Solved! Use FONTCACHE.EXE (Trojan Graftor) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

FONTCACHE.EXE – Trojan Graftor removal

File MD5 Virus Alias
FONTCACHE.EXE e7ed072b2ef208a151cfad7e695a80ba Trojan Graftor
FONTCACHE.EXE e7ed072b2ef208a151cfad7e695a80ba Trojan Generic
FONTCACHE.EXE e7ed072b2ef208a151cfad7e695a80ba Trojan Eldorado
FONTCACHE.EXE e7ed072b2ef208a151cfad7e695a80ba Backdoor RBot
FONTCACHE.EXE e7ed072b2ef208a151cfad7e695a80ba Trojan Downloader
FONTCACHE.EXE e7ed072b2ef208a151cfad7e695a80ba Trojan Agent

FONTCACHE.EXE size: 36864 bytes
FONTCACHE.EXE hash: E7ED072B2EF208A151CFAD7E695A80BA

Created files:

%WinDir%\Microsoft.NET\Framework\v3.0\WPF\Caches.exe
%WinDir%\Microsoft.NET\Framework\v3.0\WPF\FontCache.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\FontCache3.0\Type: 10010000
HKLM\System\CurrentControlSet\Services\FontCache3.0\Start: 02000000
HKLM\System\CurrentControlSet\Services\FontCache3.0\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\FontCache3.0\DisplayName: Windows Presentation Foundation Fonts 3.0.0.0
HKLM\System\CurrentControlSet\Services\FontCache3.0\ImagePath: cmd.exe /c start %WinDir%\Microsoft.NET\Framework\v3.0\WPF\FontCache.exe

Detected by UnHackMe:

FONTCACHE.EXE
Default location: %WinDir%\MICROSOFT.NET\FRAMEWORK\V3.0\WPF\FONTCACHE.EXE

Dropper information:
MD5: e7ed072b2ef208a151cfad7e695a80ba
File size: 36864 bytes

Leave a Reply