TASKHOST.EXE – Trojan PcClient

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

TASKHOST.EXE – Trojan PcClient removal

FileMD5Virus Alias
TASKHOST.EXE 555864055e5d8443e4d7e417aab225de Trojan PcClient
TASKHOST.EXE 555864055e5d8443e4d7e417aab225de Trojan SuspiciousFile
TASKHOST.EXE 555864055e5d8443e4d7e417aab225de Trojan Generic
TASKHOST.EXE 555864055e5d8443e4d7e417aab225de Trojan MulDrop4
TASKHOST.EXE 555864055e5d8443e4d7e417aab225de Trojan Downloader
TASKHOST.EXE 555864055e5d8443e4d7e417aab225de Trojan DNAScan

TASKHOST.EXE size: 106496 bytes
TASKHOST.EXE hash: 555864055E5D8443E4D7E417AAB225DE

Created files:

%Program Files%\QQNews\QQNews.exe
%Program Files%\svhost.exe
%WinDir%\abaadgfs.exe
%WinDir%\abjjjhfbdsa.exe
%WinDir%\adsagsafds.exe
%WinDir%\agfdsgadf.exe
%WinDir%\Cursors\taskhost.exe
%WinDir%\dsgasdgs.exe
%WinDir%\khjdsfa.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Schedulo\Type: 10010000
HKLM\System\CurrentControlSet\Services\Schedulo\Start: 02000000
HKLM\System\CurrentControlSet\Services\Schedulo\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Schedulo\DisplayName: Schedulo
HKLM\System\CurrentControlSet\Services\Schedulo\ImagePath: C:\Windows\Cursors\taskhost.exe Star
HKLM\System\CurrentControlSet\Services\Schedulo\ObjectName: LocalSystem
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\QQNews: “%Program Files%\QQNews\QQNews.exe” /r  -Software\Microsoft\Wind

Detected by UnHackMe:

TASKHOST.EXE
Default location: %WinDir%\CURSORS\TASKHOST.EXE

Dropper information:
MD5: 220288d788a9151e2f6f01944e5ea7b7
File size: 1222949 bytes

Leave a Reply