I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
PASSTHRU.SYS – Trojan Agent removal
File | MD5 | Virus Alias |
---|---|---|
PASSTHRU.SYS | f23e8927cc852084f6ebaf3c7290ac80 | Trojan Agent |
PASSTHRU.SYS | f23e8927cc852084f6ebaf3c7290ac80 | Trojan SuspiciousFile |
PASSTHRU.SYS | f23e8927cc852084f6ebaf3c7290ac80 | Trojan Generic |
PASSTHRU.SYS | f23e8927cc852084f6ebaf3c7290ac80 | Trojan JboxGeneric |
PASSTHRU.SYS | f23e8927cc852084f6ebaf3c7290ac80 | Trojan Jbox |
PASSTHRU.SYS | f23e8927cc852084f6ebaf3c7290ac80 | Trojan Scar |
PASSTHRU.SYS size: 15360 bytes
PASSTHRU.SYS hash: F23E8927CC852084F6EBAF3C7290AC80
Created files:
C:\passthru.sys
%WinDir%\inf\passthru.sys
%SysDir%\Black.dll
%SysDir%\Drivers\diskflt.sys
%SysDir%\Drivers\passthru.sys
%SysDir%\wininitw.exe
%TEMP%\passthru.sys
%TEMP%\snetcfg.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\BITS\Fuck_Time: 1
HKLM\System\CurrentControlSet\Services\diskflt\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\diskflt\Type: 01000000
HKLM\System\CurrentControlSet\Services\diskflt\Tag: 0A000000
HKLM\System\CurrentControlSet\Services\Wintesd fdde speed tdss \Type: 10000000
HKLM\System\CurrentControlSet\Services\Wintesd fdde speed tdss \Start: 02000000
HKLM\System\CurrentControlSet\Services\Wintesd fdde speed tdss \DisplayName: Windows Tfg ds789g speed tdl4
HKLM\System\CurrentControlSet\Services\Wintesd fdde speed tdss \ImagePath: %WinDir%\System32\wininitw.exe
HKLM\System\CurrentControlSet\Services\Wintesd fdde speed tdss \Description: This is Wintesd fdde speed tdss
Detected by UnHackMe:
PASSTHRU.SYS
Default location: %SYSDIR%\DRIVERS\PASSTHRU.SYS
Dropper information:
MD5: a7877de54fccebc5c229f29597ac22ca
File size: 204800 bytes