Solved! Use JGCH.SYS (Backdoor Koutodoor) Removal Guide

October 16, 2014

Alex NightWatcher

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

JGCH.SYS – Backdoor Koutodoor removal

File	MD5	Virus Alias
JGCH.SYS	f814d65861579385dcad452188019c34	Backdoor Koutodoor
JGCH.SYS	f814d65861579385dcad452188019c34	Trojan Generic
JGCH.SYS	f814d65861579385dcad452188019c34	Trojan MLW
JGCH.SYS	f814d65861579385dcad452188019c34	Trojan Eldorado
JGCH.SYS	f814d65861579385dcad452188019c34	Trojan Agent

JGCH.SYS size: 38656 bytes
JGCH.SYS hash: F814D65861579385DCAD452188019C34

Created files:

%SysDir%\arl.dll
%SysDir%\drivers\jgch.sys

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\jgch\Type: 01000000
HKLM\System\CurrentControlSet\Services\jgch\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\jgch\DisplayName: jgch
HKLM\System\CurrentControlSet\Services\jgch\ImagePath: 730079007300740065006D00330032005C0064007200690076006500720073005C006A006700630068002E007300790073000000

Detected by UnHackMe:

JGCH.SYS
Default location: %SYSDIR%\DRIVERS\JGCH.SYS

Dropper information:
MD5: 0f8667e916b266227c268e19d14fa2bf
File size: 87296 bytes

Leave a Reply Cancel reply

You must be logged in to post a comment.