Solved! Use MAGIC.EXE (Backdoor Cmjspy) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

MAGIC.EXE – Backdoor Cmjspy removal

FileMD5Virus Alias
MAGIC.EXE 166859e7afb74e20cd79344372bb0206 Backdoor Cmjspy
MAGIC.EXE 166859e7afb74e20cd79344372bb0206 Trojan Generic
MAGIC.EXE 166859e7afb74e20cd79344372bb0206 Trojan Eldorado
MAGIC.EXE 166859e7afb74e20cd79344372bb0206 Trojan Agent
MAGIC.EXE 166859e7afb74e20cd79344372bb0206 Trojan ZBot

MAGIC.EXE size: 359752 bytes
MAGIC.EXE hash: 166859E7AFB74E20CD79344372BB0206

Created files:

C:\windows\system32\m2syadll.dll
C:\windows\system32\magic.exe
C:\windows\system32\newfile.exe
C:\windows\system32\sssdda334342.vxd

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\MagicLinkServer\Type: 10010000
HKLM\System\CurrentControlSet\Services\MagicLinkServer\Start: 02000000
HKLM\System\CurrentControlSet\Services\MagicLinkServer\DisplayName: MagicLinkServer
HKLM\System\CurrentControlSet\Services\MagicLinkServer\ImagePath: “%WinDir%\System32\magic.exe”

Detected by UnHackMe:

MAGIC.EXE
Default location: %SYSDIR%\MAGIC.EXE

Dropper information:
MD5: 166859e7afb74e20cd79344372bb0206
File size: 359752 bytes

Leave a Reply