Amonetize is an application that usually installs without your knowledge with free software downloads. Identified the 07/28/2015.

Features:

– It belongs to a family of PUP (Potentially Unwanted Program).
– Vendor : PUP.Optional

Main actions :

– It installs as a process launched at startup of the system (RP),
– It installs as a service to be launched each time the system (O23),(SS/SR).
– It creates to many registry keys ‘Software’
– It creates additional folders (O43),
– It moved to the Windows prefetcher folder (O45).
– It installs as a driver system (O58),
– It creates a Legacy pointing to a malware service, key in the registry. (O64)

ZHPDiag report:

[MD5.465B385BFD8ED8176FBB9B10AEC6EC8F] – (…) — C:\WINDOWS\system32\nethtsrv.exe [179200] [PID.2140] [MD5.C43AE4D767FA6A65FC6799DA104DDD8A] – (…) — C:\WINDOWS\system32\netupdsrv.exe [159744] [PID.2284] [MD5.5A2AB2E1A00EC16A843AD7D02FAA4EC0] – (.Copyright © 2015 – .) — C:\Program Files\Concom\Concom.exe [379904] [PID.3580] [MD5.22307CFDB53EB60377DA089CE7B19280] – (.Copyright © 2015 – .) — C:\Program Files\NixSrv\NixSrv.exe [379904] [PID.1696] [MD5.9FFDBDCD2E7F2FA6B15777A5B72EE960] – (.Copyright © 2015 – .) — C:\Program Files\NixSrv\packages\b95f3ef7-d1ee-4f6c-abf8-f8082cd08549\NixHost.exe [855040] [PID.2564] O23 – Service: NixSrv Service (NixSrv) . (.Copyright © 2015 – .) – C:\Program Files\NixSrv\NixSrv.exe
O23 – Service: Network HTTP Support Service (NetHttpService) . (…) – C:\WINDOWS\system32\nethtsrv.exe
O23 – Service: Network Support Service Updater (ServiceUpdater) . (…) – C:\WINDOWS\system32\netupdsrv.exe
O41 – Driver: (nethfdrv) . (.Pas de propriétaire – nethfdrv.sys.) – C:\WINDOWS\system32\drivers\nethfdrv.sys
O41 – Driver: (nethfdrv) . (.nethfdrv – nethfdrv.) – C:\Windows\system32\drivers\nethfdrv.sys
O43 – CFD: 2015/10/05 06:57:10 – [] D — C:\Program Files\Concom
O43 – CFD: 2015/08/30 15:41:23 – [] D — C:\Program Files\NixSrv
O58 – SDL:09/07/2014 – 08:28:46 —A- . (.Pas de propriétaire – nethfdrv.sys.) — C:\WINDOWS\system32\Drivers\nethfdrv.sys [49152] O64 – Services: CurCS – 09/07/2014 – C:\WINDOWS\system32\drivers\nethfdrv.sys (nethfdrv) .(.Pas de propriétaire – nethfdrv.sys.) – LEGACY_NETHFDRV
O64 – Services: CurCS – 09/07/2014 – C:\WINDOWS\system32\nethtsrv.exe (NetHttpService) .(…) – LEGACY_NETHTTPSERVICE
O64 – Services: CurCS – 09/07/2014 – C:\WINDOWS\system32\netupdsrv.exe (ServiceUpdater) .(…) – LEGACY_SERVICEUPDATER
SR – Auto [2015/08/27 10:48:16] [ 379904] NixSrv Service (NixSrv) . (.Copyright © 2015.) – C:\Program Files\NixSrv\NixSrv.exe
SR – | Auto 09/07/2014 179200 | (NetHttpService) . (…) – C:\WINDOWS\system32\nethtsrv.exe
SR – | Auto 09/07/2014 159744 | (ServiceUpdater) . (…) – C:\WINDOWS\system32\netupdsrv.exe
SR – Auto [2015/09/24 09:29:56] [ 379904] Concom Service (Concom) . (.Copyright © 2015.) – C:\Program Files\Concom\Concom.exe[HKLM\SYSTEM\CurrentControlSet\Services\NetHttpService] [HKLM\SYSTEM\CurrentControlSet\Services\ServiceUpdater] [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETHFDRV] [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETHTTPSERVICE] [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SERVICEUPDATER] C:\WINDOWS\system32\nethtsrv.exe
C:\WINDOWS\system32\netupdsrv.exe
C:\WINDOWS\system32\Drivers\nethfdrv.sys

Alias:

PUP.Optional.Amonetize.A [ Malwarebytes Antimalware ] TR/Dldr.Agent.bvxcd [Avira AntiVir] Win32:Downloader-VLS [Trj] avast!
Win32/Amonetize.AZ [ESET NOD32] Adware.Win32.Amonetize [Baidu Antivirus] Adware.Downware.1400 [Dr.Web] a variant of Win32/Amonetize.I [ESET] Amonetize (fs) [VIPRE]

Remove:

– Remove software in Windows Configuration Panel,
Remove with ZHPcleaner
ZHPCleaner_EN2
Diagnose with ZHPDiag
ZHPDiag_2-300x220

2016-12-30T07:34:23+00:00 Categories: PUP|Tags: |Comments Off on PUP.Optional.Amonetize