Solved! Use HP3900.SYS (Trojan Dulom) Removal Guide

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

HP3900.SYS – Trojan Dulom removal

File MD5 Virus Alias
HP3900.SYS 5b88a465204e1f2b852427625c62d296 Trojan Dulom
HP3900.SYS 5b88a465204e1f2b852427625c62d296 Trojan SuspiciousFile
HP3900.SYS 5b88a465204e1f2b852427625c62d296 Trojan Generic
HP3900.SYS 5b88a465204e1f2b852427625c62d296 Trojan CI
HP3900.SYS 5b88a465204e1f2b852427625c62d296 Trojan Agent
HP3900.SYS 5b88a465204e1f2b852427625c62d296 Trojan Banker

HP3900.SYS size: 3456 bytes
HP3900.SYS hash: 5B88A465204E1F2B852427625C62D296

Created files:

%SysDir%\drivers\agroio.sys
%SysDir%\drivers\hp3900.sys
%AppData%\Macromidia\alg.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\agroio\Type: 01000000
HKLM\System\CurrentControlSet\Services\agroio\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\agroio\DisplayName: agroio
HKLM\System\CurrentControlSet\Services\agroio\ImagePath: %WinDir%\System32\drivers\agroio.sys
HKLM\System\CurrentControlSet\Services\hp3900\Type: 01000000
HKLM\System\CurrentControlSet\Services\hp3900\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\hp3900\DisplayName: hp3900
HKLM\System\CurrentControlSet\Services\hp3900\ImagePath: %WinDir%\System32\drivers\hp3900.sys
HKLM\System\CurrentControlSet\Services\hp3900\Group: Boot Bus Extender
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\alg: %AppData%\Macromidia\alg.exe

Detected by UnHackMe:

HP3900.SYS
Default location: %SYSDIR%\DRIVERS\HP3900.SYS

Dropper information:
MD5: d4bc6b1d5b86b0138bef766ba7de2d70
File size: 986112 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images