Tool:Win32/Hideproc.C
Posted: April 18, 2011
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 19,141 |
|---|---|
| Threat Level: | 8/10 |
| Infected PCs: | 10,617 |
| First Seen: | April 18, 2011 |
|---|---|
| Last Seen: | February 3, 2025 |
| OS(es) Affected: | Windows |
Tool:Win32/Hideproc.C is a new version of an old Trojan that's installed as one part of a larger infection for the purpose of concealing memory processes and other malicious components. Most Trojans like Tool:Win32/Hideproc.C will run without your permission as concealed memory processes and can be observed only indirectly through the side effects of their attacks. Since Tool:Win32/Hideproc.C may be part of a larger threat and even more malicious threat, you should immediately take action to delete Tool:Win32/Hideproc.C from your computer before serious damage occurs.
The many Tools of Tool:Win32/Hideproc.C's Malignant Trade
Tool:Win32/Hideproc.C is just a 2010 version of the Hideproc Trojan that was first noted in 2007. Since that time, different versions of Hideproc have appeared, including Tool:Win32/Hideproc.C as well as Trojan:Win32/Hideproc.F and Trojan:Win32/Startpage.RM.
Even if your security software can detect one of these threats, your PC may still be vulnerable to attacks by newer versions like Tool:Win32/Hideproc.C. Keeping your anti-malware programs completely updated is a vital step in protecting your PC from Tool:Win32/Hideproc.C. Avoiding initial infections can be done by keeping your browser up to date, disabling scripts from untrustworthy sources and avoiding suspicious files.
Some versions of Hideproc are installed as specific pieces of a larger infection for the purpose of hiding this infection. Tool:Win32/Hideproc.C may conceal, not only Tool:Win32/Hideproc.C's own memory processes, but also the memory processes of other malicious programs. When this is combined with a standard Trojan tactic of running automatically when Windows loads, this lets Tool:Win32/Hideproc.C and Tool:Win32/Hideproc.C's cohorts hide in plain sight while still being active at all times.
You can detect hidden memory processes by noting unusual system resource usage or by observing the other side effects of the attacks caused by Tool:Win32/Hideproc.C and similar Trojans.
The Rest of what Tool:Win32/Hideproc.C Has in Store for Your Computer
Tool:Win32/Hideproc.C or threats related to Tool:Win32/Hideproc.C may also cause other problems:
- Tool:Win32/Hideproc.C may hijack your web browser. Hijacks can play advertisements, create fake errors that make it appear as though a benevolent website isn't safe, change your homepage or redirect you to dangerous websites.
- Tool:Win32/Hideproc.C may install a Remote Administration Tool or serve as a RAT by itself. RATs let remote criminals control your computer and are often the culprits behind Distributed-Denial-of-Service attacks and other illegal activities.
- Tool:Win32/Hideproc.C may use keylogger functions or other spyware-related capabilities to record passwords and other information in a log that is later sent to a remote criminal.
- Tool:Win32/Hideproc.C may block applications and even make it look like those applications are infected when they're completely fine.
- Tool:Win32/Hideproc.C may create Trojans that imitate Windows errors to try to fool you into performing self-destructive actions. These Trojans can even imitate specific Windows functions like the Security Essentials Alert.
File System Modifications
- The following files were created in the system:
# File Name 1 1 Click PC Fix v3.5.exe 2 11878.dll 3 adsnt.exe 4 appconf32.exe 5 ashampkeygen.exe 6 audiosrv32.dll 7 ce3f3047-08bc-36dd-43e4-358cd4362a09.dll 8 chngu32.dll 9 chp.exe 10 cleaner7.exe 11 core32_175.dll 12 crack maxsea plaisance v10.11.12.exe 13 cryptnet32.dll 14 DCPPaid.exe 15 dispdrv.exe 16 DK.exe 17 dpcfinen.dll 18 Fl_3-8D-0fa-O4.dll 19 gamexl.exe 20 info[1].exe 21 ISd33_2298.exe 22 lpnedu.dll 23 MsMxEng.exe 24 NEBDFWc.dll 25 oyplemis.dll 26 PornoProtector.exe 27 questbrowse137.exe 28 ramcore.exe 29 sbluini.dll 30 service.exe 31 setup.exe 32 setup_lvk.exe 33 stlubchg.dll 34 SubsHelperBHO.dll 35 Svg64.exe 36 THE7SINS_RETAIL.EXE 37 uinex4.dll 38 updateuser.exe 39 userlib.exe 40 w2_0.exe 41 winntse.bin.exe 42 wrtchry.dll 43 Xtreme Stage Hack.dll 44 xvid_setup1.2.2-win32.exe 45 yaxuvu.dll
Aliases
HackTool/Win32.ProcPatcher [AhnLab-V3]Unwanted-Program ( 0049ebb41 ) [K7AntiVirus]PUA.HideExec.A6 [CAT-QuickHeal]Downloader.Generic12.DYX [AVG]Win32:MalOb-DT [GData]Trojan.Hiloti.11 [DrWeb]Trojan-Downloader.Win32.Mufanom.bpnj [Kaspersky]Win32:MalOb-DT [Cryp] [Avast]a variant of Win32/Kryptik.SQO [NOD32]Artemis!C47B90E73B22 [McAfee]Trojan.KGBKeylog [ClamAV]Win32.TrjThed.B [eSafe]Artemis!FBB8C284F690 [McAfee]W32/Agent.QVZ!tr [Fortinet]Troj/Agent-QVZ [Sophos]
More aliases (405)
More aliases (405)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%LOCALAPPDATA%\cona0102.dll
File name: cona0102.dllSize: 99.84 KB (99840 bytes)
MD5: 5a112f81574e7f5dfceb03993f9a9cd6
Detection count: 71
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: May 16, 2011
%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1UFM1EE\info[1].exe
File name: info[1].exeSize: 636.92 KB (636928 bytes)
MD5: 2734d837809fa5acc8ddcffd140e86a3
Detection count: 64
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1UFM1EE
Group: Malware file
Last Updated: April 26, 2011
%WINDIR%\TEMP\xibc\setup.exe
File name: setup.exeSize: 37.96 KB (37968 bytes)
MD5: 6ac0ded54cc0f868ccb4469667c50656
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\TEMP\xibc
Group: Malware file
Last Updated: April 22, 2011
%ALLUSERSPROFILE%\SysLogger\core32_175.dll
File name: core32_175.dllSize: 455.68 KB (455680 bytes)
MD5: 42e325882df9146ffd1064d7291be55f
Detection count: 52
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\SysLogger
Group: Malware file
Last Updated: April 22, 2011
%WINDIR%\wrtchry.dll
File name: wrtchry.dllSize: 114.68 KB (114688 bytes)
MD5: 80601ae934dccf8a03d054321d387fe7
Detection count: 42
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%
Group: Malware file
Last Updated: April 29, 2011
%LOCALAPPDATA%\mstato.dll
File name: mstato.dllSize: 122.88 KB (122880 bytes)
MD5: 010ab70ca3af872bfbe07ca59b26b423
Detection count: 42
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: May 16, 2011
%WINDIR%\oyplemis.dll
File name: oyplemis.dllSize: 93.18 KB (93184 bytes)
MD5: a0840f875458f4e85d34426b06f2c152
Detection count: 36
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%
Group: Malware file
Last Updated: April 29, 2011
%WINDIR%\dpcfinen.dll
File name: dpcfinen.dllSize: 118.78 KB (118784 bytes)
MD5: 94c4be4d19be2ae6e372a73a3b3f71b3
Detection count: 33
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%
Group: Malware file
Last Updated: April 28, 2011
%LOCALAPPDATA%\KBDKBD.dll
File name: KBDKBD.dllSize: 89.6 KB (89600 bytes)
MD5: 2a3b3b65457ed5f3248e4ea0e80dcd36
Detection count: 32
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: May 12, 2011
%WINDIR%\SysWow64\11878.dll
File name: 11878.dllSize: 802.81 KB (802816 bytes)
MD5: 51c2a8781a7a9eb685e2b6a5245d6dba
Detection count: 16
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\SysWow64
Group: Malware file
Last Updated: April 26, 2011
%WINDIR%\uinex4.dll
File name: uinex4.dllSize: 98.81 KB (98816 bytes)
MD5: ff1f6c951cd6f68deb22bc3b75cfa2d5
Detection count: 14
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%
Group: Malware file
Last Updated: May 3, 2011
%LOCALAPPDATA%\chngu32.dll
File name: chngu32.dllSize: 118.78 KB (118784 bytes)
MD5: e9826adaed007ed2cf3000eec83fd51d
Detection count: 12
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: May 3, 2011
%LOCALAPPDATA%\msosTA.dll
File name: msosTA.dllSize: 95.74 KB (95744 bytes)
MD5: a5738c0842e37feb0f1693ce7b34fe0b
Detection count: 10
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: May 16, 2011
yaxuvu.dll
File name: yaxuvu.dllSize: 133.63 KB (133632 bytes)
MD5: 162a598de7db979f08af8d6cac834e5c
Detection count: 7
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: April 26, 2011
%WINDIR%\system32\updateuser.exe
File name: updateuser.exeSize: 34.3 KB (34304 bytes)
MD5: 96721de8fc8ac2b742c86685d0eef5c2
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 22, 2011
%USERPROFILE%\Downloads\Ashampoo HDD Control v2.07\ashampkeygen.exe
File name: ashampkeygen.exeSize: 1.01 MB (1011730 bytes)
MD5: 995f4bbbad79b3d511df21f199dac610
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Downloads\Ashampoo HDD Control v2.07
Group: Malware file
Last Updated: April 28, 2011
%WINDIR%\stlubchg.dll
File name: stlubchg.dllSize: 99.32 KB (99328 bytes)
MD5: f25065d0d0fee56bc5d32159ebfdf177
Detection count: 6
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%
Group: Malware file
Last Updated: April 20, 2011
%WINDIR%\system32\cryptnet32.dll
File name: cryptnet32.dllSize: 49.15 KB (49152 bytes)
MD5: 134bccc5396bfaadb954db48409f6a63
Detection count: 5
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: April 26, 2011
%LOCALAPPDATA%\rpoxth.dll
File name: rpoxth.dllSize: 106.49 KB (106496 bytes)
MD5: c47b90e73b2279b6754ceb6a1cb6b34e
Detection count: 5
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%
Group: Malware file
Last Updated: September 13, 2011
More files
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.