Solved! Use SWR.SYS (Backdoor Koutodoor) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SWR.SYS – Backdoor Koutodoor removal

File MD5 Virus Alias
SWR.SYS 18800b6f4fad0d65aa1e112c8dc008f9 Backdoor Koutodoor
SWR.SYS 18800b6f4fad0d65aa1e112c8dc008f9 Trojan Generic
SWR.SYS 18800b6f4fad0d65aa1e112c8dc008f9 Trojan Eldorado
SWR.SYS 18800b6f4fad0d65aa1e112c8dc008f9 Trojan Agent
SWR.SYS 18800b6f4fad0d65aa1e112c8dc008f9 Trojan Crypt

SWR.SYS size: 41472 bytes
SWR.SYS hash: 18800B6F4FAD0D65AA1E112C8DC008F9

Created files:

%SysDir%\drivers\swr.sys
%SysDir%\yga.dll
%Temp%\uooczq.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\swr\Type: 01000000
HKLM\System\CurrentControlSet\Services\swr\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\swr\DisplayName: swr
HKLM\System\CurrentControlSet\Services\swr\ImagePath: 730079007300740065006D00330032005C0064007200690076006500720073005C007300770072002E007300790073000000

Detected by UnHackMe:

SWR.SYS
Default location: %SYSDIR%\DRIVERS\SWR.SYS

Dropper information:
MD5: c5b6be32976393c52d4a2d20ebc77850
File size: 282688 bytes

Leave a Reply