I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
Worm AMN
Also known as: Trojan Agent
SHA256: 663c60400c7adeed8ecb508c33abe9faa8133724cdd0493722821836a5a103a3
SHA1: 58d4035e84d9a71da4dc961c340dcf2324ed28f9
MD5: 67dc0cfdf6e54c955f36917fc116da87
File size: 735336 bytes
Created files:
%Program Files%\SelectRebates\SelectRebates.exe – Worm AMN
%Program Files%\SelectRebates\SelectRebatesApi.exe – Worm AMN
%Program Files%\SelectRebates\SelectRebatesDownload.exe – Worm AMN
%Program Files%\SelectRebates\SelectRebatesUninstall.exe – Worm AMN
%Program Files%\SelectRebates\SRebates.dll – Worm AMN
%Program Files%\SelectRebates\SRFF3.dll – Worm AMN
%Program Files%\SelectRebates\Toolbar\ShopAtHomeToolbar.dll – Worm AMN
%Temp%\O42INR6M.exe – Worm AMN
%Temp%\SahToolbar\ShopAtHomeToolbar_.dll – Worm AMN
%Temp%\SelectRebatesApi_.exe – Worm AMN
%Temp%\SelectRebatesUninstall_.exe – Worm AMN
%Temp%\SelectRebatesUpdater.exe – Worm AMN
%Temp%\SelectRebates_.exe – Worm AMN
%Temp%\ShopAtHome_Toolbar_Installer.exe – Worm AMN
%Temp%\SRebates_.dll – Worm AMN
%Temp%\SRFF3_.dll – Worm AMN
Worm AMN created autostart registry keys:
HKLM\Software\Classes\CLSID\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4}\InprocServer32 : %Program Files%\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
HKLM\Software\Classes\CLSID\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}\InprocServer32 : %Program Files%\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
HKLM\Software\Classes\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SelectRebates: %Program Files%\SelectRebates\SelectRebates.exe