I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
We received the file HMOST5NR87RJH2.EXE and detected that HMOST5NR87RJH2.EXE is not good.
HMOST5NR87RJH2.EXE is Adware. You should remove the file HMOST5NR87RJH2.EXE.
Kill the process HMOST5NR87RJH2.EXE and remove HMOST5NR87RJH2.EXE from Windows.
Malware Analysis of BestAdBlocker
Full path on a computer: %Program Files%\bestadblocker\hmOSt5Nr87RjH2.exe
Detected by UnHackMe:
HMOST5NR87RJH2.EXE
Default location: %Program Files%\bestadblocker\hmOSt5Nr87RjH2.exe
Removal Results: Success
Number of reboot: 1
HMOST5NR87RJH2.EXE is known as:
Adware.PUP.Multiplug.FUX
HMOST5NR87RJH2.EXE hash:
- MD5: be6ff3fbc493563530499b60a0067445
The file tries to download information from some web sites.
How to quickly detect HMOST5NR87RJH2.EXE presence?
Registry:
- HKLM\Software\Classes\CLSID\{BFBF6EE3-D8E9-427A-82AF-867967C3E80E}\InprocServer32\: “%Program Files%\bestadblocker\hmOSt5Nr87RjH2.dll”
- HKLM\Software\Classes\CLSID\{F45D021B-B3A7-419F-9C0C-1375446A4190}\InprocServer32\: “%Program Files%\PriceMinus\KmFsCwgDUPnTxZ.dll”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}\DisplayName: “PriceMinus”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}\UninstallString: “”%Program Files%\PriceMinus\KmFsCwgDUPnTxZ.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “””
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ac0423ae}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL”,_uninstall /un”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ac0423ae}\DisplayName: “SegmentSegment”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\DisplayName: “bestadblocker”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\UninstallString: “”%Program Files%\bestadblocker\hmOSt5Nr87RjH2.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “””
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}\DisplayName: “IP Address and Domain Information”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}\UninstallString: “”%Program Files%\IP Address and Domain Information\IP Address and Domain Information.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “””
- HKLM\System\CurrentControlSet\Services\ac0423ae\ImagePath: “”%SysDir%\rundll32.exe” “c:\Program Files\SystemPlus\SystemPlus.dll”,serv”
- HKLM\System\CurrentControlSet\Services\ac0423ae\DisplayName: “SystemPlus”
Folders:
- %Program Files%\bestadblocker
- %Program Files%\IP Address and Domain Information
- %Program Files%\PriceMinus
- %Program Files%\PriceMMinuos
- %Program Files%\SystemPlus
Files:
- %Program Files%\bestadblocker\hmOSt5Nr87RjH2.dat
- %Program Files%\bestadblocker\hmOSt5Nr87RjH2.dll
- %Program Files%\bestadblocker\hmOSt5Nr87RjH2.exe
- %Program Files%\bestadblocker\hmOSt5Nr87RjH2.tlb
- %Program Files%\IP Address and Domain Information\IP Address and Domain Information.dat
- %Program Files%\IP Address and Domain Information\IP Address and Domain Information.exe
- %Program Files%\PriceMinus\KmFsCwgDUPnTxZ.dat
- %Program Files%\PriceMinus\KmFsCwgDUPnTxZ.dll
- %Program Files%\PriceMinus\KmFsCwgDUPnTxZ.exe
- %Program Files%\PriceMinus\KmFsCwgDUPnTxZ.tlb
- %Program Files%\PriceMMinuos\PriceMMinuos.dat
- %Program Files%\PriceMMinuos\PriceMMinuos.exe
- %Program Files%\SystemPlus\SystemPlus.dll
- %WinDir%\Tasks\Bidaily Synchronize Task[pr].job