Trojan Crypt – fb3b9c6f3bb01f43c22912351df47a9f

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

Trojan Crypt
SHA256: 80bc000501a8f02b8ea78ae8ed60940a4dbe645797710c101ff2048e013510dc
SHA1: fe0cf7aea872b717e9b08dd8a0f8f5470743dd80
MD5: fb3b9c6f3bb01f43c22912351df47a9f
File size: 552960 bytes

Created files:

%Program Files%\99cu\9158AVCore2.dll – Trojan Crypt
%Program Files%\99cu\9158flash.exe – Trojan Crypt
%Program Files%\99cu\9158KTVAudioIn10.ocx – Trojan Crypt
%Program Files%\99cu\9158KTVAudioOut10.ocx – Trojan Crypt
%Program Files%\99cu\99Lover.exe – Trojan Crypt
%Program Files%\99cu\99LoverInvoke.ocx – Trojan Crypt
%Program Files%\99cu\ACore.dll – Trojan Crypt
%Program Files%\99cu\AVModule40.dll – Trojan Crypt
%Program Files%\99cu\AVSet.exe – Trojan Crypt
%Program Files%\99cu\ChatBaseDL.dll – Trojan Crypt
%Program Files%\99cu\dd.dll – Trojan Crypt
%Program Files%\99cu\DDVEC.dll – Trojan Crypt
%Program Files%\99cu\DestopSprite.exe – Trojan Crypt
%Program Files%\99cu\DownLoad.exe – Trojan Crypt
%Program Files%\99cu\Face.dll – Trojan Crypt
%Program Files%\99cu\FirePlay.exe – Trojan Crypt
%Program Files%\99cu\GetPPID.exe – Trojan Crypt
%Program Files%\99cu\HardwareINFO.dll – Trojan Crypt
%Program Files%\99cu\IdleTrac.dll – Trojan Crypt
%Program Files%\99cu\ImageOle.dll – Trojan Crypt
%Program Files%\99cu\ItemInfo.dll – Trojan Crypt
%Program Files%\99cu\MultiChatVIP.dll – Trojan Crypt
%Program Files%\99cu\MultiPub.dll – Trojan Crypt
%Program Files%\99cu\MVUILib.dll – Trojan Crypt
%Program Files%\99cu\MyHdInfo.dll – Trojan Crypt
%Program Files%\99cu\MyInfo.exe – Trojan Crypt
%Program Files%\99cu\OnlineUpdate.exe – Trojan Crypt
%Program Files%\99cu\p2pClient.dll – Trojan Crypt
%Program Files%\99cu\PlatLoading.exe – Trojan Crypt
%Program Files%\99cu\sqlite3.dll – Trojan Crypt
%Program Files%\99cu\unins000.exe – Trojan Crypt
%Program Files%\99cu\VideoDecoder.dll – Trojan Crypt
%Program Files%\99cu\VideoEncoder.dll – Trojan Crypt
%Program Files%\99cu\VideoHelper.dll – Trojan Crypt
%Program Files%\99cu\VideoIn30.ocx – Trojan Crypt
%Program Files%\99cu\VideoOut30.ocx – Trojan Crypt
%Program Files%\99cu\???????ID.exe – Trojan Crypt
%Common Startmenu%\Programs\99cu\99CU.lnk – Trojan Crypt
%Common Startmenu%\Programs\99cu\??? 99CU.lnk – Trojan Crypt
%Desktop%\?รพ????.lnk – Trojan Crypt
%Temp%\99CU_A008_416868.exe – Trojan Crypt
%Temp%\is-KMK0P.tmp\KillProcessEx.dll – Trojan Crypt
%Temp%\is-KMK0P.tmp\_isetup\_shfoldr.dll – Trojan Crypt

Trojan Crypt created autostart registry keys:

HKLM\Software\Classes\CLSID\{01DB7449-9476-6033-A039-1C09F63B5E0A}\InprocServer32 : C:\PROGRA~1\99cu\VIDEOO~1.OCX
HKLM\Software\Classes\CLSID\{01DB7449-9476-6033-A039-1C09F63B5E0A}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}\InprocServer32 : %Program Files%\99cu\ImageOle.dll
HKLM\Software\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{073C1079-E5F3-6848-0B8E-183C4BDC779D}\InprocServer32 : C:\PROGRA~1\99cu\9158KT~2.OCX
HKLM\Software\Classes\CLSID\{073C1079-E5F3-6848-0B8E-183C4BDC779D}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{1DB21443-21D5-E94E-19C3-CDCF6628B3A9}\InprocServer32 : C:\PROGRA~1\99cu\VIDEOI~1.OCX
HKLM\Software\Classes\CLSID\{1DB21443-21D5-E94E-19C3-CDCF6628B3A9}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{28F85091-35F2-4923-DBE8-AD0C1544A172}\InprocServer32 : C:\PROGRA~1\99cu\9158KT~1.OCX
HKLM\Software\Classes\CLSID\{28F85091-35F2-4923-DBE8-AD0C1544A172}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{2E25AAA4-0898-4DCD-B349-385FEC28456D}\InprocServer32 : C:\PROGRA~1\99cu\99LOVE~1.OCX
HKLM\Software\Classes\CLSID\{2E25AAA4-0898-4DCD-B349-385FEC28456D}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{2E4C8F8A-AD0D-4A32-971E-60C0F573CED6}\InprocServer32 : C:\PROGRA~1\99cu\9158KT~1.OCX
HKLM\Software\Classes\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32 : %WinDir%\System32\vbscript.dll
HKLM\Software\Classes\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{50F47A4F-DA1F-4D9E-8B63-AF33D333EEEC}\InprocServer32 : C:\PROGRA~1\99cu\VIDEOO~1.OCX
HKLM\Software\Classes\CLSID\{56F75FAD-769D-4347-8D7E-771D0A2FC9AA}\InprocServer32 : C:\PROGRA~1\99cu\99LOVE~1.OCX
HKLM\Software\Classes\CLSID\{8025120E-06C4-E442-A90D-077AE505DF88}\InprocServer32 : C:\PROGRA~1\99cu\9158KT~2.OCX
HKLM\Software\Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 : %WinDir%\System32\vbscript.dll
HKLM\Software\Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Classes\CLSID\{B54F3742-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 : %WinDir%\System32\vbscript.dll
HKLM\Software\Classes\CLSID\{B54F3742-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Classes\CLSID\{B54F3743-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 : %WinDir%\System32\vbscript.dll
HKLM\Software\Classes\CLSID\{B54F3743-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Classes\CLSID\{E8FB4EF0-C6F1-4201-8081-2DD252CC1F11}\InprocServer32 : C:\PROGRA~1\99cu\VIDEOI~1.OCX
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9} : Microsoft Windows Script 5.8
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\IsInstalled: 01000000
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\Version: 5,8,6001,18702
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\Locale: EN
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\ComponentID: MSVBScript

Leave a Reply