I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
We received the file PRICEMMINUOS.EXE and detected that PRICEMMINUOS.EXE is not good.
PRICEMMINUOS.EXE is Adware. You should remove the file PRICEMMINUOS.EXE.
Kill the process PRICEMMINUOS.EXE and remove PRICEMMINUOS.EXE from Windows.
Malware Analysis of PriceMinus
Full path on a computer: %Program Files%\PriceMMinuos\PriceMMinuos.exe
Detected by UnHackMe:
PRICEMMINUOS.EXE
Default location: %Program Files%\PriceMMinuos\PriceMMinuos.exe
Removal Results: Success
Number of reboot: 1
PRICEMMINUOS.EXE is known as:
Adware.PUP.Multiplug.FUX
PRICEMMINUOS.EXE hash:
- MD5: 5254a99e574fbc25e990b43c986c4814
The file tries to connect to the dangerous web site.
How to quickly detect PRICEMMINUOS.EXE presence?
Registry:
Registry:- HKLM\Software\Classes\CLSID\{BFBF6EE3-D8E9-427A-82AF-867967C3E80E}\InprocServer32\: “%Program Files%\bestadblocker\hmOSt5Nr87RjH2.dll”
- HKLM\Software\Classes\CLSID\{F45D021B-B3A7-419F-9C0C-1375446A4190}\InprocServer32\: “%Program Files%\PriceMinus\KmFsCwgDUPnTxZ.dll”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}\DisplayName: “PriceMinus”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}\UninstallString: “”%Program Files%\PriceMinus\KmFsCwgDUPnTxZ.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “””
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ac0423ae}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL”,_uninstall /un”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ac0423ae}\DisplayName: “SegmentSegment”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\DisplayName: “bestadblocker”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\UninstallString: “”%Program Files%\bestadblocker\hmOSt5Nr87RjH2.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “””
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}\DisplayName: “IP Address and Domain Information”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}\UninstallString: “”%Program Files%\IP Address and Domain Information\IP Address and Domain Information.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “””
- HKLM\System\CurrentControlSet\Services\ac0423ae\ImagePath: “”%SysDir%\rundll32.exe” “c:\Program Files\SystemPlus\SystemPlus.dll”,serv”
- HKLM\System\CurrentControlSet\Services\ac0423ae\DisplayName: “SystemPlus”
Folders:
- %Program Files%\bestadblocker
- %Program Files%\IP Address and Domain Information
- %Program Files%\PriceMinus
- %Program Files%\PriceMMinuos
- %Program Files%\SystemPlus
Files:
- %Program Files%\bestadblocker\hmOSt5Nr87RjH2.dat
- %Program Files%\bestadblocker\hmOSt5Nr87RjH2.dll
- %Program Files%\bestadblocker\hmOSt5Nr87RjH2.exe
- %Program Files%\bestadblocker\hmOSt5Nr87RjH2.tlb
- %Program Files%\IP Address and Domain Information\IP Address and Domain Information.dat
- %Program Files%\IP Address and Domain Information\IP Address and Domain Information.exe
- %Program Files%\PriceMinus\KmFsCwgDUPnTxZ.dat
- %Program Files%\PriceMinus\KmFsCwgDUPnTxZ.dll
- %Program Files%\PriceMinus\KmFsCwgDUPnTxZ.exe
- %Program Files%\PriceMinus\KmFsCwgDUPnTxZ.tlb
- %Program Files%\PriceMMinuos\PriceMMinuos.dat
- %Program Files%\PriceMMinuos\PriceMMinuos.exe
- %Program Files%\SystemPlus\SystemPlus.dll
- %WinDir%\Tasks\Bidaily Synchronize Task[pr].job
Logging you in...
Loading IntenseDebate Comments...