPDATA%\TSTheme
%APPDATA%\vip72 (x86)
%APPDATA%\Win32
%APPDATA%\WinBootSystem
%APPDATA%\Wind0s
%APPDATA%\Windupdt
%APPDATA%\WinManage
%APPDATA%\x86_microsoft-windows-a..bility-assistant-db
%APPDATA%\x86_microsoft-windows-w..ement-adm.resources
%APPDATA%\Yl9dVUAx
%APPDATA%\zupdater
%HOMEDRIVE%\fsurlpmo
%HOMEDRIVE%\nvidiareatek
%HOMEDRIVE%\Systemsolumsnformation
%LOCALAPPDATA%\_foldernamelocalappdata_
%LOCALAPPDATA%\adddeskmodule
%LOCALAPPDATA%\devrew
%LOCALAPPDATA%\hili
%LOCALAPPDATA%\ILBridge
%LOCALAPPDATA%\intelmx
%LOCALAPPDATA%\NtvHost
%LOCALAPPDATA%\Path
%LOCALAPPDATA%\SysDriver
%LOCALAPPDATA%\VzEujvQEZT
%LOCALAPPDATA%\windowsw0w32
%PROGRAMFILES%\Brek
%PROGRAMFILES%\Charkoucha
%PROGRAMFILES%\chrome extension manager
%PROGRAMFILES%\DreamTrips
%PROGRAMFILES%\Fetmich
%PROGRAMFILES%\fyunzip
%PROGRAMFILES%\Gazouza
%PROGRAMFILES%\MLeemHqgAGUn
%PROGRAMFILES%\ouxonpaar
%PROGRAMFILES%\rabbit66
%PROGRAMFILES%\Seed Trade
%PROGRAMFILES%\systimizer
%PROGRAMFILES%\TeenupExamClient
%PROGRAMFILES%\US Media Capital
%PROGRAMFILES%\WW
%PROGRAMFILES(x86)%\Brek
%PROGRAMFILES(x86)%\Charkoucha
%PROGRAMFILES(x86)%\chrome extension manager
%PROGRAMFILES(x86)%\DreamTrips
%PROGRAMFILES(x86)%\Fetmich
%PROGRAMFILES(x86)%\fyunzip
%PROGRAMFILES(x86)%\Gazouza
%PROGRAMFILES(x86)%\MLeemHqgAGUn
%PROGRAMFILES(x86)%\ouxonpaar
%PROGRAMFILES(x86)%\rabbit66
%PROGRAMFILES(x86)%\Seed Trade
%PROGRAMFILES(x86)%\systimizer
%PROGRAMFILES(x86)%\TeenupExamClient
%PROGRAMFILES(x86)%\US Media Capital
%PROGRAMFILES(x86)%\WW
%TEM%\subx
%TEMP%\appventvirtualization
%TEMP%\sdfr
%TEMP%\Skyp
%UserProfile%\AppData\LocalLow\LIdrscGAPoBhw
%UserProfile%\AppData\LocalLow\xHLLMjruyIoAv
%USERPROFILE%\Documents\SystemServices Inc
%UserProfile%\Local Settings\Application Data\_foldernamelocalappdata_
%UserProfile%\Local Settings\Application Data\adddeskmodule
%UserProfile%\Local Settings\Application Data\ILBridge
%UserProfile%\Local Settings\Application Data\NtvHost
%UserProfile%\Local Settings\Application Data\SysDriver
%UserProfile%\Local Settings\Application Data\VzEujvQEZT
%USERPROFILE%\LockScreenContentServer
%USERPROFILE%\sadsg
%USERPROFILE%\scksk
%USERPROFILE%\subfolder
%USERPROFILE%\UpdateNotificationMgr
%WINDIR%\iTranslator
%WINDIR%\temp\a75399f6-f026-4fb5-ada3-68d832bcffd3-sigs
%WINDIR%\Temp\FA5399F6-F026-4FGF-ADA3-68DD97
File name without path
$RECYCLE.BIN.exe
[activator].exe
adsseed.exe
bijaweed.exe
brtvr3ef.exe
cdplayerassistv10.exe
cdplayerassistv2.exe
cdplayerassistv8.exe
Initcealize_User_Profile_0.bat
micorosoft service manager.exe
microsoft service manager.exe
n.vbs
Oh Shit.exe
ppplayerv3.0.tmp
seescenicelfb.exe
seescenicelfq.exe
seescenicelfx.exe
Serives32.vbs
system.exe.exe
system.exe2.exe
system3_.exe
XHeate3r.exe
youareanidiot.exe
Registry key
Software\Cryptbot Software
Software\Microsoft\Windows\CurrentVersion\Run\CortanaServices
Software\Microsoft\Windows\CurrentVersion\Run\Local Security Authority Subsystem Service
Software\Microsoft\Windows\CurrentVersion\Run\startupname
Software\Microsoft\Windows\Run\CurrentVersion
Software\US-Media Capital
Software\{C6D7ED1A-6343-4C1B-8AEC-2C36D31D7863}
SYSTEM\ControlSet001\Services\NetfilterSvc
SYSTEM\ControlSet002\Services\NetfilterSvc
SYSTEM\CurrentControlSet\Services\NetfilterSvc
Uninstaller
eweew3grthrtvew_is1
{13E374E4-E610-4F9E-ACC4-E461DA17D869}_is1
{20A12947-909E-45F0-957B-8C23100E11A1}_is1
{5082A4DA-0AA4-4C83-803B-1768F904FDB6}_is1
{5BAD1C8A-1F21-4AF6-B1F1-A51AEC0AF2D4}_is1
{97BF2403-89E3-46B1-A06F-78737FC8EC68}_is1
{A85872A1-C7D3-48C2-8E83-8CFDE1A90A97}_is1
{B6AFEAB8-DEEA-4147-8E70-D7733B5F7548}_is1
{C058636C-2C48-4F5D-A933-7CCCD0C7F4EF}_is1
{D6EDC6EC-5CF5-4407-9E7E-1E32326B68A0}_is1

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.