Solved! Use SYSSRC32.EXE (Trojan Crypt) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SYSSRC32.EXE – Trojan Crypt removal

File MD5 Virus Alias
SYSSRC32.EXE dca4f2d3e840274e286973de9af49f23 Trojan Crypt
SYSSRC32.EXE dca4f2d3e840274e286973de9af49f23 Trojan Generic
SYSSRC32.EXE dca4f2d3e840274e286973de9af49f23 Trojan Xema
SYSSRC32.EXE dca4f2d3e840274e286973de9af49f23 Trojan Comame
SYSSRC32.EXE dca4f2d3e840274e286973de9af49f23 Trojan PAM
SYSSRC32.EXE dca4f2d3e840274e286973de9af49f23 Trojan Agent

SYSSRC32.EXE size: 194138 bytes
SYSSRC32.EXE hash: DCA4F2D3E840274E286973DE9AF49F23

Created files:

C:\Windows\Help\intret.cnt
C:\Windows\Syssrc32.exe
C:\Windows\System\applets.exe
C:\Windows\System\Explorer.exe
C:\Windows\System\fndfst32.exe
C:\Windows\System\mplayerw.exe
C:\Windows\System\Sysexp32.exe
%Temp%\1D87B2.dmp

Autostart registry keys:

HKLM\Software\Classes\txtfile\shell\open\command\Explore: %SystemRoot%\System32\NOTEPAD.EXE %1
HKLM\Software\Classes\txtfile\shell\open\command : C:\Windows\System\Sysexp32.exe %1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\System applets: C:\Windows\System\applets.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Syssrc32: C:\Windows\Syssrc32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\fndfst32: C:\Windows\System\fndfst32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Explorer Shell: C:\Windows\System\Explorer.exe

Detected by UnHackMe:

SYSSRC32.EXE
Default location: %WinDir%\SYSSRC32.EXE

Dropper information:
MD5: 64092b65d2cd79275aa4f8354c7b99f0
File size: 184918 bytes

Leave a Reply