DESKUN.EXE – Trojan Click removal

DESKUN.EXE size: 45056 bytes
DESKUN.EXE hash: 06A5A8411193814C776B97394AF0579B

Created files:

%Program Files%\DeskAdTop\deskipn.dll
%Program Files%\DeskAdTop\DeskUn.exe
%Program Files%\DeskAdTop\fshook.dll
%Program Files%\DeskAdTop\Mrup.exe
%Program Files%\DeskAdTop\Run.dll
%Program Files%\DeskAdTop\_uninstall
%SysDir%\cnwin.dll
%TEMP%\204.exe
%TEMP%\ad1760.exe
%TEMP%\bind_50103.exe
%TEMP%\dodolook057.exe
%TEMP%\MIS_724_0.EXE
%TEMP%\mms_724.exe
%TEMP%\setup168.exe
%TEMP%\tdsetup.exe

Autostart registry keys:

HKLM\Software\Classes\CLSID\{08A312BB-5409-49FC-9347-54BB7D069AC6}\InprocServer32 : %Program Files%\DeskAdTop\deskipn.dll
HKLM\Software\Classes\CLSID\{EC497BD8-460F-44F0-B2A4-8C2B2198035B}\InprocServer32 : %WinDir%\System32\cnwin.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\%TEMP%\tdsetup.exe: %TEMP%\tdsetup.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\%TEMP%\bind_50103.exe: %TEMP%\bind_50103.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\%TEMP%\dodolook057.exe: %TEMP%\dodolook057.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\%TEMP%\mms_724.exe: %TEMP%\mms_724.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\%TEMP%\setup168.exe: %TEMP%\setup168.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Desktop: %WinDir%\System32\rundll32.exe “%Program Files%\DeskAdTop\Run.dll” ,Rundll
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\%TEMP%\ad1760.exe: %TEMP%\ad1760.exe

Detected by UnHackMe:

DESKUN.EXE
Default location: %PROGRAM FILES%\DESKADTOP\DESKUN.EXE

Dropper information:
MD5: 1ce02e2452976b3d9cece806fe6736ec
File size: 995928 bytes