I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
GETCODE.DLL – Trojan OnLineGames removal
File | MD5 | Virus Alias |
---|---|---|
GETCODE.DLL | 6f69c5c3ebbedb5610a9662886adffef | Trojan OnLineGames |
GETCODE.DLL | 6f69c5c3ebbedb5610a9662886adffef | Trojan SuspiciousFile |
GETCODE.DLL | 6f69c5c3ebbedb5610a9662886adffef | Trojan Agent |
GETCODE.DLL size: 970752 bytes
GETCODE.DLL hash: 6F69C5C3EBBEDB5610A9662886ADFFEF
Created files:
%SysDir%\mswinsck.ocx
%TEMP%\IXP000.TMP\convpic.dll
%TEMP%\IXP000.TMP\getcode.dll
%TEMP%\IXP000.TMP\mswinsck.ocx
%TEMP%\IXP000.TMP\??????.exe
Autostart registry keys:
HKLM\Software\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 : %WinDir%\System32\MSWINSCK.OCX
HKLM\Software\Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 : %WinDir%\System32\MSWINSCK.OCX
HKLM\Software\Classes\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32 : %WinDir%\System32\vbscript.dll
HKLM\Software\Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 : %WinDir%\System32\vbscript.dll
HKLM\Software\Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Classes\CLSID\{B54F3742-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 : %WinDir%\System32\vbscript.dll
HKLM\Software\Classes\CLSID\{B54F3742-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Classes\CLSID\{B54F3743-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 : %WinDir%\System32\vbscript.dll
HKLM\Software\Classes\CLSID\{B54F3743-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9} : Microsoft Windows Script 5.8
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\IsInstalled: 01000000
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\Version: 5,8,6001,18702
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\Locale: EN
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\ComponentID: MSVBScript
Detected by UnHackMe:
GETCODE.DLL
Default location: %TEMP%\IXP000.TMP\GETCODE.DLL
Dropper information:
MD5: e3e13e8e337799918554102b7185393b
File size: 576000 bytes