Solved! Use SVCHOST.EXE (Backdoor Farfli) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

SVCHOST.EXE – Backdoor Farfli removal

FileMD5Virus Alias
SVCHOST.EXE 0e5ed49d2c83c2c34031f0c3712bd479 Backdoor Farfli
SVCHOST.EXE 0e5ed49d2c83c2c34031f0c3712bd479 Trojan PcClient
SVCHOST.EXE 0e5ed49d2c83c2c34031f0c3712bd479 Trojan Generic
SVCHOST.EXE 0e5ed49d2c83c2c34031f0c3712bd479 Trojan Eldorado
SVCHOST.EXE 0e5ed49d2c83c2c34031f0c3712bd479 Trojan PAM
SVCHOST.EXE 0e5ed49d2c83c2c34031f0c3712bd479 Trojan Graftor

SVCHOST.EXE size: 287744 bytes
SVCHOST.EXE hash: 0E5ED49D2C83C2C34031F0C3712BD479

Created files:

%Program Files%\DbProtectSupport\svchost.exe
%Program Files%\DbProtectSupport\svchost.exe.bak

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\DbProtectSupport\Type: 10000000
HKLM\System\CurrentControlSet\Services\DbProtectSupport\Start: 02000000
HKLM\System\CurrentControlSet\Services\DbProtectSupport\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\DbProtectSupport\ImagePath: %Program Files%\DbProtectSupport\svchost.exe

Detected by UnHackMe:

SVCHOST.EXE
Default location: %PROGRAM FILES%\DBPROTECTSUPPORT\SVCHOST.EXE

Dropper information:
MD5: 0bed5fbe6172b4da68950a69f73a6655
File size: 573492 bytes

Leave a Reply