Backdoor IRCBot – fedisk.com – 0e152ef057e647c3581a42e543b61942

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Backdoor IRCBot
Also known as: Trojan Downloader.Generic
SHA256: 55c548d7dfd0420fca78224ef015b2858150ad4ab6608ed1d6026376aca2eae4
SHA1: e73a4ea8df5888bdb9642e4d5372b90ec1960e98
MD5: 0e152ef057e647c3581a42e543b61942
File size: 268992 bytes

Created files:

C:\windows\system32\fedisk.com – Backdoor IRCBot
C:\windows\system32\mccm.exe – Backdoor IRCBot
C:\windows\system32\Mswinsck.ocx – Backdoor IRCBot

Backdoor IRCBot created autostart registry keys:

HKLM\Software\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 : C:\windows\System32\MSWINSCK.OCX
HKLM\Software\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 : C:\windows\System32\MSWINSCK.OCX
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\FixError: C:\windows\System32\fedisk.comm32?D(C:\windows\System32\ M.oslo.no.eu.undernet.orgrg??? T0miami.fl.us.undernet.org????? [.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Winammp: C:\windows\System32\mccm.exeem32?(C:\windows\System32\?Ctalinutza2x? Love2x?Allice2Vx? Fustax

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images