Cheat Engine

[StarzXx]

Well Avg things that this is a virus it is something called 512686.dll and is located in my System32 so im not sure if its some virus in my System 32 or its an actual file so can you guys please search if you have a file called

512686.dll

and tell me

[Sora]

Delete it by going into safe mode and deleting the .dll or use spyware doctor or malware bytes.

[vmanisme]

Threat Profile: Puper!4B2AAC85
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 10/28/2008
Date Added: 10/28/2008
Origin: Unknown
Length: 20992
Type: Program
SubType: -
DAT Required: 5417
Program Characteristics

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

File Property Property Value
FileName algg.exe
McAfee Detection Generic PUP.x
Length 20,992 bytes
CRC 4B2AAC85
MD5 7B26168855DCF6110F7DE24EBF3C6EDA
SHA1 79D8C0203FBB2AFD274B3D976CFB18EAA704D4E6

Other Common Detection Aliases

Company Name Detection Name
AVG (GriSoft) adware generic3.zpe
Avira TR/BHO.Gen
eSafe (Alladin) Suspicious file
Kaspersky not-a-virus:AdWare.Win32.BHO.dht
microsoft trojan:win32/meredrop
norman W32/Zlob.CNNZ.dropper
panda Suspicious file
rising AdWare.Win32.Agent.bvn
Sophos Troj/BHO-GU
Symantec Downloader
Trend Micro TROJ_ZLOB.LD

Avert® Labs has observed the following system activities:

Activity Risk Level
Enumerates open windows
Medium
Enumerates running processes
Medium
Uses shared memory of other processes
Low
Writes executable in the windows folder
Low
Creates an Internet Explorer tool bar
Informational
Creates registry keys and data values to persist on OS reboot
Informational
Registers DLLs Informational

Other detections that have been observed.

FileName McAfee Supported
%WINDIR%\system32\512686\512686.dll
Puper
%WINDIR%\system32\algg.exe
Generic PUP.x

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following files have been added to the system:

# %WINDIR%\system32\512686
# %WINDIR%\system32\512686\512686.dll
# %WINDIR%\system32\algg.exe

The following registry elements have been created:

# hkey_local_machine\software\classes\clsid\{51b15f5a-e98b-4658-b9cb-9307b74773a7}\

* (default) = 512686 class

# hkey_local_machine\software\classes\clsid\{51b15f5a-e98b-4658-b9cb-9307b74773a7}\inprocserver32\

* (default) = c:\windows\system32\512686\512686.dll
* threadingmodel = apartment

# hkey_local_machine\software\classes\clsid\{51b15f5a-e98b-4658-b9cb-9307b74773a7}\progid\

* (default) = z444.z444mgr.1

# hkey_local_machine\software\classes\clsid\{51b15f5a-e98b-4658-b9cb-9307b74773a7}\typelib\

* (default) = {e63648f7-3933-440e-aaaa-a8584dd7b7eb}

# hkey_local_machine\software\classes\clsid\{51b15f5a-e98b-4658-b9cb-9307b74773a7}\versionindependentprogid\

* (default) = z444.z444mgr

# hkey_local_machine\software\classes\clsid\e405.e405mgr\

* userid = {d0d621d6-b429-4fa8-85fa-ea1d9ed8fbd8}

# hkey_local_machine\software\classes\interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836}\

* (default) = ie405mgr

# hkey_local_machine\software\classes\interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836}\proxystubclsid\

* (default) = {00020424-0000-0000-c000-000000000046}

# hkey_local_machine\software\classes\interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836}\proxystubclsid32\

* (default) = {00020424-0000-0000-c000-000000000046}

# hkey_local_machine\software\classes\interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836}\typelib\

* (default) = {e63648f7-3933-440e-b4f6-a8584dd7b7eb}
* version = 3157553

# hkey_local_machine\software\classes\typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb}\1.0\

* (default) = 512686 1.0 type library

# hkey_local_machine\software\classes\typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb}\1.0\0\win32\

* (default) = c:\windows\system32\512686\512686.dll

# hkey_local_machine\software\classes\typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb}\1.0\flags\

* (default) = 48

# hkey_local_machine\software\classes\typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb}\1.0\helpdir\

* (default) = c:\windows\system32\512686\

# hkey_local_machine\software\classes\z444.z444mgr.1\

* (default) = 512686 class

# hkey_local_machine\software\classes\z444.z444mgr.1\clsid\

* (default) = {51b15f5a-e98b-4658-b9cb-9307b74773a7}

# hkey_local_machine\software\classes\z444.z444mgr\

* (default) = 512686 class

# hkey_local_machine\software\classes\z444.z444mgr\clsid\

* (default) = {51b15f5a-e98b-4658-b9cb-9307b74773a7}

# hkey_local_machine\software\classes\z444.z444mgr\curver\

* (default) = z444.z444mgr.1

# hkey_local_machine\software\microsoft\internet explorer\searchurl\w\

* (default) = http://windiwsfsearch.com/search?q=%s

# hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{51b15f5a-e98b-4658-b9cb-9307b74773a7}\

* (default) = 512686 helper
* noexplorer = 1
* notyy = 1

# hkey_users\s-1-5-21-1202660629-602609370-839522115-500\software\microsoft\internet explorer\search\

* searchassistant = http://windiwsfsearch.com

# hkey_users\s-1-5-21-1202660629-602609370-839522115-500\software\microsoft\internet explorer\searchurl\w\

* (default) = http://windiwsfsearch.com/search?q=%s

The following registry elements have been changed:

# hkey_local_machine\software\microsoft\internet explorer\main\

* searchmigrated = 1
* use custom search url = 1

# hkey_local_machine\software\microsoft\internet explorer\search\

* searchassistant = http://windiwsfsearch.com

# hkey_users\s-1-5-21-1202660629-602609370-839522115-500\software\microsoft\internet explorer\main\

* searchmigrated = 1
* searchmigrateddefaulturl = http://windiwsfsearch.com/search?q
={searchterms}
* use custom search url = 1

# hkey_users\s-1-5-21-1202660629-602609370-839522115-500\software\microsoft\windows\currentversion\run\

* wblogon = c:\windows\system32\algg.exe

The application created the following network connection(s):

# http

* hxxp://172.16.199.200/

Symptoms

This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.
Method

This is not a virus or Trojan. PUPs do not "infect" systems. They may be installed by a user individually or possibly as a part of a software package (in a bundle, for example).

YOU CAN REMOVE IT THROUGH SAFEMODE MAKE SURE IT DOESENT GO TO RECYCLE BIN CHECK IT AFTER YOU DELETE IT BECAUSE IF IT DOES IT MIGHT RESTORE WHEN YOU GO INTO NORMAL MODE!

[Vibe]

I don't have it. That is a virus. You need to get rid of it.

[yehm813]

stupidnoob99 Posted: Sat Nov 01, 2008 8:50 pm Post subject:

Delete it by going into safe mode and deleting the .dll or use spyware doctor or malware bytes.



exactly

[IllusionSlayer]

on topic: i agree with the really really long post...

off topic: yehm813, why don't you use the quote button...this is the third thread where you could and should have but didn't

[SFP+]

Go download Unlocker.
Install etc.
rightclick file
delete
unlocker will pop up with some random shit like "unlock, kill task" or whatever.
Kill tasks
File removen
Profit
WIIHOOOOO
^_________^