Virus.Win32.MABEZAT.DAM


 PLATFORM:

Windows

 OVERALL RISK RATING:
 REPORTED INFECTION:

  • Threat Type: File infector

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This File infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File Size:

729,967 bytes

File Type:

EXE

Memory Resident:

Yes

Initial Samples Received Date:

13 Nov 2019

Arrival Details

This File infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Other System Modifications

This File infector adds the following registry keys:

HKEY_CURRENT_USER\software\HSTools\
IPMsgEng

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\FindStr

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\HotKey

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize\SendOrder

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendEdit

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendListView

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvHead

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvEdit

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\BroadCast

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\ClickableUrl

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Priority

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\HostInfo

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Crypt

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Crypt2

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\lruUser

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Crypt\Crypt2

It adds the following registry entries:

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
(Default) = "3.42"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
lcid = "4294967295"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
NoBeep = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
ListGet = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
ListGetMSec = "3000"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
RetryMSec2 = "1500"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
RetryMax = "3"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
RecvMaxNT = "100"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
NoErase = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
NoPopup = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
OpenCheck = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
AllowSendList = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
FileTransOpt = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
ResolveOpt = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
ClipMode = "3"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
CaptureMinimize = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
CaptureClip = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
CaptureSave = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
OpenMsgTime = "3000"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
RecvMsgTime = "10000"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
BalloonNoInfo = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
LumpCheck = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
AbsenceSave = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
AbsenceCheck = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
AbsenceMax = "8"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceStr0 = "absence now."

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceHead0 = "absence"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceStr1 = "having a meal now."

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceHead1 = "meal"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceStr2 = "in a meeting now."

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceHead2 = "meeting"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceStr3 = "visitors now."

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceHead3 = "visitor"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceStr4 = "out now."

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceHead4 = "out"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceStr5 = "home now."

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceHead5 = "home"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceStr6 = "Edo tokorobarai mousi watasu!"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceHead6 = "Edo"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceStr7 = "I am tired of life.Please don't look for me..."

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\AbsenceStr
AbsenceHead7 = "priest"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
PasswordStr = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
PasswdLogCheck = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
DelayTime = "500"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
QuoteCheck = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
SecretCheck = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
LogonLog = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
RecvLogonDisp = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
IPAddrCheck2 = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
RecvIPAddrCheck = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
OneClickPopup2 = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
BalloonNotify = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
AbnormalButton = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
DialUpCheck = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
AbsenceNonPopup = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
NickNameStr = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
GroupNameStr = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
Sort = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
UpdateTime = "10"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
KeepHostTime = "15552000"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
ExtendEntry = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
ExtendBroadcast = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
ControlIME2 = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
GlidLine = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
ColumnItems = "13"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
QuoteStr = ">"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\HotKey
HotKeyCheck = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\HotKey
HotKeyModify = "3"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\HotKey
HotKeySend = "83"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\HotKey
HotKeyRecv = "82"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\HotKey
HotKeyMisc = "68"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
LogCheck = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
LogUTF8 = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
LogFile = "%User Profile%\Documents\ipmsg.log"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
SoundFile = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
Icon = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
RevIcon = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
lastOpen = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
lastSave = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
lruUserMax = "10"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
SendNickName = "97"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
SendUserName = "90"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
SendAbsence = "16"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
SendPriority = "21"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
SendGroupName = "88"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
SendHostName = "58"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
SendIPAddr = "110"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize\SendOrder
0 = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize\SendOrder
1 = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize\SendOrder
2 = "2"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize\SendOrder
3 = "3"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize\SendOrder
4 = "4"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize\SendOrder
5 = "5"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize\SendOrder
6 = "6"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
SendXdiff = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
SendYdiff = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
SendMidYdiff = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
SendSavePos = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
SendXpos = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
SendYpos = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
RecvXdiff = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
RecvYdiff = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
RecvSavePos = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
RecvXpos = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
RecvYpos = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
HistXdiff = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
HistYdiff = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
HistUser = "100"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
HistODate = "90"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
HistSDate2 = "10"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\WindowSize
HistId2 = "10"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendEdit
Height = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendEdit
Width = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendEdit
Escapement = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendEdit
Orientation = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendEdit
Weight = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendEdit
Italic = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendEdit
UnderLine = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendEdit
StrikeOut = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendEdit
CharSet = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendEdit
OutPrecision = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendEdit
ClipPrecision = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendEdit
Quality = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendEdit
PitchAndFamily = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendEdit
FaceName = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendListView
Height = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendListView
Width = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendListView
Escapement = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendListView
Orientation = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendListView
Weight = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendListView
Italic = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendListView
UnderLine = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendListView
StrikeOut = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendListView
CharSet = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendListView
OutPrecision = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendListView
ClipPrecision = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendListView
Quality = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendListView
PitchAndFamily = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\SendListView
FaceName = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvHead
Height = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvHead
Width = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvHead
Escapement = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvHead
Orientation = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvHead
Weight = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvHead
Italic = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvHead
UnderLine = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvHead
StrikeOut = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvHead
CharSet = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvHead
OutPrecision = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvHead
ClipPrecision = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvHead
Quality = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvHead
PitchAndFamily = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvHead
FaceName = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvEdit
Height = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvEdit
Width = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvEdit
Escapement = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvEdit
Orientation = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvEdit
Weight = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvEdit
Italic = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvEdit
UnderLine = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvEdit
StrikeOut = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvEdit
CharSet = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvEdit
OutPrecision = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvEdit
ClipPrecision = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvEdit
Quality = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvEdit
PitchAndFamily = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Fonts\RecvEdit
FaceName = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
DefaultUrl = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng
ShellExec = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\ClickableUrl
HTTP = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\ClickableUrl
HTTPS = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\ClickableUrl
FTP = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\ClickableUrl
FILE = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\ClickableUrl
TELNET = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Priority
PriorityMax = "5"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Priority
PriorityReject = "0"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\FindStr
FindMax2 = "12"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\FindStr
FindAll = "1"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\FindStr
0 = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\FindStr
1 = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\FindStr
2 = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\FindStr
3 = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\FindStr
4 = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\FindStr
5 = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\FindStr
6 = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\FindStr
7 = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\FindStr
8 = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\FindStr
9 = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\FindStr
10 = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\FindStr
11 = ""

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Crypt
PrivBlob = "{random characters}"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Crypt
PrivEncryptSeed = "{random characters}"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Crypt
PrivEncryptType = "2"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Crypt2
PrivBlob = "{random characters}"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Crypt2
PrivEncryptSeed = "{random characters}"

HKEY_CURRENT_USER\Software\HSTools\
IPMsgEng\Crypt2
PrivEncryptType = "2"

This report is generated via an automated analysis system.

  SOLUTION

Minimum Scan Engine:

9.850

Step 1

Before doing any scans, Windows 7, Windows 8, Windows 8.1, and Windows 10 users must disable System Restore to allow full scanning of their computers.

Step 2

Delete this registry key

[ Learn More ]

Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.

  • In HKEY_CURRENT_USER\software\HSTools
    • IPMsgEng
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • AbsenceStr
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • FindStr
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • HotKey
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • WindowSize
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • SendOrder
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • Fonts
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts
    • SendEdit
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts
    • SendListView
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts
    • RecvHead
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts
    • RecvEdit
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • BroadCast
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • ClickableUrl
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • Priority
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • HostInfo
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • Crypt
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • Crypt2
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • lruUser
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Crypt
    • Crypt2

Step 3

Delete this registry value

[ Learn More ]

Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.

  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • (Default) = "3.42"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • lcid = "4294967295"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • NoBeep = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • ListGet = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • ListGetMSec = "3000"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • RetryMSec2 = "1500"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • RetryMax = "3"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • RecvMaxNT = "100"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • NoErase = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • NoPopup = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • OpenCheck = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • AllowSendList = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • FileTransOpt = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • ResolveOpt = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • ClipMode = "3"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • CaptureMinimize = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • CaptureClip = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • CaptureSave = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • OpenMsgTime = "3000"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • RecvMsgTime = "10000"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • BalloonNoInfo = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • LumpCheck = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • AbsenceSave = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • AbsenceCheck = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • AbsenceMax = "8"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceStr0 = "absence now."
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceHead0 = "absence"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceStr1 = "having a meal now."
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceHead1 = "meal"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceStr2 = "in a meeting now."
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceHead2 = "meeting"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceStr3 = "visitors now."
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceHead3 = "visitor"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceStr4 = "out now."
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceHead4 = "out"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceStr5 = "home now."
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceHead5 = "home"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceStr6 = "Edo tokorobarai mousi watasu!"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceHead6 = "Edo"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceStr7 = "I am tired of life.Please don't look for me..."
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\AbsenceStr
    • AbsenceHead7 = "priest"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • PasswordStr = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • PasswdLogCheck = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • DelayTime = "500"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • QuoteCheck = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • SecretCheck = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • LogonLog = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • RecvLogonDisp = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • IPAddrCheck2 = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • RecvIPAddrCheck = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • OneClickPopup2 = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • BalloonNotify = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • AbnormalButton = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • DialUpCheck = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • AbsenceNonPopup = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • NickNameStr = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • GroupNameStr = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • Sort = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • UpdateTime = "10"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • KeepHostTime = "15552000"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • ExtendEntry = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • ExtendBroadcast = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • ControlIME2 = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • GlidLine = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • ColumnItems = "13"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • QuoteStr = ">"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\HotKey
    • HotKeyCheck = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\HotKey
    • HotKeyModify = "3"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\HotKey
    • HotKeySend = "83"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\HotKey
    • HotKeyRecv = "82"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\HotKey
    • HotKeyMisc = "68"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • LogCheck = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • LogUTF8 = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • LogFile = "%User Profile%\Documents\ipmsg.log"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • SoundFile = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • Icon = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • RevIcon = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • lastOpen = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • lastSave = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • lruUserMax = "10"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • SendNickName = "97"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • SendUserName = "90"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • SendAbsence = "16"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • SendPriority = "21"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • SendGroupName = "88"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • SendHostName = "58"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • SendIPAddr = "110"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize\SendOrder
    • 0 = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize\SendOrder
    • 1 = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize\SendOrder
    • 2 = "2"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize\SendOrder
    • 3 = "3"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize\SendOrder
    • 4 = "4"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize\SendOrder
    • 5 = "5"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize\SendOrder
    • 6 = "6"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • SendXdiff = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • SendYdiff = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • SendMidYdiff = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • SendSavePos = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • SendXpos = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • SendYpos = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • RecvXdiff = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • RecvYdiff = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • RecvSavePos = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • RecvXpos = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • RecvYpos = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • HistXdiff = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • HistYdiff = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • HistUser = "100"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • HistODate = "90"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • HistSDate2 = "10"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\WindowSize
    • HistId2 = "10"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
    • Height = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
    • Width = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
    • Escapement = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
    • Orientation = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
    • Weight = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
    • Italic = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
    • UnderLine = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
    • StrikeOut = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
    • CharSet = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
    • OutPrecision = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
    • ClipPrecision = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
    • Quality = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
    • PitchAndFamily = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendEdit
    • FaceName = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
    • Height = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
    • Width = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
    • Escapement = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
    • Orientation = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
    • Weight = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
    • Italic = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
    • UnderLine = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
    • StrikeOut = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
    • CharSet = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
    • OutPrecision = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
    • ClipPrecision = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
    • Quality = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
    • PitchAndFamily = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\SendListView
    • FaceName = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
    • Height = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
    • Width = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
    • Escapement = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
    • Orientation = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
    • Weight = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
    • Italic = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
    • UnderLine = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
    • StrikeOut = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
    • CharSet = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
    • OutPrecision = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
    • ClipPrecision = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
    • Quality = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
    • PitchAndFamily = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvHead
    • FaceName = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
    • Height = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
    • Width = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
    • Escapement = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
    • Orientation = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
    • Weight = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
    • Italic = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
    • UnderLine = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
    • StrikeOut = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
    • CharSet = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
    • OutPrecision = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
    • ClipPrecision = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
    • Quality = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
    • PitchAndFamily = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Fonts\RecvEdit
    • FaceName = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • DefaultUrl = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng
    • ShellExec = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\ClickableUrl
    • HTTP = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\ClickableUrl
    • HTTPS = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\ClickableUrl
    • FTP = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\ClickableUrl
    • FILE = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\ClickableUrl
    • TELNET = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Priority
    • PriorityMax = "5"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Priority
    • PriorityReject = "0"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
    • FindMax2 = "12"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
    • FindAll = "1"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
    • 0 = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
    • 1 = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
    • 2 = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
    • 3 = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
    • 4 = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
    • 5 = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
    • 6 = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
    • 7 = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
    • 8 = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
    • 9 = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
    • 10 = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\FindStr
    • 11 = ""
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Crypt
    • PrivBlob = "{random characters}"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Crypt
    • PrivEncryptSeed = "{random characters}"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Crypt
    • PrivEncryptType = "2"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Crypt2
    • PrivBlob = "{random characters}"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Crypt2
    • PrivEncryptSeed = "{random characters}"
  • In HKEY_CURRENT_USER\Software\HSTools\IPMsgEng\Crypt2
    • PrivEncryptType = "2"

Step 4

Scan your computer with your Trend Micro product to clean files detected as Virus.Win32.MABEZAT.DAM. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information:


Did this description help? Tell us how we did.