I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
EXPLORER.EXE – Trojan Agent removal
File | MD5 | Virus Alias |
---|---|---|
EXPLORER.EXE | f5be1ba6bfd88f611e2a78d58be2b36f | Trojan Agent |
EXPLORER.EXE | f5be1ba6bfd88f611e2a78d58be2b36f | Trojan SuspiciousFile |
EXPLORER.EXE | f5be1ba6bfd88f611e2a78d58be2b36f | Trojan Artemis |
EXPLORER.EXE | f5be1ba6bfd88f611e2a78d58be2b36f | Trojan Xema |
EXPLORER.EXE | f5be1ba6bfd88f611e2a78d58be2b36f | Trojan Click |
EXPLORER.EXE | f5be1ba6bfd88f611e2a78d58be2b36f | Trojan Downloader |
EXPLORER.EXE size: 15872 bytes
EXPLORER.EXE hash: F5BE1BA6BFD88F611E2A78D58BE2B36F
Created files:
%Program Files%\Explorer\ES2.dll
%Program Files%\Explorer\Explorer.exe
%SysDir%\es2.dll
%SysDir%\MsServices\MsService.dll
%SysDir%\MsServices\OldUnReg.dll
%SysDir%\MsServices\Reg.exe
%SysDir%\MsServices\svchost.dll
%SysDir%\MsServices\unreg1.dll
%TEMP%\cj.exe
%TEMP%\cj1.exe
%TEMP%\service_lina_ruanzhong1.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\MessageService\Type: 10000000
HKLM\System\CurrentControlSet\Services\MessageService\Start: 02000000
HKLM\System\CurrentControlSet\Services\MessageService\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\MessageService\DisplayName: MessageService
HKLM\System\CurrentControlSet\Services\MessageService\ImagePath: %WinDir%\System32\Svchost.exe -k MessageService
HKLM\System\CurrentControlSet\Services\MessageService\Description: ???????????????????,????????????????????,??????????????????????????????????????
HKLM\System\CurrentControlSet\Services\MessageService\Parameters\ServiceDll: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C004D007300530065007200760069006300650073005C0073007600630068006F00730074002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\TrkWsk\Type: 10010000
HKLM\System\CurrentControlSet\Services\TrkWsk\Start: 02000000
HKLM\System\CurrentControlSet\Services\TrkWsk\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\TrkWsk\ImagePath: 2500530079007300740065006D0052006F006F00740025005C00730079007300740065006D00330032005C0073007600630068006F00730074002E0065007800650020002D006B0020006E006500740073007600730063000000
HKLM\System\CurrentControlSet\Services\TrkWsk\DisplayName: Distributed Link Tracking Server
HKLM\System\CurrentControlSet\Services\TrkWsk\Group: netsvsc
HKLM\System\CurrentControlSet\Services\TrkWsk\ObjectName: LocalSystem
HKLM\System\CurrentControlSet\Services\TrkWsk\Description: ????? NTFS ?????????????????????????
HKLM\System\CurrentControlSet\Services\TrkWsk\Parameters\ServiceDll: 2500530079007300740065006D0052006F006F00740025005C00730079007300740065006D00330032005C004500530032002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\TrkWsk\Security\Security: 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000
Detected by UnHackMe:
EXPLORER.EXE
Default location: %PROGRAM FILES%\EXPLORER\EXPLORER.EXE
Dropper information:
MD5: 088cb5a2d53e93b5493d6070abc9e2c5
File size: 294569 bytes