NPF.SYS – Backdoor Bredolab

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

NPF.SYS – Backdoor Bredolab removal

FileMD5Virus Alias
NPF.SYS b9730495e0cf674680121e34bd95a73b Backdoor Bredolab

NPF.SYS size: 50704 bytes
NPF.SYS hash: B9730495E0CF674680121E34BD95A73B

Created files:

%WinDir%\jucheck.exe
%WinDir%\pchealth\helpctr\binaries\convert.exe
%SysDir%\drivers\npf.sys
%SysDir%\launch.exe
%WinDir%\wisptis.exe
t:\p.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TimeNotifyer: c:\WINDOWS\System32\launch.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VideoNotifyer: c:\WINDOWS\jucheck.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\FolderChecker: %WinDir%\wisptis.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NetworkChecker: c:\WINDOWS\pchealth\helpctr\binaries\convert.exe

Detected by UnHackMe:

NPF.SYS
Default location: %SYSDIR%\DRIVERS\NPF.SYS

Dropper information:
MD5: 4cfe3514c54beea09f02cfaf908513f1
File size: 829456 bytes

Leave a Reply