TEMP4.EXE – Trojan OnLineGames

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

TEMP4.EXE – Trojan OnLineGames removal

FileMD5Virus Alias
TEMP4.EXE b42e6f03a265abe888733980e9485a3d Trojan OnLineGames
TEMP4.EXE b42e6f03a265abe888733980e9485a3d Trojan SuspiciousFile
TEMP4.EXE b42e6f03a265abe888733980e9485a3d Trojan Artemis
TEMP4.EXE b42e6f03a265abe888733980e9485a3d Trojan Eldorado
TEMP4.EXE b42e6f03a265abe888733980e9485a3d Trojan Agent
TEMP4.EXE b42e6f03a265abe888733980e9485a3d Trojan AVKill

TEMP4.EXE size: 266240 bytes
TEMP4.EXE hash: B42E6F03A265ABE888733980E9485A3D

Created files:

C:\1289100.dll
C:\windows\system32\dllcache\ws2help.dll
C:\windows\system32\drivers\420a0a1f.sys
C:\windows\system32\drivers\xpV3001.sys
C:\windows\system32\RpcSvc.psd
C:\windows\system32\ws2helpXP.dll
C:\windows\system32\wshtcpip.dll
C:\windows\Tasks\csrss.exe
C:\windows\temp\svohcst.exe
C:\windows\temp\temp1.exe
C:\windows\temp\temp2.exe
C:\windows\temp\temp3.exe
C:\windows\temp\temp4.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Download: C:\windows\temp\svohcst.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,%WinDir%\Tasks\csrss.exe?, |Q- |X- |2?`?Detected by UnHackMe:

TEMP4.EXE
Default location: %TEMP%\TEMP4.EXE

Dropper information:
MD5: 0061ab968be10a5fdec3098f6289ec02
File size: 452624 bytes

Leave a Reply