Solved! Use NETSVCS.EXE (Backdoor Farfli) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

NETSVCS.EXE – Backdoor Farfli removal

File MD5 Virus Alias
NETSVCS.EXE fc35d97f94bf172e75f4ec2e777b9bba Backdoor Farfli
NETSVCS.EXE fc35d97f94bf172e75f4ec2e777b9bba Trojan UnwantedProgram
NETSVCS.EXE fc35d97f94bf172e75f4ec2e777b9bba Trojan Generic
NETSVCS.EXE fc35d97f94bf172e75f4ec2e777b9bba Trojan Graftor
NETSVCS.EXE fc35d97f94bf172e75f4ec2e777b9bba Trojan Agent
NETSVCS.EXE fc35d97f94bf172e75f4ec2e777b9bba Backdoor Zegost

NETSVCS.EXE size: 10567680 bytes
NETSVCS.EXE hash: FC35D97F94BF172E75F4EC2E777B9BBA

Created files:

%Program Files%\Windows NT\netsvcs.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Autoupdate\ConnectGroup: ??????
HKLM\System\CurrentControlSet\Services\Autoupdate\MarkTime: 2015-08-06 23:15
HKLM\System\CurrentControlSet\Services\Autoupdate\Type: 10010000
HKLM\System\CurrentControlSet\Services\Autoupdate\Start: 02000000
HKLM\System\CurrentControlSet\Services\Autoupdate\DisplayName: Automatic Update
HKLM\System\CurrentControlSet\Services\Autoupdate\ImagePath: %Program Files%\Windows NT\netsvcs.exe

Detected by UnHackMe:

NETSVCS.EXE
Default location: %PROGRAM FILES%\WINDOWS NT\NETSVCS.EXE

Dropper information:
MD5: 99e73c2857c5731c739a188c8f897b18
File size: 81920 bytes

Leave a Reply