Solved! Use SPOOLCDS.DLL (Trojan Artemis) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SPOOLCDS.DLL – Trojan Artemis removal

File MD5 Virus Alias
SPOOLCDS.DLL 3b67048cadcbbd89c0ed05cc1a4c34be Trojan Artemis
SPOOLCDS.DLL 3b67048cadcbbd89c0ed05cc1a4c34be Trojan (Suspicious File)
SPOOLCDS.DLL 3b67048cadcbbd89c0ed05cc1a4c34be Trojan Generic
SPOOLCDS.DLL 3b67048cadcbbd89c0ed05cc1a4c34be Trojan CI
SPOOLCDS.DLL 3b67048cadcbbd89c0ed05cc1a4c34be Trojan Agent

SPOOLCDS.DLL size: 4096 bytes
SPOOLCDS.DLL hash: 3B67048CADCBBD89C0ED05CC1A4C34BE

Created files:

%SysDir%\apinetfs.exe
%SysDir%\ctfhosturl.ocx
%SysDir%\dhcpmgrsys.exe
%SysDir%\engpptpusb.exe
%SysDir%\spoolcds.dll
%SysDir%\sysdnscpl.exe
%SysDir%\tapifspc.exe
%SysDir%\themeuichk.dll
%SysDir%\usbuiwm.exe
%Temp%\advsec32.dll

Autostart registry keys:

HKLM\Software\Microsoft\Active Setup\Installed Components\{22d7f312-b0f6-11d2-94ab-0080c33c7e95}\StubPath: rundll32.exe %WinDir%\System32\themeuichk.dll,ThemesSetupInstallCheck
HKLM\Software\Microsoft\Active Setup\Installed Components\{22d7f312-b0f6-11d2-94ab-0080c33c7e95}\IconsBinary: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C007500730062007500690077006D002E006500780065000000
HKLM\Software\Microsoft\Active Setup\Installed Components\{22d7f312-b0f6-11d2-94ab-0080c33c7e95}\Version: 1,1,1,2
HKLM\Software\Microsoft\Active Setup\Installed Components\{22d7f312-b0f6-11d2-94ab-0080c33c7e95}\ComponentID: DOTNETFRAMEWORKS
HKLM\Software\Microsoft\Active Setup\Installed Components\{22d7f312-b0f6-11d2-94ab-0080c33c7e95}\DontAsk: 02000000
HKLM\Software\Microsoft\Active Setup\Installed Components\{22d7f312-b0f6-11d2-94ab-0080c33c7e95}\IsInstalled: 01000000
HKLM\Software\Microsoft\Active Setup\Installed Components\{22d7f312-b0f6-11d2-94ab-0080c33c7e95} : Themes Setup
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\recovery: %WinDir%\System32\tapifspc.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\recovery: %WinDir%\System32\tapifspc.exe

Detected by UnHackMe:

SPOOLCDS.DLL
Default location: %SYSDIR%\SPOOLCDS.DLL

Dropper information:
MD5: 608454c98e90961bf481fb003083ba5b
File size: 2439407 bytes

Leave a Reply