SQPUHKIR.EXE – Trojan Kazy

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SQPUHKIR.EXE – Trojan Kazy removal

File MD5 Virus Alias
SQPUHKIR.EXE 58b8f8eaf51db4a882e41f9a65a3ea60 Trojan Kazy
SQPUHKIR.EXE 58b8f8eaf51db4a882e41f9a65a3ea60 Trojan Artemis
SQPUHKIR.EXE 58b8f8eaf51db4a882e41f9a65a3ea60 Trojan Generic
SQPUHKIR.EXE 58b8f8eaf51db4a882e41f9a65a3ea60 Trojan DNAScan
SQPUHKIR.EXE 58b8f8eaf51db4a882e41f9a65a3ea60 Trojan CI
SQPUHKIR.EXE 58b8f8eaf51db4a882e41f9a65a3ea60 Worm AMN

SQPUHKIR.EXE size: 99700 bytes
SQPUHKIR.EXE hash: 58B8F8EAF51DB4A882E41F9A65A3EA60

Created files:

%UserProfile%\Local Settings\Application Data\sfdnuiwu\birafigl.exe
%UserProfile%\Start Menu\Programs\Startup\birafigl.exe
%TEMP%\sqpuhkir.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,,%Local AppData%\sfdnuiwu\birafigl.exe
HKLM\System\CurrentControlSet\Services\wscsvc\Start: 04000000
HKLM\System\CurrentControlSet\Services\wuauserv\Start: 04000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\BirAfigl: %Local AppData%\sfdnuiwu\birafigl.exe

Detected by UnHackMe:

SQPUHKIR.EXE
Default location: %TEMP%\SQPUHKIR.EXE

Dropper information:
MD5: 58b8f8eaf51db4a882e41f9a65a3ea60
File size: 99700 bytes

Leave a Reply