Solved! Use YGA.DLL (Backdoor Koutodoor) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

YGA.DLL – Backdoor Koutodoor removal

File MD5 Virus Alias
YGA.DLL 456a02248127e8b4f7959828154889c4 Backdoor Koutodoor
YGA.DLL 456a02248127e8b4f7959828154889c4 Trojan Generic
YGA.DLL 456a02248127e8b4f7959828154889c4 Trojan Eldorado
YGA.DLL 456a02248127e8b4f7959828154889c4 Trojan Siggen
YGA.DLL 456a02248127e8b4f7959828154889c4 Trojan Crypt

YGA.DLL size: 77824 bytes
YGA.DLL hash: 456A02248127E8B4F7959828154889C4

Created files:

%SysDir%\drivers\swr.sys
%SysDir%\yga.dll
%Temp%\uooczq.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\swr\Type: 01000000
HKLM\System\CurrentControlSet\Services\swr\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\swr\DisplayName: swr
HKLM\System\CurrentControlSet\Services\swr\ImagePath: 730079007300740065006D00330032005C0064007200690076006500720073005C007300770072002E007300790073000000

Detected by UnHackMe:

YGA.DLL
Default location: %SYSDIR%\YGA.DLL

Dropper information:
MD5: c5b6be32976393c52d4a2d20ebc77850
File size: 282688 bytes

Leave a Reply