Rootkit ZeroAccess – syshost.exe – 6dfe5ac4c0bea9742bfa8891a230f850

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

Rootkit ZeroAccess
Also known as: Trojan CI, Trojan ZBot
SHA256: f72d3ebe3fa5af1b56b905f5bc236f92dec79de30993fae8bd40e4108da8d3bd
SHA1: 836a3ec9b977d922f7b9575d95070248023f9396
MD5: 6dfe5ac4c0bea9742bfa8891a230f850
File size: 351232 bytes

Created files:

%WinDir%\Installer\{5B6A8BD1-52DF-B59F-8117-F72360C6F6CA}\syshost.exe – Rootkit ZeroAccess
%SysDir%\drivers\c23455.sys – Rootkit ZeroAccess

Rootkit ZeroAccess created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\syshost32: %WinDir%\Installer\{5B6A8BD1-52DF-B59F-8117-F72360C6F6CA}\syshost.exe
HKLM\System\CurrentControlSet\Services\c23455\Type: 01000000
HKLM\System\CurrentControlSet\Services\c23455\Start: 01000000
HKLM\System\CurrentControlSet\Services\c23455\DisplayName: syshost.exe
HKLM\System\CurrentControlSet\Services\c23455\ImagePath: %WinDir%\System32\drivers\c23455.sys
HKLM\System\CurrentControlSet\Services\syshost32\Type: 10000000
HKLM\System\CurrentControlSet\Services\syshost32\Start: 02000000
HKLM\System\CurrentControlSet\Services\syshost32\ImagePath: “%WinDir%\Installer\{5B6A8BD1-52DF-B59F-8117-F72360C6F6CA}\syshost.exe” /service

Leave a Reply