Solved! Use IQYIQO.EXE (Backdoor Xyligan) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

IQYIQO.EXE – Backdoor Xyligan removal

FileMD5Virus Alias
IQYIQO.EXE 8ef9e918f64867221b2eccb09a9245f0 Backdoor Xyligan
IQYIQO.EXE 8ef9e918f64867221b2eccb09a9245f0 Trojan Artemis
IQYIQO.EXE 8ef9e918f64867221b2eccb09a9245f0 Trojan Generic
IQYIQO.EXE 8ef9e918f64867221b2eccb09a9245f0 Trojan Eldorado
IQYIQO.EXE 8ef9e918f64867221b2eccb09a9245f0 Backdoor RBot
IQYIQO.EXE 8ef9e918f64867221b2eccb09a9245f0 Trojan Downloader

IQYIQO.EXE size: 350645 bytes
IQYIQO.EXE hash: 8EF9E918F64867221B2ECCB09A9245F0

Created files:

%SysDir%\gei33.dll
%SysDir%\iqyiqo.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\netscvre\Type: 10000000
HKLM\System\CurrentControlSet\Services\netscvre\Start: 02000000
HKLM\System\CurrentControlSet\Services\netscvre\DisplayName: NT LM Security Support Providers
HKLM\System\CurrentControlSet\Services\netscvre\ImagePath: %WinDir%\System32\iqyiqo.exe
HKLM\System\CurrentControlSet\Services\netscvre\Description: NT LM Security Support Providers

Detected by UnHackMe:

IQYIQO.EXE
Default location: %SYSDIR%\IQYIQO.EXE

Dropper information:
MD5: 8ef9e918f64867221b2eccb09a9245f0
File size: 350645 bytes

Leave a Reply