I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.
SYSEXP32.EXE – Trojan Crypt removal
| File | MD5 | Virus Alias |
|---|---|---|
| SYSEXP32.EXE | 20abf55e92482f980e76b726c8cb115d | Trojan Crypt |
| SYSEXP32.EXE | 20abf55e92482f980e76b726c8cb115d | Trojan Generic |
| SYSEXP32.EXE | 20abf55e92482f980e76b726c8cb115d | Trojan Xema |
| SYSEXP32.EXE | 20abf55e92482f980e76b726c8cb115d | Trojan Comame |
| SYSEXP32.EXE | 20abf55e92482f980e76b726c8cb115d | Trojan PAM |
| SYSEXP32.EXE | 20abf55e92482f980e76b726c8cb115d | Trojan Agent |
SYSEXP32.EXE size: 197216 bytes
SYSEXP32.EXE hash: 20ABF55E92482F980E76B726C8CB115D
Created files:
C:\Windows\Help\intret.cnt
C:\Windows\Syssrc32.exe
C:\Windows\System\applets.exe
C:\Windows\System\Explorer.exe
C:\Windows\System\fndfst32.exe
C:\Windows\System\mplayerw.exe
C:\Windows\System\Sysexp32.exe
%Temp%\1D87B2.dmp
Autostart registry keys:
HKLM\Software\Classes\txtfile\shell\open\command\Explore: %SystemRoot%\System32\NOTEPAD.EXE %1
HKLM\Software\Classes\txtfile\shell\open\command : C:\Windows\System\Sysexp32.exe %1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\System applets: C:\Windows\System\applets.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Syssrc32: C:\Windows\Syssrc32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\fndfst32: C:\Windows\System\fndfst32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Explorer Shell: C:\Windows\System\Explorer.exe
Detected by UnHackMe:
SYSEXP32.EXE
Default location: %WinDir%\SYSTEM\SYSEXP32.EXE
Dropper information:
MD5: 64092b65d2cd79275aa4f8354c7b99f0
File size: 184918 bytes