Backdoor RBot – services.exe – 50170ac7650b8ff0b85ac00183e22c6a

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Backdoor RBot
Also known as: Trojan Agent, Trojan Generic
SHA256: ff7f2feb7d61a532cd45e0eb116cb52a6d6063d5eae9ae5660ab391a362230f1
SHA1: 35e352a0738e75331dc9442af1e8e1652933ae7f
MD5: 50170ac7650b8ff0b85ac00183e22c6a
File size: 411023 bytes

Created files:

%WinDir%\services.exe – Backdoor RBot
%WinDir%\system\sservice.exe – Backdoor RBot
%SysDir%\fservice.exe – Backdoor RBot
%SysDir%\lncom.exe – Backdoor RBot
%SysDir%\winkey.dll – Backdoor RBot

Backdoor RBot created autostart registry keys:

HKLM\Software\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}\StubPath: %WinDir%\System\sservice.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\DirectX For Microsoft? Windows: %WinDir%\System32\fservice.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe %WinDir%\System32\fservice.exe

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images