Solved! Use HXYABCDEF.PSD (Trojan Magania) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

HXYABCDEF.PSD – Trojan Magania removal

FileMD5Virus Alias
HXYABCDEF.PSD 800284b2e16ce66fb8b2e8be8f05fde6 Trojan Magania
HXYABCDEF.PSD 800284b2e16ce66fb8b2e8be8f05fde6 Trojan Generic
HXYABCDEF.PSD 800284b2e16ce66fb8b2e8be8f05fde6 Trojan Eldorado
HXYABCDEF.PSD 800284b2e16ce66fb8b2e8be8f05fde6 Trojan Downloader
HXYABCDEF.PSD 800284b2e16ce66fb8b2e8be8f05fde6 Trojan Barys
HXYABCDEF.PSD 800284b2e16ce66fb8b2e8be8f05fde6 Trojan Graftor

HXYABCDEF.PSD size: 3433984 bytes
HXYABCDEF.PSD hash: 800284B2E16CE66FB8B2E8BE8F05FDE6

Created files:

C:\1067400.dll
%Program Files%\Cxya\Hxyabcdef.psd

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip\DLLPath: 43003A005C0031003000360037003400300030002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\Wxyabc Efghijkl Nop\Type: 10010000
HKLM\System\CurrentControlSet\Services\Wxyabc Efghijkl Nop\Start: 02000000
HKLM\System\CurrentControlSet\Services\Wxyabc Efghijkl Nop\DisplayName: Wxyabc Efghijkl Nopqrstu Wxya
HKLM\System\CurrentControlSet\Services\Wxyabc Efghijkl Nop\ImagePath: %SystemRoot%\System32\svchost.exe -k imgsvc

Detected by UnHackMe:

HXYABCDEF.PSD
Default location: %PROGRAM FILES%\CXYA\HXYABCDEF.PSD

Dropper information:
MD5: d20acb849af27c3ace29c2ef4b79fb79
File size: 40463 bytes

Leave a Reply