Solved! Use SERVICES.EXE (Trojan Swisyn) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

SERVICES.EXE – Trojan Swisyn removal

FileMD5Virus Alias
SERVICES.EXE 62ecbc85afdd61a0dbc2b94090adb4c2 Trojan Swisyn
SERVICES.EXE 62ecbc85afdd61a0dbc2b94090adb4c2 Trojan Generic
SERVICES.EXE 62ecbc85afdd61a0dbc2b94090adb4c2 Trojan Downloader
SERVICES.EXE 62ecbc85afdd61a0dbc2b94090adb4c2 Trojan Agent

SERVICES.EXE size: 53783 bytes
SERVICES.EXE hash: 62ECBC85AFDD61A0DBC2B94090ADB4C2

Created files:

%WinDir%\ctfmon.exe
%WinDir%\Drv12\svchost.exe
%WinDir%\RLT6987\services.exe
%AppData%\Opera\Opera\operaprefs.-ni
%Local AppData%\Google\Chrome\User Data\Default\Preferen-es
%Temp%\md.exe
%Temp%\tmpt.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\UI: %WinDir%\ctfmon.exe
HKLM\System\CurrentControlSet\Services\RLN06523\Type: 10000000
HKLM\System\CurrentControlSet\Services\RLN06523\Start: 02000000
HKLM\System\CurrentControlSet\Services\RLN06523\DisplayName: RLN06523
HKLM\System\CurrentControlSet\Services\RLN06523\ImagePath: %WinDir%\RLT6987\services.exe

Detected by UnHackMe:

SERVICES.EXE
Default location: %WinDir%\RLT6987\SERVICES.EXE

Dropper information:
MD5: a0ec79a1587fe03d97e507cdddef47ed
File size: 976396 bytes

Leave a Reply