I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
CSRSS.EXE – Trojan CoinMiner removal
File | MD5 | Virus Alias |
---|---|---|
CSRSS.EXE | 7a137203072d840851930f1ec6696d51 | Trojan CoinMiner |
CSRSS.EXE | 7a137203072d840851930f1ec6696d51 | Trojan Bitcoin |
CSRSS.EXE | 7a137203072d840851930f1ec6696d51 | Trojan SuspiciousFile |
CSRSS.EXE | 7a137203072d840851930f1ec6696d51 | Trojan Generic |
CSRSS.EXE size: 228485 bytes
CSRSS.EXE hash: 7A137203072D840851930F1EC6696D51
Created files:
%TEMP%\IXP000.TMP\CoolPDFReader.exe
%TEMP%\IXP000.TMP\pdf.exe
%TEMP%\_MEI24842\bin\csrss.exe
%TEMP%\_MEI24842\bin\diablo130302.cl
%TEMP%\_MEI24842\bin\diakgcn121016.cl
%TEMP%\_MEI24842\bin\explorer.exe
%TEMP%\_MEI24842\bin\libcurl.dll
%TEMP%\_MEI24842\bin\libeay32.dll
%TEMP%\_MEI24842\bin\libidn-11.dll
%TEMP%\_MEI24842\bin\minerd.dll
%TEMP%\_MEI24842\bin\OpenCL.dll
%TEMP%\_MEI24842\bin\phatk121016.cl
%TEMP%\_MEI24842\bin\poclbm130302.cl
%TEMP%\_MEI24842\bin\pthreadGC2.dll
%TEMP%\_MEI24842\bin\scrypt130511.cl
%TEMP%\_MEI24842\bin\ssleay32.dll
%TEMP%\_MEI24842\bin\winlogon.exe
%TEMP%\_MEI24842\bin\zlib1.dll
%TEMP%\_MEI24842\bz2.pyd
%TEMP%\_MEI24842\eggs\msgpack_python-0.3.0-py2.7-win32.egg
%TEMP%\_MEI24842\eggs\psutil-1.0.1-py2.7-win32.egg
%TEMP%\_MEI24842\eggs\wmi-1.4.9-py2.7-win32.egg
%TEMP%\_MEI24842\mfc90.dll
%TEMP%\_MEI24842\mfc90u.dll
%TEMP%\_MEI24842\mfcm90.dll
%TEMP%\_MEI24842\mfcm90u.dll
%TEMP%\_MEI24842\msgpack._packer.pyd
%TEMP%\_MEI24842\msgpack._unpacker.pyd
%TEMP%\_MEI24842\msvcm90.dll
%TEMP%\_MEI24842\msvcp90.dll
%TEMP%\_MEI24842\msvcr90.dll
%TEMP%\_MEI24842\pyexpat.pyd
%TEMP%\_MEI24842\pyHook._cpyHook.pyd
%TEMP%\_MEI24842\python27.dll
%TEMP%\_MEI24842\pythoncom27.dll
%TEMP%\_MEI24842\pywintypes27.dll
%TEMP%\_MEI24842\select.pyd
%TEMP%\_MEI24842\unicodedata.pyd
%TEMP%\_MEI24842\win32api.pyd
%TEMP%\_MEI24842\win32com.shell.shell.pyd
%TEMP%\_MEI24842\win32file.pyd
%TEMP%\_MEI24842\win32gui.pyd
%TEMP%\_MEI24842\win32pipe.pyd
%TEMP%\_MEI24842\win32trace.pyd
%TEMP%\_MEI24842\win32ui.pyd
%TEMP%\_MEI24842\_ctypes.pyd
%TEMP%\_MEI24842\_hashlib.pyd
%TEMP%\_MEI24842\_multiprocessing.pyd
%TEMP%\_MEI24842\_psutil_mswindows.pyd
%TEMP%\_MEI24842\_socket.pyd
%TEMP%\_MEI24842\_ssl.pyd
%TEMP%\_MEI24842\_win32sysloader.pyd
Autostart registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0: rundll32.exe %WinDir%\System32\advpack.dll,DelNodeRunDLL32 “%TEMP%\IXP000.TMP\”
Detected by UnHackMe:
CSRSS.EXE
Default location: %TEMP%\_MEI24842\BIN\CSRSS.EXE
Dropper information:
MD5: 125d357fea7d532c2bb474ecc3efd90b
File size: 8565760 bytes