SVCHOST.EXE – KeyLogger Ardamax

KeyLogger No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SVCHOST.EXE – KeyLogger Ardamax removal

File MD5 Virus Alias
SVCHOST.EXE 0c7a714b8e1d2ead2afc90dcc43bbe18 KeyLogger Ardamax
SVCHOST.EXE 0c7a714b8e1d2ead2afc90dcc43bbe18 Trojan Generic
SVCHOST.EXE 0c7a714b8e1d2ead2afc90dcc43bbe18 Trojan Xema
SVCHOST.EXE 0c7a714b8e1d2ead2afc90dcc43bbe18 Worm AMN
SVCHOST.EXE 0c7a714b8e1d2ead2afc90dcc43bbe18 Trojan Banker

SVCHOST.EXE size: 525312 bytes
SVCHOST.EXE hash: 0C7A714B8E1D2EAD2AFC90DCC43BBE18

Created files:

%WinDir%\regsvr.exe
%SysDir%\28463\svchost.001
%SysDir%\28463\svchost.002
%SysDir%\28463\svchost.exe
%SysDir%\regsvr.exe
%SysDir%\svchost .exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\svchost Agent: %WinDir%\System32\28463\svchost.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe regsvr.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Msn Messsenger: %WinDir%\System32\regsvr.exe

Detected by UnHackMe:

SVCHOST.EXE
Default location: %SYSDIR%\28463\SVCHOST.EXE

Dropper information:
MD5: 050e07347363c08cce0e936d13b356f5
File size: 616609 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images