Solved! Use OHFEET.SYS (Trojan PcClient) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

OHFEET.SYS – Trojan PcClient removal

File MD5 Virus Alias
OHFEET.SYS 192971a22cbb3af02e7dfa6334d318e5 Trojan PcClient
OHFEET.SYS 192971a22cbb3af02e7dfa6334d318e5 Trojan (Suspicious File)
OHFEET.SYS 192971a22cbb3af02e7dfa6334d318e5 Trojan Generic
OHFEET.SYS 192971a22cbb3af02e7dfa6334d318e5 Trojan Eldorado
OHFEET.SYS 192971a22cbb3af02e7dfa6334d318e5 Backdoor PcClien
OHFEET.SYS 192971a22cbb3af02e7dfa6334d318e5 Backdoor Hupigon

OHFEET.SYS size: 7680 bytes
OHFEET.SYS hash: 192971A22CBB3AF02E7DFA6334D318E5

Created files:

%SysDir%\drivers\ohfeet.sys
%SysDir%\ohfeet.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\vnbnuf\Type: 10010000
HKLM\System\CurrentControlSet\Services\vnbnuf\Start: 02000000
HKLM\System\CurrentControlSet\Services\vnbnuf\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\vnbnuf\DisplayName: vnbnuf
HKLM\System\CurrentControlSet\Services\vnbnuf\ImagePath: %WinDir%\System32\svchost.exe -k vnbnuf
HKLM\System\CurrentControlSet\Services\vnbnuf\Description: Microsoft .NET Framework TPM
HKLM\System\CurrentControlSet\Services\vnbnuf\Parameters\ServiceDll: 2500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C006F00680066006500650074002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\ynbnufhc\Type: 01000000
HKLM\System\CurrentControlSet\Services\ynbnufhc\Start: 02000000
HKLM\System\CurrentControlSet\Services\ynbnufhc\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\ynbnufhc\DisplayName: ynbnufhc
HKLM\System\CurrentControlSet\Services\ynbnufhc\ImagePath: %WinDir%\System32\drivers\ohfeet.sys

Detected by UnHackMe:

OHFEET.SYS
Default location: %SYSDIR%\DRIVERS\OHFEET.SYS

Dropper information:
MD5: d6919ee850cd53dc710f4c7436765ff2
File size: 69030 bytes

Leave a Reply