Solved! Use RNCEMRZ.SYS (Backdoor Koutodoor) Removal Guide

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

RNCEMRZ.SYS – Backdoor Koutodoor removal

File MD5 Virus Alias
RNCEMRZ.SYS 6bbb66b449dfad17cb55f3bdf123bc4b Backdoor Koutodoor
RNCEMRZ.SYS 6bbb66b449dfad17cb55f3bdf123bc4b Trojan Generic
RNCEMRZ.SYS 6bbb66b449dfad17cb55f3bdf123bc4b Trojan Eldorado
RNCEMRZ.SYS 6bbb66b449dfad17cb55f3bdf123bc4b Trojan Downloader
RNCEMRZ.SYS 6bbb66b449dfad17cb55f3bdf123bc4b Trojan Agent
RNCEMRZ.SYS 6bbb66b449dfad17cb55f3bdf123bc4b Trojan Crypt

RNCEMRZ.SYS size: 38336 bytes
RNCEMRZ.SYS hash: 6BBB66B449DFAD17CB55F3BDF123BC4B

Created files:

%SysDir%\drivers\rncemrz.sys
%SysDir%\ufvr.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\rncemrz\Type: 01000000
HKLM\System\CurrentControlSet\Services\rncemrz\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\rncemrz\DisplayName: rncemrz
HKLM\System\CurrentControlSet\Services\rncemrz\ImagePath: 730079007300740065006D00330032005C0064007200690076006500720073005C0072006E00630065006D0072007A002E007300790073000000

Detected by UnHackMe:

RNCEMRZ.SYS
Default location: %SYSDIR%\DRIVERS\RNCEMRZ.SYS

Dropper information:
MD5: 4211148da107f8799fc4a87d9bf3d7e5
File size: 122944 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images