I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
SETUP1.EXE – Trojan SuspiciousFile removal
File | MD5 | Virus Alias |
---|---|---|
SETUP1.EXE | 020fe8d5a3dfe5bdf974ed735bad0a81 | Trojan SuspiciousFile |
SETUP1.EXE size: 71168 bytes
SETUP1.EXE hash: 020FE8D5A3DFE5BDF974ED735BAD0A81
Created files:
%WinDir%\SETUP.LST
%WinDir%\setup1.exe
%WinDir%\ST5UNST.000
%WinDir%\ST5UNST.EXE
%SysDir%\VB5CHS.dll
%SysDir%\VB5StKit.dll
%Temp%\WZSE0.TMP\AsycFilt.dl_
%Temp%\WZSE0.TMP\chinesebig5.ln_
%Temp%\WZSE0.TMP\chinesegb2312.ln_
%Temp%\WZSE0.TMP\chmdecompiler.ht_
%Temp%\WZSE0.TMP\chmdecompiler.xm_
%Temp%\WZSE0.TMP\ComCat.dl_
%Temp%\WZSE0.TMP\COMCTL32.OC_
%Temp%\WZSE0.TMP\Ctl3d32.dl_
%Temp%\WZSE0.TMP\dirindex.cs_
%Temp%\WZSE0.TMP\ebook01.ht_
%Temp%\WZSE0.TMP\ebook02.ht_
%Temp%\WZSE0.TMP\ebook03.ht_
%Temp%\WZSE0.TMP\ebook04.ht_
%Temp%\WZSE0.TMP\ebook05.ht_
%Temp%\WZSE0.TMP\ebook06.ht_
%Temp%\WZSE0.TMP\ebook07.ht_
%Temp%\WZSE0.TMP\english.ln_
%Temp%\WZSE0.TMP\eTextWizard.ex_
%Temp%\WZSE0.TMP\etextwizard.ht_
%Temp%\WZSE0.TMP\etextwizard.xm_
%Temp%\WZSE0.TMP\ewHelp.ch_
%Temp%\WZSE0.TMP\ewhelpBig5.ch_
%Temp%\WZSE0.TMP\hcrtf.ex_
%Temp%\WZSE0.TMP\hh.ex_
%Temp%\WZSE0.TMP\HHA.DL_
%Temp%\WZSE0.TMP\hhc.ex_
%Temp%\WZSE0.TMP\hwdll.dl_
%Temp%\WZSE0.TMP\itcc.dl_
%Temp%\WZSE0.TMP\Ms Files.tx_
%Temp%\WZSE0.TMP\Ms FilesBig5.tx_
%Temp%\WZSE0.TMP\MSVBVM50.dl_
%Temp%\WZSE0.TMP\mywinpy.da_
%Temp%\WZSE0.TMP\OleAut32.dl_
%Temp%\WZSE0.TMP\OlePro32.dl_
%Temp%\WZSE0.TMP\ReadmeBig5.htm_
%Temp%\WZSE0.TMP\ReadmeGB.htm_
%Temp%\WZSE0.TMP\SETUP.EXE
%Temp%\WZSE0.TMP\SETUP.LST
%Temp%\WZSE0.TMP\setup1.ex_
%Temp%\WZSE0.TMP\ST5UNST.EX_
%Temp%\WZSE0.TMP\StdOle2.tl_
%Temp%\WZSE0.TMP\TabCtCHS.dl_
%Temp%\WZSE0.TMP\TABCTL32.OC_
%Temp%\WZSE0.TMP\Technical_Support.ur_
%Temp%\WZSE0.TMP\Technical_Support2.ur_
%Temp%\WZSE0.TMP\unwc.ht_
%Temp%\WZSE0.TMP\unwc.xm_
%Temp%\WZSE0.TMP\VB5CHS.dl_
%Temp%\WZSE0.TMP\VB5StKit.dl_
%Temp%\WZSE0.TMP\Web_Site.ur_
%Temp%\WZSE0.TMP\Web_Site2.ur_
%Temp%\WZSE0.TMP\zipghost.ht_
%Temp%\WZSE0.TMP\zipghost.xm_
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\EventLog\Application\VBRuntime\EventMessageFile: %WinDir%\System32\MSVBVM50.dll
HKLM\System\CurrentControlSet\Services\EventLog\Application\VBRuntime\TypesSupported: 04000000
Detected by UnHackMe:
SETUP1.EXE
Default location: %WinDir%\SETUP1.EXE
Dropper information:
MD5: 0e747c169c6f4b1e5444a3449e48e927
File size: 3726848 bytes