WINZIPPERDL.EXE – Trojan Artemis removal

WINZIPPERDL.EXE size: 268336 bytes
WINZIPPERDL.EXE hash: 9EB970A174957EE3690640DBB91D2F72

Created files:

%TEMP%\Desk365\Desk_365\accelerate
%TEMP%\Desk365\Desk_365\Desk365.exe
%TEMP%\Desk365\Desk_365\DeskExternal.exe
%TEMP%\Desk365\Desk_365\DeskSvc.exe
%TEMP%\Desk365\Desk_365\ebase.dll
%TEMP%\Desk365\Desk_365\edeskcmn.dll
%TEMP%\Desk365\Desk_365\eDhelper.exe
%TEMP%\Desk365\Desk_365\eDhelper64.exe
%TEMP%\Desk365\Desk_365\edis.dll
%TEMP%\Desk365\Desk_365\edis64.dll
%TEMP%\Desk365\Desk_365\ElexDbg.dll
%TEMP%\Desk365\Desk_365\enotify.dll
%TEMP%\Desk365\Desk_365\eUninstall.exe
%TEMP%\Desk365\Desk_365\firstrun
%TEMP%\Desk365\Desk_365\libpng.dll
%TEMP%\Desk365\Desk_365\libpopdlg.dll
%TEMP%\Desk365\Desk_365\main
%TEMP%\Desk365\Desk_365\mbdet.dll
%TEMP%\Desk365\Desk_365\ouilibnl.dll
%TEMP%\Desk365\Desk_365\replacegc
%TEMP%\Desk365\Desk_365\TrayDownloader.exe
%TEMP%\Desk365\Desk_365\uninstaller\eDesk.inst
%TEMP%\Desk365\Desk_365\uninstaller\gamelogin.inst
%TEMP%\Desk365\Desk_365\WinZipperdl.exe
%TEMP%\Desk365\Desk_365\yacdl.exe
%TEMP%\Desk365\Desk_365\zlib1.dll
%TEMP%\Desk365\eInstall\eInstall.exe
%TEMP%\Desk365\eInstall\Install\4zip.inst
%TEMP%\Desk365\eInstall\Install\AirZip.inst
%TEMP%\Desk365\eInstall\Install\edesk.inst
%TEMP%\Desk365\eInstall\Install\gamelogin.inst
%TEMP%\Desk365\eInstall\main
%TEMP%\Desk365\eInstall\msvcp100.dll
%TEMP%\Desk365\eInstall\msvcr100.dll
%TEMP%\installer.7z

Detected by UnHackMe:

WINZIPPERDL.EXE
Default location: %TEMP%\DESK365\DESK_365\WINZIPPERDL.EXE

Dropper information:
MD5: 7c211246ecf0fc15f0a938f2bbc49083
File size: 4491312 bytes