CYHVPO.KLL – Trojan PcClient

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

CYHVPO.KLL – Trojan PcClient removal

FileMD5Virus Alias
CYHVPO.KLL ab7dfec82a137aa387db615fa0a340ba Trojan PcClient
CYHVPO.KLL ab7dfec82a137aa387db615fa0a340ba Trojan SuspiciousFile
CYHVPO.KLL ab7dfec82a137aa387db615fa0a340ba Trojan Generic
CYHVPO.KLL ab7dfec82a137aa387db615fa0a340ba Trojan Eldorado
CYHVPO.KLL ab7dfec82a137aa387db615fa0a340ba Backdoor PcClien
CYHVPO.KLL ab7dfec82a137aa387db615fa0a340ba Trojan Small

CYHVPO.KLL size: 80008 bytes
CYHVPO.KLL hash: AB7DFEC82A137AA387DB615FA0A340BA

Created files:

%SysDir%\000611fd.sys
%SysDir%\cyhvpo.kll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\piyvly\Type: 10010000
HKLM\System\CurrentControlSet\Services\piyvly\Start: 02000000
HKLM\System\CurrentControlSet\Services\piyvly\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\piyvly\DisplayName: piyvly
HKLM\System\CurrentControlSet\Services\piyvly\ImagePath: %WinDir%\System32\svchost -k piyvly
HKLM\System\CurrentControlSet\Services\piyvly\Description: Microsoft .NET Framework TPM
HKLM\System\CurrentControlSet\Services\piyvly\Parameters\ServiceDll: 2500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00630079006800760070006F002E006B006C006C000000

Detected by UnHackMe:

CYHVPO.KLL
Default location: %SYSDIR%\CYHVPO.KLL

Dropper information:
MD5: 5bb4b5c576a6e8a52f1e9db6573177ab
File size: 102275 bytes

Leave a Reply