Solved! Use SPOOLS.EXE (Trojan Crypt) Removal Guide

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

SPOOLS.EXE – Trojan Crypt removal

FileMD5Virus Alias
SPOOLS.EXE 72a7b7aa6fda04b34d102eb1540b942a Trojan Crypt
SPOOLS.EXE 72a7b7aa6fda04b34d102eb1540b942a Trojan DLOADER
SPOOLS.EXE 72a7b7aa6fda04b34d102eb1540b942a Trojan Downloader
SPOOLS.EXE 72a7b7aa6fda04b34d102eb1540b942a Trojan PolyCrypt
SPOOLS.EXE 72a7b7aa6fda04b34d102eb1540b942a Worm Autorun
SPOOLS.EXE 72a7b7aa6fda04b34d102eb1540b942a Trojan Agent

SPOOLS.EXE size: 616896 bytes
SPOOLS.EXE hash: 72A7B7AA6FDA04B34D102EB1540B942A

Created files:

%SysDir%\drivers\spools.exe
%UserProfile%\cftmon.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ntuser: %WinDir%\System32\drivers\spools.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\autoload: %UserProfile%\cftmon.exe
HKLM\System\CurrentControlSet\Services\Schedule\ImagePath: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0064007200690076006500720073005C00730070006F006F006C0073002E006500780065000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ntuser: %WinDir%\System32\drivers\spools.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\autoload: %UserProfile%\cftmon.exe

Detected by UnHackMe:

SPOOLS.EXE
Default location: %SYSDIR%\DRIVERS\SPOOLS.EXE

Dropper information:
MD5: 1a1f045afbacf391303c61ab1a1044c6
File size: 589432 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images