FSHOOK.DLL – Trojan Generic

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

FSHOOK.DLL – Trojan Generic removal

FileMD5Virus Alias
FSHOOK.DLL cecd38d3777d9332d23f6c55f89b33b5 Trojan Generic
FSHOOK.DLL cecd38d3777d9332d23f6c55f89b33b5 Trojan Agent

FSHOOK.DLL size: 28672 bytes
FSHOOK.DLL hash: CECD38D3777D9332D23F6C55F89B33B5

Created files:

%Program Files%\DeskAdTop\deskipn.dll
%Program Files%\DeskAdTop\DeskUn.exe
%Program Files%\DeskAdTop\fshook.dll
%Program Files%\DeskAdTop\Mrup.exe
%Program Files%\DeskAdTop\Run.dll
%Program Files%\DeskAdTop\_uninstall
%SysDir%\cnwin.dll
%TEMP%\204.exe
%TEMP%\ad1760.exe
%TEMP%\bind_50103.exe
%TEMP%\dodolook057.exe
%TEMP%\MIS_724_0.EXE
%TEMP%\mms_724.exe
%TEMP%\setup168.exe
%TEMP%\tdsetup.exe

Autostart registry keys:

HKLM\Software\Classes\CLSID\{08A312BB-5409-49FC-9347-54BB7D069AC6}\InprocServer32 : %Program Files%\DeskAdTop\deskipn.dll
HKLM\Software\Classes\CLSID\{EC497BD8-460F-44F0-B2A4-8C2B2198035B}\InprocServer32 : %WinDir%\System32\cnwin.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\%TEMP%\tdsetup.exe: %TEMP%\tdsetup.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\%TEMP%\bind_50103.exe: %TEMP%\bind_50103.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\%TEMP%\dodolook057.exe: %TEMP%\dodolook057.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\%TEMP%\mms_724.exe: %TEMP%\mms_724.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\%TEMP%\setup168.exe: %TEMP%\setup168.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Desktop: %WinDir%\System32\rundll32.exe “%Program Files%\DeskAdTop\Run.dll” ,Rundll
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\%TEMP%\ad1760.exe: %TEMP%\ad1760.exe

Detected by UnHackMe:

FSHOOK.DLL
Default location: %PROGRAM FILES%\DESKADTOP\FSHOOK.DLL

Dropper information:
MD5: 1ce02e2452976b3d9cece806fe6736ec
File size: 995928 bytes

Leave a Reply