Sus.Behav
Sus.Behav exhibits characteristics that are often associated with malware. Officially categorized as a file, Sus.Behav displays suspicious behavior and should definitely not be trusted. Some of the symptoms of being infected by Sus.Behav are corrupt files reopening after being deleted, missing registry files, annoying pop-up ads, changes in Internet settings, unwanted web browser components, and decreased system speeds.
File System Modifications
- The following files were created in the system:
# File Name 1 __c00135A8.dat 2 alt.exe.exe 3 av2009.exe 4 CarbonitePreinstaller.exe 5 CarboniteSetupLitePBPreInstaller.exe 6 cbXPiFwT.dll 7 ccleaner.exe 8 DWRCS.EXE 9 EntriqMediaServer.exe 10 ERCUtil.dll 11 FGSHEL~1.DLL 12 fpfstb.dll 13 opnonkhe.dll 14 rqRiiHXQ.dll 15 SpySweeperUI.exe 16 tbaction.exe 17 tuvVLcay.dll 18 xfire.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 29247207685934936530823877733220HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ccleanerHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINDOWS\APPINIT_DLLS\ AppInit_DLLsHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__c00135A8HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnonkheHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvVLcayHKEY..\..\..\..{RegistryKeys}RUNNING PROGRAM\DWRCS.EXERUNNING PROGRAM\EXPLORER.EXERUNNING PROGRAM\EntriqMediaServer.exeRUNNING PROGRAM\winlogon.exeRUNNING PROGRAM\xfire.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ CarboniteSetupLiteHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ PromoRegHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ SpySweeperHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ TBAction
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.