Facemoods

Comprolive.com offers free remote tech support using Google Chrome Remote Desktop. Please contact sanjayrajure(at)gmail.com by GMail/ GTalk/ Audio/ Video.

Facemoods

Last Updated on Friday, 07 September 2012 07:25 Saturday, 20 August 2011 17:21

Unwanted - App

A program by the name facemoods affects the computers running on the Microsoft windows operating systems. It's analysis report is given below

Files and folders - view
%CommonAppData%\InstallMate\D4CD7D8A\cfg\1.ini
%CommonAppData%\InstallMate\D4CD7D8A\cfg\2.ini
%CommonAppData%\InstallMate\{4C7F6155-09C1-C81D-E18F-51418D0C3411}\Setup.exe
%CommonAppData%\InstallMate\{4C7F6155-09C1-C81D-E18F-51418D0C3411}\Setup.ico
%CommonAppData%\InstallMate\{4C7F6155-09C1-C81D-E18F-51418D0C3411}\TsuDll.dll
%CommonAppData%\InstallMate\{4C7F6155-09C1-C81D-E18F-51418D0C3411}\_Setup.dll
%CommonAppData%\InstallMate\{4C7F6155-09C1-C81D-E18F-51418D0C3411}\_Setupx.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoods.crx
C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoods.png
C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodsApp.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodsEng.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.10\uninstall.exe
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml

Folders
C:\Program Files\facemoods.com
C:\Program Files\Mozilla Firefox
%CommonAppData%\InstallMate
%CommonAppData%\InstallMate\D4CD7D8A
%CommonAppData%\InstallMate\D4CD7D8A\cfg
%CommonAppData%\InstallMate\{4C7F6155-09C1-C81D-E18F-51418D0C3411}
%CommonAppData%\InstallMate\{4C7F6155-09C1-C81D-E18F-51418D0C3411}\A5B6E1BA434A7FB1
%CommonAppData%\Premium
%CommonAppData%\Premium\Setup
C:\Program Files\facemoods.com\facemoods
C:\Program Files\facemoods.com\facemoods\1.4.17.10
C:\Program Files\facemoods.com\facemoods\1.4.17.10\bh
C:\Program Files\Mozilla Firefox\searchplugins

Files in Temp folder
%Temp%\D4CD7D8A\Setup.exe
%Temp%\D4CD7D8A\Setup.ico
%Temp%\Tsu-055C.dll
%Temp%\D4CD7D8A\_Setup.dll
%Temp%\D4CD7D8A\_Setupx.dll
%Temp%\D4CD7D8A\facemoods.exe
%Temp%\D4CD7D8A\general_logo.bmp
%Temp%\D4CD7D8A\report.txt
%Temp%\D4CD7D8A\sweetim_toolbar.bmp
%Temp%\D4CD7D8A\x64\regsvr32.exe
%Temp%\D4CD7D8A\x86\regsvr32.exe
%Temp%\[filename of the sample #1 without extension].log
%Temp%\setup.log

(Full path for the short folder names)

There may be more files created by this virus program. You can find them out. First locate and note down the "date of creation" of any of the files mentioned above, and after that, search the hard disk for other files created on that date or onward. See image

Necessary steps required to remove this virus program

To remove processes created by the virus program from the Task Manager
To search and delete files created by the virus program from the hard disk. Enable to view "hidden files and folders" before you search. Otherwise files created by the virus program inside the hidden folders will not be found
To remove obsolete registry keys using CCleaner

Detailed instructions and free Tools

Preventive steps to avoid virus programs

Reprinted with permission from Threatexpert.com

Disclaimer

Vocabulary of the technical terms used in this article