Solved! Use VIDEO.BKP (Trojan Agent) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

VIDEO.BKP – Trojan Agent removal

FileMD5Virus Alias
VIDEO.BKP 49d5462ceedf1c97a911abc4aefdd3e7 Trojan Agent
VIDEO.BKP 49d5462ceedf1c97a911abc4aefdd3e7 Trojan Artemis
VIDEO.BKP 49d5462ceedf1c97a911abc4aefdd3e7 Trojan Click

VIDEO.BKP size: 30080 bytes
VIDEO.BKP hash: 49D5462CEEDF1C97A911ABC4AEFDD3E7

Created files:

%Program Files%\Mozilla Firefox\extensions\admin@firestarterfox.net\chrome\bor.jar
%SYSDIR%\bootcats.sys
%SYSDIR%\drvhive.ocx
%SYSDIR%\VIDEO.sys
%SYSDIR%\vmmreg32.dll
%SYSDIR%\webmin\VIDEO.bkp
%SYSDIR%\webmin\vmmreg32.bkp

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1: %SYSDIR%\winhelp32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Help Service: %SYSDIR%\winhelp32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Windows Help Service: %SYSDIR%\winhelp32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\Windows Help Service: %SYSDIR%\winhelp32.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: %SYSDIR%\winhelp32.exe
HKLM\System\CurrentControlSet\Services\VIDEO\Type: 01000000
HKLM\System\CurrentControlSet\Services\VIDEO\Start: 01000000
HKLM\System\CurrentControlSet\Services\VIDEO\DisplayName: VIDEO
HKLM\System\CurrentControlSet\Services\VIDEO\ImagePath: %SYSDIR%\VIDEO.sys
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Help Service: %SYSDIR%\winhelp32.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Windows Help Service: %SYSDIR%\winhelp32.exe

Detected by UnHackMe:

VIDEO.BKP
Default location: %SYSDIR%\WEBMIN\VIDEO.BKP

Dropper information:
MD5: 07f80bcea04da1af4bb2d52c926c6b57
File size: 164352 bytes

Leave a Reply