Solved! Use M2SYADLL.DLL (Backdoor Cmjspy) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

M2SYADLL.DLL – Backdoor Cmjspy removal

File MD5 Virus Alias
M2SYADLL.DLL 413e6eb7c260a52c7f87eb6e9c7ef7e7 Backdoor Cmjspy
M2SYADLL.DLL 413e6eb7c260a52c7f87eb6e9c7ef7e7 Trojan Generic
M2SYADLL.DLL 413e6eb7c260a52c7f87eb6e9c7ef7e7 Trojan Xema
M2SYADLL.DLL 413e6eb7c260a52c7f87eb6e9c7ef7e7 Trojan ZBot

M2SYADLL.DLL size: 74468 bytes
M2SYADLL.DLL hash: 413E6EB7C260A52C7F87EB6E9C7EF7E7

Created files:

C:\windows\system32\m2syadll.dll
C:\windows\system32\magic.exe
C:\windows\system32\newfile.exe
C:\windows\system32\sssdda334342.vxd

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\MagicLinkServer\Type: 10010000
HKLM\System\CurrentControlSet\Services\MagicLinkServer\Start: 02000000
HKLM\System\CurrentControlSet\Services\MagicLinkServer\DisplayName: MagicLinkServer
HKLM\System\CurrentControlSet\Services\MagicLinkServer\ImagePath: “%WinDir%\System32\magic.exe”

Detected by UnHackMe:

M2SYADLL.DLL
Default location: %SYSDIR%\M2SYADLL.DLL

Dropper information:
MD5: 166859e7afb74e20cd79344372bb0206
File size: 359752 bytes

Leave a Reply