I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.
SPOOLS.EXE – Trojan Downloader removal
| File | MD5 | Virus Alias |
|---|---|---|
| SPOOLS.EXE | 21eedcd424d8e65d81db7a32612bbf0f | Trojan Downloader |
| SPOOLS.EXE | 21eedcd424d8e65d81db7a32612bbf0f | Trojan Adload |
| SPOOLS.EXE | 21eedcd424d8e65d81db7a32612bbf0f | Worm Autorun |
| SPOOLS.EXE | 21eedcd424d8e65d81db7a32612bbf0f | Trojan Agent |
| SPOOLS.EXE | 21eedcd424d8e65d81db7a32612bbf0f | Trojan Small |
| SPOOLS.EXE | 21eedcd424d8e65d81db7a32612bbf0f | Trojan ZBot |
SPOOLS.EXE size: 229626 bytes
SPOOLS.EXE hash: 21EEDCD424D8E65D81DB7A32612BBF0F
Created files:
%UserProfile%\cftmon.exe
%SysDir%\drivers\spools.exe
Autostart registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ntuser: %WinDir%\System32\drivers\spools.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\autoload: %WinDir%\System32\config\Systemprofile\cftmon.exe
HKLM\System\CurrentControlSet\Services\Schedule\ImagePath: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0064007200690076006500720073005C00730070006F006F006C0073002E006500780065000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ntuser: %WinDir%\System32\drivers\spools.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\autoload: %WinDir%\System32\config\Systemprofile\cftmon.exe
Detected by UnHackMe:
SPOOLS.EXE
Default location: %SYSDIR%\DRIVERS\SPOOLS.EXE
Dropper information:
MD5: 025ccf6e44819fe51244df2b7709509a
File size: 202162 bytes