Solved! Use RIDRIO.PIF (Backdoor Farfli) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

RIDRIO.PIF – Backdoor Farfli removal

File MD5 Virus Alias
RIDRIO.PIF 09ad7822e45ebd2ca70330388df68a1a Backdoor Farfli
RIDRIO.PIF 09ad7822e45ebd2ca70330388df68a1a Trojan PAK_Generic
RIDRIO.PIF 09ad7822e45ebd2ca70330388df68a1a Trojan SuspiciousFile
RIDRIO.PIF 09ad7822e45ebd2ca70330388df68a1a Trojan Artemis
RIDRIO.PIF 09ad7822e45ebd2ca70330388df68a1a Trojan Eldorado
RIDRIO.PIF 09ad7822e45ebd2ca70330388df68a1a Trojan Agent

RIDRIO.PIF size: 118784 bytes
RIDRIO.PIF hash: 09AD7822E45EBD2CA70330388DF68A1A

Created files:

%WinDir%\ridrio.pif

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Pqrstu Wxyabcde Ghi\Type: 10010000
HKLM\System\CurrentControlSet\Services\Pqrstu Wxyabcde Ghi\Start: 02000000
HKLM\System\CurrentControlSet\Services\Pqrstu Wxyabcde Ghi\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Pqrstu Wxyabcde Ghi\DisplayName: Pqrstuvw Yabcdefgh Jklmnop Rstuvwxy Bcd
HKLM\System\CurrentControlSet\Services\Pqrstu Wxyabcde Ghi\ImagePath: %WinDir%\ridrio.pif
HKLM\System\CurrentControlSet\Services\Pqrstu Wxyabcde Ghi\Description: Pqrstu Wxyabcde Ghijklmn Pqrs

Detected by UnHackMe:

RIDRIO.PIF
Default location: %WinDir%\RIDRIO.PIF

Dropper information:
MD5: 09ad7822e45ebd2ca70330388df68a1a
File size: 118784 bytes

Leave a Reply