SWIOOL.SCR – Trojan OnLineGames

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

SWIOOL.SCR – Trojan OnLineGames removal

FileMD5Virus Alias
SWIOOL.SCR 0383d2742e25c8f1b8a3badbf57f5c4d Trojan OnLineGames
SWIOOL.SCR 0383d2742e25c8f1b8a3badbf57f5c4d Trojan SuspiciousFile
SWIOOL.SCR 0383d2742e25c8f1b8a3badbf57f5c4d Trojan Eldorado
SWIOOL.SCR 0383d2742e25c8f1b8a3badbf57f5c4d Trojan Agent
SWIOOL.SCR 0383d2742e25c8f1b8a3badbf57f5c4d Trojan Delphi
SWIOOL.SCR 0383d2742e25c8f1b8a3badbf57f5c4d Trojan Delf

SWIOOL.SCR size: 1019392 bytes
SWIOOL.SCR hash: 0383D2742E25C8F1B8A3BADBF57F5C4D

Created files:

%WinDir%\mshost.exe
%SysDir%\3721.1.dll
%SysDir%\swiool.scr

Autostart registry keys:

HKLM\Software\Classes\CLSID\{4BBC1A4D-DD20-4980-A645-2E13F6FC286D}\InprocServer32 : %WinDir%\System32\3721.1.dll
HKLM\System\CurrentControlSet\Services\mshost\Type: 20010000
HKLM\System\CurrentControlSet\Services\mshost\Start: 02000000
HKLM\System\CurrentControlSet\Services\mshost\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\mshost\DisplayName: host Service For Windows
HKLM\System\CurrentControlSet\Services\mshost\ImagePath: %WinDir%\mshost.exe

Detected by UnHackMe:

SWIOOL.SCR
Default location: %SYSDIR%\SWIOOL.SCR

Dropper information:
MD5: 0383d2742e25c8f1b8a3badbf57f5c4d
File size: 1019392 bytes

Leave a Reply