SYSHOST.EXE – Fake Antivirus SecurityTool

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SYSHOST.EXE – Fake Antivirus SecurityTool removal

File MD5 Virus Alias
SYSHOST.EXE 2478c7b2a2d6782207de42e54935b5d3 Fake Antivirus SecurityTool
SYSHOST.EXE 2478c7b2a2d6782207de42e54935b5d3 Trojan CI
SYSHOST.EXE 2478c7b2a2d6782207de42e54935b5d3 Fake Antivirus Winwebsec
SYSHOST.EXE 2478c7b2a2d6782207de42e54935b5d3 Trojan Agent
SYSHOST.EXE 2478c7b2a2d6782207de42e54935b5d3 Trojan Kryptik
SYSHOST.EXE 2478c7b2a2d6782207de42e54935b5d3 Trojan FakeAV

SYSHOST.EXE size: 151552 bytes
SYSHOST.EXE hash: 2478C7B2A2D6782207DE42E54935B5D3

Created files:

%WinDir%\Installer\{3D0B1A0E-C881-6E53-67BC-ED8C479CF9D4}\syshost.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\syshost32\Type: 10000000
HKLM\System\CurrentControlSet\Services\syshost32\Start: 02000000
HKLM\System\CurrentControlSet\Services\syshost32\ImagePath: “%WinDir%\Installer\{3D0B1A0E-C881-6E53-67BC-ED8C479CF9D4}\syshost.exe” /service

Detected by UnHackMe:

SYSHOST.EXE
Default location: %WinDir%\INSTALLER\{3D0B1A0E-C881-6E53-67BC-ED8C479CF9D4}\SYSHOST.EXE

Dropper information:
MD5: 2478c7b2a2d6782207de42e54935b5d3
File size: 151552 bytes

Leave a Reply