Solved! Use DISTNOTED.EXE (Unknown) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

DISTNOTED.EXE – Unknown removal

DISTNOTED.EXE size: 13672 bytes
DISTNOTED.EXE hash: 7539D96A5AE8A59DAB8C024A7F820514

Created files:

C:\killok\KillOK.exe
%Program Files%\Apple Software Update\ijrazyiya.iby
%Program Files Common%\Apple\Apple Application Support\brrararqq.jyz
%Program Files Common%\Apple\Apple Application Support\bzbyqqjby.jzb
%Program Files Common%\Apple\Apple Application Support\defaults.exe
%Program Files Common%\Apple\Apple Application Support\distnoted.exe
%Program Files Common%\Apple\Apple Application Support\qyajqiaqj.jrr
%Program Files Common%\Microsoft Shared\MSInfo\yjayayara.bri
%Program Files%\Mozilla Firefox\bzbyqqjby.jzbararqq.jyzayayara.bri
%Program Files%\Mozilla Firefox\qyajqiaqj.jrr
%Program Files%\Mozilla Firefox\rrziiirrq.yra
%Program Files%\Mozilla Firefox\uninstall\helper.exe
%Program Files%\Mozilla Firefox\zqyjaaari.zar
%Program Files%\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe
%Program Files%\MSN\MSNCoreFiles\Install\msnsusii.exe
%Program Files%\MSN Gaming Zone\Windows\ijrazyiya.ibyb
%Program Files%\MSN Gaming Zone\Windows\qyajqiaqj.jrrb
%Program Files%\MSN Gaming Zone\Windows\rrziiirrq.yra
%Program Files%\MSN Gaming Zone\Windows\zqyjaaari.zarb
%Program Files%\NetMeeting\brrararqq.jyzrrziiirrq.yra
%Program Files%\NetMeeting\bzbyqqjby.jzbrrziiirrq.yra
%Program Files%\NetMeeting\yjayayara.brirrziiirrq.yra
%Program Files%\Opera\azzzariby.qaba.brirrziiirrq.yra
%Program Files%\Opera\program\netscape.exe
%Program Files%\Outlook Express\brrararqq.jyzirrq.yra
%Program Files%\Outlook Express\bzbyqqjby.jzbirrq.yra
%Program Files%\Outlook Express\qyajqiaqj.jrrirrq.yra
%Program Files%\Outlook Express\setup50.exe
%Program Files%\Outlook Express\zqyjaaari.zarirrq.yra
%Program Files%\Safari\yjayayara.briqqjby.jzbirrq.yra
%Program Files%\Windows Media Player\azzzariby.qabyra
%Program Files%\Windows Media Player\ijrazyiya.iby
%Program Files%\Windows Media Player\qyajqiaqj.jrr
%Program Files%\Windows NT\Accessories\zqyjaaari.zara
%Program Files%\Windows NT\Pinball\brrararqq.jyz.zara
%Program Files%\Windows NT\rrziiirrq.yra
%WinDir%\xwrm.exe
%Common AppData%\Apple Computer\Installer Cache\Safari 5.34.52.7\SetupAdmin.exe
%Local AppData%\Google\Chrome\Application\17.0.963.56\chrome_frame_helper.exe
%Local AppData%\Google\Chrome\Application\17.0.963.56\chrome_launcher.exe
%Local AppData%\Google\Chrome\Application\17.0.963.56\Installer\qyajqiaqj.jrr
%Local AppData%\Google\Chrome\Application\17.0.963.56\zqyjaaari.zarjqiaqj.jrr
%Local AppData%\Google\Chrome\Application\17.0.963.79\chrome_frame_helper.exe
%Local AppData%\Google\Chrome\Application\17.0.963.79\chrome_launcher.exe
%Local AppData%\Google\Chrome\Application\17.0.963.79\Installer\bzbyqqjby.jzb
%Local AppData%\Google\Chrome\Application\17.0.963.79\nacl64.exe
%Local AppData%\Google\Chrome\Application\chrome.exe
%Local AppData%\Google\Update\1.3.29.1\azzzariby.qab
%Local AppData%\Google\Update\1.3.29.1\brrararqq.jyz
%Local AppData%\Google\Update\1.3.29.1\bzbyqqjby.jzb
%Local AppData%\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
%Local AppData%\Google\Update\1.3.29.1\ijrazyiya.iby
%Local AppData%\Google\Update\1.3.29.1\rrziiirrq.yra
%Local AppData%\Google\Update\1.3.29.1\yjayayara.bri
%Local AppData%\Google\Update\1.3.29.1\zqyjaaari.zar
%Local AppData%\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.29.1\ijrazyiya.iby
%Local AppData%\Google\Update\qyajqiaqj.jrr
%Temp%\GUMC1.tmp\brrararqq.jyz
%Temp%\GUMC1.tmp\bzbyqqjby.jzb
%Temp%\GUMC1.tmp\GoogleCrashHandler64.exe
%Temp%\GUMC1.tmp\yjayayara.bri
%Temp%\GUMC1.tmp\zqyjaaari.zar
%Temp%\qjabqr.jby.bri
%Temp%\{DEA4CC8E-1159-466C-95D6-23DCAE20CBCC}\azzzariby.qab
%Temp%\{DEA4CC8E-1159-466C-95D6-23DCAE20CBCC}\GoogleCrashHandler64.exe
%Temp%\{DEA4CC8E-1159-466C-95D6-23DCAE20CBCC}\qyajqiaqj.jrr
%Temp%\{DEA4CC8E-1159-466C-95D6-23DCAE20CBCC}\rrziiirrq.yra
%Temp%\{DEA4CC8E-1159-466C-95D6-23DCAE20CBCC}\zqyjaaari.zar
%Personal%\azzzariby.qab

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\x32x: %WinDir%\xwrm.exe

Detected by UnHackMe:

DISTNOTED.EXE
Default location: %PROGRAM FILES COMMON%\APPLE\APPLE APPLICATION SUPPORT\DISTNOTED.EXE

Dropper information:
MD5: d6860a8d5f45201ffc46befbd9521640
File size: 41984 bytes

Leave a Reply