WININIT.EXE – Trojan Artemis

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

WININIT.EXE – Trojan Artemis removal

FileMD5Virus Alias
WININIT.EXE 09b6186588478f3155db03a9c3ed5b17 Trojan Artemis
WININIT.EXE 09b6186588478f3155db03a9c3ed5b17 Trojan BadReputation
WININIT.EXE 09b6186588478f3155db03a9c3ed5b17 Trojan Generic
WININIT.EXE 09b6186588478f3155db03a9c3ed5b17 Trojan Eldorado
WININIT.EXE 09b6186588478f3155db03a9c3ed5b17 Trojan Agent
WININIT.EXE 09b6186588478f3155db03a9c3ed5b17 Trojan Small

WININIT.EXE size: 471552 bytes
WININIT.EXE hash: 09B6186588478F3155DB03A9C3ED5B17

Created files:

%WinDir%\dllhst3g.exe
%WinDir%\lsm.exe
%WinDir%\System\wininit.exe
%TEMP%\Twain002.Mtx
%AllUsersProfile%\clipsrv.exe
%AllUsersProfile%\spoolsv.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\WinInit: %WinDir%\System\wininit.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WinInit: %WinDir%\System\wininit.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lsm service: %WinDir%\lsm.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ClipSrv: %AllUsersProfile%\clipsrv.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: C:\DOCUME~1\ALLUSE~1\spoolsv.exe

Detected by UnHackMe:

WININIT.EXE
Default location: %WinDir%\SYSTEM\WININIT.EXE

Dropper information:
MD5: 09b6186588478f3155db03a9c3ed5b17
File size: 471552 bytes

Leave a Reply