Solved! Use OHFEET.DLL (Unknown) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

OHFEET.DLL – Unknown removal

OHFEET.DLL size: 71236 bytes
OHFEET.DLL hash: 38C209E705394870E8EE7C6A21FBFB92

Created files:

%SysDir%\drivers\ohfeet.sys
%SysDir%\ohfeet.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\vnbnuf\Type: 10010000
HKLM\System\CurrentControlSet\Services\vnbnuf\Start: 02000000
HKLM\System\CurrentControlSet\Services\vnbnuf\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\vnbnuf\DisplayName: vnbnuf
HKLM\System\CurrentControlSet\Services\vnbnuf\ImagePath: %WinDir%\System32\svchost.exe -k vnbnuf
HKLM\System\CurrentControlSet\Services\vnbnuf\Description: Microsoft .NET Framework TPM
HKLM\System\CurrentControlSet\Services\vnbnuf\Parameters\ServiceDll: 2500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C006F00680066006500650074002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\ynbnufhc\Type: 01000000
HKLM\System\CurrentControlSet\Services\ynbnufhc\Start: 02000000
HKLM\System\CurrentControlSet\Services\ynbnufhc\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\ynbnufhc\DisplayName: ynbnufhc
HKLM\System\CurrentControlSet\Services\ynbnufhc\ImagePath: %WinDir%\System32\drivers\ohfeet.sys

Detected by UnHackMe:

OHFEET.DLL
Default location: %SYSDIR%\OHFEET.DLL

Dropper information:
MD5: d6919ee850cd53dc710f4c7436765ff2
File size: 69030 bytes

Leave a Reply