Solved! Use RRSLOL.EXE (Trojan OnLineGames) Removal Guide

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

RRSLOL.EXE – Trojan OnLineGames removal

File MD5 Virus Alias
RRSLOL.EXE 765afd8b1c51871dc60091e177c0cd8a Trojan OnLineGames
RRSLOL.EXE 765afd8b1c51871dc60091e177c0cd8a Trojan Artemis
RRSLOL.EXE 765afd8b1c51871dc60091e177c0cd8a Trojan XPACK
RRSLOL.EXE 765afd8b1c51871dc60091e177c0cd8a Trojan Generic
RRSLOL.EXE 765afd8b1c51871dc60091e177c0cd8a Trojan Graftor
RRSLOL.EXE 765afd8b1c51871dc60091e177c0cd8a Trojan Agent

RRSLOL.EXE size: 90624 bytes
RRSLOL.EXE hash: 765AFD8B1C51871DC60091E177C0CD8A

Created files:

%SysDir%\drivers\PCIDump.sys
%SysDir%\gyblack.lst
%SysDir%\lolcc.ss
%SysDir%\lolss.exe
%SysDir%\lolxcs.dll
%SysDir%\NetHelp32.exe
%SysDir%\RRsLol.exe
%SysDir%\WinHelp32.exe
%Temp%\bd.exe
%Temp%\L0L_Login.exe
%Temp%\LOLds.exe
%Temp%\LOL_Update.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\WS2IFSL\Type: 01000000
HKLM\System\CurrentControlSet\Services\WS2IFSL\Start: 01000000
HKLM\System\CurrentControlSet\Services\WS2IFSL\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\WS2IFSL\DisplayName: Windows Socket 2.0 Non-IFS Service Provider Support Environment
HKLM\System\CurrentControlSet\Services\WS2IFSL\ImagePath: \SystemRoot\System32\drivers\ws2ifsl.sys

Detected by UnHackMe:

RRSLOL.EXE
Default location: %SYSDIR%\RRSLOL.EXE

Dropper information:
MD5: d397c60c346a1aaf0814431df307f41a
File size: 1263616 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images