I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
Trojan Graftor
Also known as: Trojan Small, Trojan Swizzor
SHA256: c36cdbc4181ada7a29d98efac607c122daa4aa27f94db2f32a23a9c940247139
SHA1: 0c67a41e7f1a24bd0e005cfbb83262927d56d8ab
MD5: d2562d63031d7a347aeed9a4b04784ff
File size: 32216 bytes
Created files:
%Program Files Common%\PushWare\cpush.dll – Trojan Graftor
%Program Files Common%\PushWare\Uninst.exe – Trojan Graftor
%Program Files Common%\sfbsbvy\coiome.exe – Trojan Graftor
%WinDir%\system\UvBp.sys – Trojan Graftor
%Temp%\rundll51.exe – Trojan Graftor
Trojan Graftor created autostart registry keys:
HKLM\Software\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\InprocServer32 : %Program Files Common%\PushWare\cpush.dll
HKLM\Software\Classes\CLSID\{11F09AFE-75AD-4E52-AB43-E09E9351CE17}\InprocServer32 : %Program Files Common%\PushWare\cpush.dll
HKLM\Software\Classes\CLSID\{11F09AFE-75AD-4E52-AB43-E09E9351CE17}\InprocServer32\ThreadingModel: apartment
HKLM\Software\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\InprocServer32 : %Program Files Common%\PushWare\cpush.dll
HKLM\Software\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\InprocServer32\ThreadingModel: apartment
HKLM\Software\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\InprocServer32 : %Program Files Common%\PushWare\cpush.dll
HKLM\Software\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\InprocServer32\ThreadingModel: apartment
HKLM\Software\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32 : %WinDir%\System32\1092050.DEP
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\safe360: %Program Files Common%\sfbsbvy\coiome.exe
HKLM\System\CurrentControlSet\Services\auek\Type: 01000000
HKLM\System\CurrentControlSet\Services\auek\Start: 03000000
HKLM\System\CurrentControlSet\Services\auek\DisplayName: auek
HKLM\System\CurrentControlSet\Services\auek\ImagePath: %WinDir%\System\UvBp.sys