Solved! Use GKQQKK.PIF (Rootkit TDSS) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

GKQQKK.PIF – Rootkit TDSS removal

File MD5 Virus Alias
GKQQKK.PIF 440bb12337d7753d3b95326cfa15e170 Rootkit TDSS
GKQQKK.PIF 440bb12337d7753d3b95326cfa15e170 Trojan Exception.gen.101
GKQQKK.PIF 440bb12337d7753d3b95326cfa15e170 Trojan DLOADER
GKQQKK.PIF 440bb12337d7753d3b95326cfa15e170 Trojan Artemis
GKQQKK.PIF 440bb12337d7753d3b95326cfa15e170 Trojan Generic
GKQQKK.PIF 440bb12337d7753d3b95326cfa15e170 Backdoor RBot

GKQQKK.PIF size: 39960 bytes
GKQQKK.PIF hash: 440BB12337D7753D3B95326CFA15E170

Created files:

%WinDir%\gkqqkk.pif
%SysDir%\hra101.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\WinHelp32\Type: 10010000
HKLM\System\CurrentControlSet\Services\WinHelp32\Start: 02000000
HKLM\System\CurrentControlSet\Services\WinHelp32\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\WinHelp32\DisplayName: Windows Help System
HKLM\System\CurrentControlSet\Services\WinHelp32\ImagePath: %WinDir%\gkqqkk.pif
HKLM\System\CurrentControlSet\Services\WinHelp32\Description: Windows Help System for X32 windows desktop

Detected by UnHackMe:

GKQQKK.PIF
Default location: %WinDir%\GKQQKK.PIF

Dropper information:
MD5: 440bb12337d7753d3b95326cfa15e170
File size: 39960 bytes

Leave a Reply