Solved! Use UPDATER.EXE (Trojan FakeAV) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

UPDATER.EXE – Trojan FakeAV removal

FileMD5Virus Alias
UPDATER.EXE 6ef91ab4765e28986895ab8872db5aca Trojan FakeAV
UPDATER.EXE 6ef91ab4765e28986895ab8872db5aca Trojan Generic
UPDATER.EXE 6ef91ab4765e28986895ab8872db5aca Trojan Downloader

UPDATER.EXE size: 651264 bytes
UPDATER.EXE hash: 6EF91AB4765E28986895AB8872DB5ACA

Created files:

%Program Files%\ErrorSafe Free\EmtERSF.exe
%Program Files%\ErrorSafe Free\ESSPChck.dll
%Program Files%\ErrorSafe Free\FlFxr15.dll
%Program Files%\ErrorSafe Free\FRec.dll
%Program Files%\ErrorSafe Free\FWraper.dll
%Program Files%\ErrorSafe Free\FxCore.dll
%Program Files%\ErrorSafe Free\InstHelp.exe
%Program Files%\ErrorSafe Free\MMFx.dll
%Program Files%\ErrorSafe Free\uers.exe
%Program Files%\ErrorSafe Free\unins000.exe
%Program Files%\ErrorSafe Free\Updater.exe
%SysDir%\atl71.dll
%SysDir%\mfc71.dll
%SysDir%\msvcp71.dll
%SysDir%\msvcr71.dll
%Temp%\ErrorSafeScannerSetup.exe

Autostart registry keys:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Error Safe Free: %Program Files%\ErrorSafe Free\uers.exe /scan

Detected by UnHackMe:

UPDATER.EXE
Default location: %PROGRAM FILES%\ERRORSAFE FREE\UPDATER.EXE

Dropper information:
MD5: 05bd88a1e30b455386568c9654ec00d1
File size: 2229968 bytes

Leave a Reply