SAFELYREMOVE.USB.SAFELY.REMOVE.V4.1.4.794.BETA.WIN2KXPVISTA.CRACKED-CRD.EXE – Trojan SuspiciousFile

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

SAFELYREMOVE.USB.SAFELY.REMOVE.V4.1.4.794.BETA.WIN2KXPVISTA.CRACKED-CRD.EXE – Trojan SuspiciousFile removal

FileMD5Virus Alias
SAFELYREMOVE.USB.SAFELY.REMOVE.V4.1.4.794.BETA.WIN2KXPVISTA.CRACKED-CRD.EXE 9c9f1f7d0f7e939a74c0dbc62fdb2eec Trojan SuspiciousFile
SAFELYREMOVE.USB.SAFELY.REMOVE.V4.1.4.794.BETA.WIN2KXPVISTA.CRACKED-CRD.EXE 9c9f1f7d0f7e939a74c0dbc62fdb2eec Trojan Chifrax

SAFELYREMOVE.USB.SAFELY.REMOVE.V4.1.4.794.BETA.WIN2KXPVISTA.CRACKED-CRD.EXE size: 4656533 bytes
SAFELYREMOVE.USB.SAFELY.REMOVE.V4.1.4.794.BETA.WIN2KXPVISTA.CRACKED-CRD.EXE hash: 9C9F1F7D0F7E939A74C0DBC62FDB2EEC

Created files:

%Program Files%\Yqaxu\Icicy.exe
%Program Files%\Yqaxu\Ioicw.exe
%Program Files%\Yqaxu\Iuxn\Ioik.dll
%TEMP%\g8C7\SafelyRemove.USB.Safely.Remove.v4.1.4.794.BETA.Win2kXPVista.Cracked-CRD.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\OALX\Start: 02000000
HKLM\System\CurrentControlSet\Services\OALX\Type: 10000000
HKLM\System\CurrentControlSet\Services\OALX\Description: Data Online Transaction Processing Module
HKLM\System\CurrentControlSet\Services\OALX\DisplayName: Data Online Transaction Processing Module
HKLM\System\CurrentControlSet\Services\OALX\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\OALX\Group: TDI
HKLM\System\CurrentControlSet\Services\OALX\ObjectName: LocalSystem
HKLM\System\CurrentControlSet\Services\OALX\ImagePath: %Program Files%\Yqaxu\Ioicw.exe

Detected by UnHackMe:

SAFELYREMOVE.USB.SAFELY.REMOVE.V4.1.4.794.BETA.WIN2KXPVISTA.CRACKED-CRD.EXE
Default location: %TEMP%\G8C7\SAFELYREMOVE.USB.SAFELY.REMOVE.V4.1.4.794.BETA.WIN2KXPVISTA.CRACKED-CRD.EXE

Dropper information:
MD5: da59ceca34de9de680aac4317947b4c2
File size: 6601350 bytes

Leave a Reply