Solved! Use RSMHTGY.CC3 (Backdoor Drwolf) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

RSMHTGY.CC3 – Backdoor Drwolf removal

FileMD5Virus Alias
RSMHTGY.CC3 5c56d5ae974c896577334c68c6c05069 Backdoor Drwolf
RSMHTGY.CC3 5c56d5ae974c896577334c68c6c05069 Trojan PcClient
RSMHTGY.CC3 5c56d5ae974c896577334c68c6c05069 Trojan XPACK
RSMHTGY.CC3 5c56d5ae974c896577334c68c6c05069 Trojan Generic
RSMHTGY.CC3 5c56d5ae974c896577334c68c6c05069 Trojan Eldorado
RSMHTGY.CC3 5c56d5ae974c896577334c68c6c05069 Backdoor PcClien

RSMHTGY.CC3 size: 73728 bytes
RSMHTGY.CC3 hash: 5C56D5AE974C896577334C68C6C05069

Created files:

%SysDir%\Rsmhtgy.cc3
%Common AppData%\Microsoft\Dr Watson\user.dmp

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\MediaCenter\Type: 10000000
HKLM\System\CurrentControlSet\Services\MediaCenter\Start: 02000000
HKLM\System\CurrentControlSet\Services\MediaCenter\DisplayName: MS Media Control Center
HKLM\System\CurrentControlSet\Services\MediaCenter\ImagePath: %SystemRoot%\System32\svchost.exe -k start
HKLM\System\CurrentControlSet\Services\MediaCenter\Description: Provides support for media palyer. This service can’t be stoped.

Detected by UnHackMe:

RSMHTGY.CC3
Default location: %SYSDIR%\RSMHTGY.CC3

Dropper information:
MD5: 0cfdc3eac26531a545621dd270f5c890
File size: 44032 bytes

Leave a Reply