FQTZVB.EXE – Backdoor Xyligan

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

FQTZVB.EXE – Backdoor Xyligan removal

FileMD5Virus Alias
FQTZVB.EXE 47cd641d2895cb53aa75111b26246eff Backdoor Xyligan
FQTZVB.EXE 47cd641d2895cb53aa75111b26246eff Trojan SuspiciousFile
FQTZVB.EXE 47cd641d2895cb53aa75111b26246eff Trojan Artemis
FQTZVB.EXE 47cd641d2895cb53aa75111b26246eff Trojan XPACK
FQTZVB.EXE 47cd641d2895cb53aa75111b26246eff Trojan Generic
FQTZVB.EXE 47cd641d2895cb53aa75111b26246eff Trojan CI

FQTZVB.EXE size: 744448 bytes
FQTZVB.EXE hash: 47CD641D2895CB53AA75111B26246EFF

Created files:

%SysDir%\fqtzvb.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\rcmdsvc\Type: 10000000
HKLM\System\CurrentControlSet\Services\rcmdsvc\Start: 02000000
HKLM\System\CurrentControlSet\Services\rcmdsvc\DisplayName: Remote Command Service
HKLM\System\CurrentControlSet\Services\rcmdsvc\ImagePath: %WinDir%\System32\fqtzvb.exe

Detected by UnHackMe:

FQTZVB.EXE
Default location: %SYSDIR%\FQTZVB.EXE

Dropper information:
MD5: 47cd641d2895cb53aa75111b26246eff
File size: 744448 bytes

Leave a Reply