Solved! Use COMMON.EXE (Backdoor Farfli) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

COMMON.EXE – Backdoor Farfli removal

File MD5 Virus Alias
COMMON.EXE 6d63d9ca5bfc0402e3753681d446e51a Backdoor Farfli
COMMON.EXE 6d63d9ca5bfc0402e3753681d446e51a Trojan SuspiciousFile
COMMON.EXE 6d63d9ca5bfc0402e3753681d446e51a Trojan PcClient
COMMON.EXE 6d63d9ca5bfc0402e3753681d446e51a Trojan Artemis
COMMON.EXE 6d63d9ca5bfc0402e3753681d446e51a Trojan Generic
COMMON.EXE 6d63d9ca5bfc0402e3753681d446e51a Trojan Downloader

COMMON.EXE size: 81552 bytes
COMMON.EXE hash: 6D63D9CA5BFC0402E3753681D446E51A

Created files:

%Program Files Common%\Common.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Qtjtpu uarrha: %Program Files Common%\Common.exe
HKLM\System\CurrentControlSet\Services\Prcao Pdek\ReleiceName: Qtjtpu uarrha
HKLM\System\CurrentControlSet\Services\Qtjtpu uarrha\MarkTime: 2015-07-22 03:40
HKLM\System\CurrentControlSet\Services\Qtjtpu uarrha\Type: 10010000
HKLM\System\CurrentControlSet\Services\Qtjtpu uarrha\Start: 02000000
HKLM\System\CurrentControlSet\Services\Qtjtpu uarrha\DisplayName: Nruttn ybmozejj
HKLM\System\CurrentControlSet\Services\Qtjtpu uarrha\ImagePath: %Program Files Common%\Common.exe

Detected by UnHackMe:

COMMON.EXE
Default location: %PROGRAM FILES COMMON%\COMMON.EXE

Dropper information:
MD5: 6d63d9ca5bfc0402e3753681d446e51a
File size: 81552 bytes

Leave a Reply