420A0A1F.SYS – Trojan OnLineGames

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

420A0A1F.SYS – Trojan OnLineGames removal

FileMD5Virus Alias
420A0A1F.SYS 074a50fe42e787dedb1bf393105681b0 Trojan OnLineGames
420A0A1F.SYS 074a50fe42e787dedb1bf393105681b0 Trojan SuspiciousFile
420A0A1F.SYS 074a50fe42e787dedb1bf393105681b0 Trojan Generic
420A0A1F.SYS 074a50fe42e787dedb1bf393105681b0 Trojan Eldorado
420A0A1F.SYS 074a50fe42e787dedb1bf393105681b0 Trojan Agent
420A0A1F.SYS 074a50fe42e787dedb1bf393105681b0 Trojan Small

420A0A1F.SYS size: 36352 bytes
420A0A1F.SYS hash: 074A50FE42E787DEDB1BF393105681B0

Created files:

C:\1289100.dll
C:\windows\system32\dllcache\ws2help.dll
C:\windows\system32\drivers\420a0a1f.sys
C:\windows\system32\drivers\xpV3001.sys
C:\windows\system32\RpcSvc.psd
C:\windows\system32\ws2helpXP.dll
C:\windows\system32\wshtcpip.dll
C:\windows\Tasks\csrss.exe
C:\windows\temp\svohcst.exe
C:\windows\temp\temp1.exe
C:\windows\temp\temp2.exe
C:\windows\temp\temp3.exe
C:\windows\temp\temp4.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Download: C:\windows\temp\svohcst.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,%WinDir%\Tasks\csrss.exe?, |Q- |X- |2?`?Detected by UnHackMe:

420A0A1F.SYS
Default location: %SYSDIR%\DRIVERS\420A0A1F.SYS

Dropper information:
MD5: ca33e1826f8d03ed2c11fba563ca3bbb
File size: 4207 bytes

Leave a Reply