Solved! Use I_MISS_U_MYPRINCESS.SCR (Backdoor RBot) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

I_MISS_U_MYPRINCESS.SCR – Backdoor RBot removal

FileMD5Virus Alias
I_MISS_U_MYPRINCESS.SCR b3af9233527a309d0f2da1d2dffba9c0 Backdoor RBot
I_MISS_U_MYPRINCESS.SCR b3af9233527a309d0f2da1d2dffba9c0 Trojan Agent

I_MISS_U_MYPRINCESS.SCR size: 81633 bytes
I_MISS_U_MYPRINCESS.SCR hash: B3AF9233527A309D0F2DA1D2DFFBA9C0

Created files:

C:\Penylethylamine.scr
%Program Files Common%\Aliciana.Alisa
%Program Files Common%\Emira.Emma
%Program Files%\Irma Triana.scr
%Program Files%\I_Miss_U_MyPrincess.scr
%Program Files%\May be Smansa was wonderful place to us.scr
%Program Files%\Your_Prince_Will_Be_Waiting_For_You.scr
C:\Renova.htt
%WinDir%\services.exe
%SysDir%\3IPA2.SMANSA.PKP.exe
C:\Xenova.scr
%AppData%\Mr_CF\Renova_Join_Mr_CoolFace.htt
%Desktop%\Message For My Princess.scr

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Alumni_Smoensa_Pangkalpinang: Mr_CoolFaceDid You Miss Me… My PrincessThe Prince is Asking a QuestionIrma Trianainf4D2.tmp
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\My_Old_Class: 3IPA2.SMANSA.PKP.exeAlumni_Smoensa_Pangkalpinang\3IPA2.SMANSA.PKP.exeWindowsSecurityServ
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WindowsSecurityService: %WinDir%\services.exe2.SMANSA.PKP.exe2dffba9c0.EXE|X- |l?p????U???
HKCU\Control Panel\Desktop\SCRNSAVE.EXE: MR_COO~1.SCR

Detected by UnHackMe:

I_MISS_U_MYPRINCESS.SCR
Default location: %PROGRAM FILES%\I_MISS_U_MYPRINCESS.SCR

Dropper information:
MD5: b3af9233527a309d0f2da1d2dffba9c0
File size: 81633 bytes

Leave a Reply