Logo_Malware
Daugava is a program that usually installs without your knowledge via free software downloads.
Identified the 07/22/2015.

Features:

– It belongs to a family of PUP (Potentially Unwanted Program).
– Vendor : PUP.Optional

Main actions :

– It installs as a process launched at startup of the system (RP),
– It settled in the Base of registers to be launched each time the system (O4),
– It installs as a service to be launched each time the system (O23),(SS/SR),
– It installs as a program (O42),
– It creates to many registry keys ‘Software’,
– It creates additional folders (O43),
– It moved to the Windows prefetcher folder (O45),

ZHPDiag report:

[MD5.C2E9732B2FE428D587015A6D2A63DA2B] – (…) — C:\Program Files\daugava\Upbgbeie.exe[MD5.F015F4DF5668DAF877AFE9B2C9E51051] – (…) — C:\Program Files\daugava\csrcc.exe[MD5.7766FAA51040AA5923496DDE8F59F8B4] – (…) — C:\Program Files\daugava\Weekfqwb.exe[MD5.453E7F9A59F4E6CDF1B3EC4B996C63A7] – (…) — C:\Program Files\daugava\Ejemidvlf.exe[MD5.41631A3A5F8E1D5ADC1F9AAEC0CC2D84] – (…) — C:\Program Files\daugava\Ejemidvlf64.exe
O4 – HKLM\..\Run: [daugava] . (…) — C:\Program Files\daugava\Ejemidvlf.exe
O4 – HKLM\..\Run: [daugava64] . (…) — C:\Program Files\daugava\Ejemidvlf64.exe
O23 – Service: 65f825de-0adc-4791-a1e5-209aa6f7ea76 (65f825de-0adc-4791-a1e5-209aa6f7ea76) . (…) – C:\Program Files\daugava\Upbgbeie.exe
O23 – Service: csrcc (csrcc) . (…) – C:\Program Files\daugava\csrcc.exe
O23 – Service: daugava Updater (daugava Updater) . (…) – C:\Program Files\daugava\Weekfqwb.exe[MD5.A073114547502BC77368AB09A165F795] [APT] [Cawlez] (…) — C:\Program Files\daugava\Irosioe.bat
O42 – Logiciel: daugava 2.0.0.701 – (.daugava.) [HKLM][64Bits] — {f179b4aa-3249-4e0e-a45a-8519d6bcd424}_is1
SR – Auto [2015/07/22 17:55:04] [ 284320] 65f825de-0adc-4791-a1e5-209aa6f7ea76 (65f825de-0adc-4791-a1e5-209aa6f7ea76) . (…) – C:\Program Files\daugava\Upbgbeie.exe
SR – Auto [2015/07/22 17:55:02] [ 1447584] csrcc (csrcc) . (…) – C:\Program Files\daugava\csrcc.exe
SR – Auto [2015/07/22 17:55:04] [ 173216] daugava Updater (daugava Updater) . (…) – C:\Program Files\daugava\Weekfqwb.exe

Alias:

Adware.Shopper

Remove:

– Remove software via Windows Configuration Panel,
Remove with ZHPcleaner
ZHPCleaner_EN2
Diagnose with ZHPDiag
ZHPDiag_2-300x220

2016-12-30T07:34:23+00:00 Categories: PUP|Tags: |Comments Off on PUP.Optional.Daugava