Solved! Use T8RES.DLL (Trojan Artemis) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

T8RES.DLL – Trojan Artemis removal

FileMD5Virus Alias
T8RES.DLL 21a1cc32e2ecbb04b6e0088b33290f65 Trojan Artemis
T8RES.DLL 21a1cc32e2ecbb04b6e0088b33290f65 Adware MyWebSearch
T8RES.DLL 21a1cc32e2ecbb04b6e0088b33290f65 Trojan SuspiciousFile

T8RES.DLL size: 197000 bytes
T8RES.DLL hash: 21A1CC32E2ECBB04B6E0088B33290F65

Created files:

%Program Files%\CouponXplorer_5z\bar\1.bin\5zauxstb.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zauxstb64.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zbar.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe
%Program Files%\CouponXplorer_5z\bar\1.bin\5zbprtct.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zbrmon.exe
%Program Files%\CouponXplorer_5z\bar\1.bin\5zbrmon64.exe
%Program Files%\CouponXplorer_5z\bar\1.bin\5zbrstub.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zbrstub64.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zdatact.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zdlghk.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zdlghk64.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zfeedmg.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zhighin.exe
%Program Files%\CouponXplorer_5z\bar\1.bin\5zhkstub.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zhtmlmu.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zhttpct.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zidle.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zieovr.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zmedint.exe
%Program Files%\CouponXplorer_5z\bar\1.bin\5zmlbtn.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zPlugin.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zradio.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zregfft.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zreghk.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zregiet.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zscript.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zskin.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zskplay.exe
%Program Files%\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe
%Program Files%\CouponXplorer_5z\bar\1.bin\5zsrchmr.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\5ztpinst.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\APPINTEGRATOR.EXE
%Program Files%\CouponXplorer_5z\bar\1.bin\AppIntegrator64.exe
%Program Files%\CouponXplorer_5z\bar\1.bin\APPINTEGRATORSTUB.DLL
%Program Files%\CouponXplorer_5z\bar\1.bin\AppIntegratorStub64.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\ASSISTMONITOR.DLL
%Program Files%\CouponXplorer_5z\bar\1.bin\ASSISTMONITOR64.DLL
%Program Files%\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
%Program Files%\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
%Program Files%\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
%Program Files%\CouponXplorer_5z\bar\1.bin\CREXT.DLL
%Program Files%\CouponXplorer_5z\bar\1.bin\CrExtP5z.exe
%Program Files%\CouponXplorer_5z\bar\1.bin\DPNMNGR.DLL
%Program Files%\CouponXplorer_5z\bar\1.bin\EXEMANAGER.DLL
%Program Files%\CouponXplorer_5z\bar\1.bin\FF-NativeMessagingDispatcher.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\Hpg64.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\NP5zStub.dll
%Program Files%\CouponXplorer_5z\bar\1.bin\T8EPMSUP.DLL
%Program Files%\CouponXplorer_5z\bar\1.bin\T8EXTEX.DLL
%Program Files%\CouponXplorer_5z\bar\1.bin\T8EXTPEX.DLL
%Program Files%\CouponXplorer_5z\bar\1.bin\T8HTML.DLL
%Program Files%\CouponXplorer_5z\bar\1.bin\T8RES.DLL
%Program Files%\CouponXplorer_5z\bar\1.bin\T8TICKER.DLL
%Program Files%\CouponXplorer_5z\bar\1.bin\TPIMANAGERCONSOLE.EXE
%Program Files%\CouponXplorer_5z\bar\1.bin\UNIFIEDLOGGING.DLL
%Program Files%\CouponXplorer_5z\bar\1.bin\VERIFY.DLL
%Temp%\00004eacT8SETUP.EXE
%Temp%\00004eacT8SETUP.EX_

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\CouponXplorer_5zService\Type: 10000000
HKLM\System\CurrentControlSet\Services\CouponXplorer_5zService\Start: 02000000
HKLM\System\CurrentControlSet\Services\CouponXplorer_5zService\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\CouponXplorer_5zService\DisplayName: CouponXplorerService
HKLM\System\CurrentControlSet\Services\CouponXplorer_5zService\ImagePath: %Program Files%\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe

Detected by UnHackMe:

T8RES.DLL
Default location: %PROGRAM FILES%\COUPONXPLORER_5Z\BAR\1.BIN\T8RES.DLL

Dropper information:
MD5: 2c836022215a52a8e3b39653bfc9aca0
File size: 6072712 bytes

Leave a Reply