Backdoor Koutodoor – arv.sys – 1443f60fca50393440f78c122e30b699

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

Backdoor Koutodoor
Also known as: Trojan Small, Trojan Renos
SHA256: f91841597f2fb34f44aa8e081240d0c2c7bcfb1e90e78ad33bbdbccd7bed27a4
SHA1: a617c748f9a38e923f8f98cde05fc0321cf92de8
MD5: 1443f60fca50393440f78c122e30b699
File size: 290880 bytes

Created files:

%SysDir%\drivers\arv.sys – Backdoor Koutodoor
%SysDir%\hwqnti.bat – Backdoor Koutodoor
%SysDir%\mrpnxog.dll – Backdoor Koutodoor
%Temp%\akconc.exe – Backdoor Koutodoor
%Temp%\swsrdfz.bat – Backdoor Koutodoor
%Temp%\uihvsehv.bat – Backdoor Koutodoor

Backdoor Koutodoor created autostart registry keys:

HKLM\System\CurrentControlSet\Services\arv\Type: 01000000
HKLM\System\CurrentControlSet\Services\arv\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\arv\DisplayName: arv
HKLM\System\CurrentControlSet\Services\arv\ImagePath: 730079007300740065006D00330032005C0064007200690076006500720073005C006100720076002E007300790073000000

Leave a Reply