TEMP1.EXE – Trojan Magania

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

TEMP1.EXE – Trojan Magania removal

FileMD5Virus Alias
TEMP1.EXE b82e75376afdb3e0bb092f4fca53e4b9 Trojan Magania
TEMP1.EXE b82e75376afdb3e0bb092f4fca53e4b9 Trojan SuspiciousFile
TEMP1.EXE b82e75376afdb3e0bb092f4fca53e4b9 Trojan Eldorado
TEMP1.EXE b82e75376afdb3e0bb092f4fca53e4b9 Trojan Downloader
TEMP1.EXE b82e75376afdb3e0bb092f4fca53e4b9 Trojan Siggen
TEMP1.EXE b82e75376afdb3e0bb092f4fca53e4b9 Trojan Agent

TEMP1.EXE size: 137216 bytes
TEMP1.EXE hash: B82E75376AFDB3E0BB092F4FCA53E4B9

Created files:

C:\1289100.dll
C:\windows\system32\dllcache\ws2help.dll
C:\windows\system32\drivers\420a0a1f.sys
C:\windows\system32\drivers\xpV3001.sys
C:\windows\system32\RpcSvc.psd
C:\windows\system32\ws2helpXP.dll
C:\windows\system32\wshtcpip.dll
C:\windows\Tasks\csrss.exe
C:\windows\temp\svohcst.exe
C:\windows\temp\temp1.exe
C:\windows\temp\temp2.exe
C:\windows\temp\temp3.exe
C:\windows\temp\temp4.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Download: C:\windows\temp\svohcst.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,%WinDir%\Tasks\csrss.exe?, |Q- |X- |2?`?Detected by UnHackMe:

TEMP1.EXE
Default location: %TEMP%\TEMP1.EXE

Dropper information:
MD5: 0061ab968be10a5fdec3098f6289ec02
File size: 452624 bytes

Leave a Reply