QQNEWS.EXE – Backdoor Hupigon removal

QQNEWS.EXE size: 60928 bytes
QQNEWS.EXE hash: ED721A3A3B437A4C99375DA63280D8CB

Created files:

%Program Files%\QQNews\QQNews.exe
%WinDir%\conime\iexplorer.exe
%WinDir%\conime\SSDT01.sys
%WinDir%\Cursors\taskhost.exe
%WinDir%\iklahbgj.exe
%WinDir%\kahiekjd.exe
%WinDir%\nabloskf.exe
%WinDir%\NBBBBBB.exe
%WinDir%\nlvabhdfj.exe
%WinDir%\pkablfn.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\S\Type: 01000000
HKLM\System\CurrentControlSet\Services\S\Start: 03000000
HKLM\System\CurrentControlSet\Services\S\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\S\DisplayName: S
HKLM\System\CurrentControlSet\Services\S\ImagePath: %WinDir%\conime\SSDT01.sys
HKLM\System\CurrentControlSet\Services\Schedulo\Type: 10010000
HKLM\System\CurrentControlSet\Services\Schedulo\Start: 02000000
HKLM\System\CurrentControlSet\Services\Schedulo\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Schedulo\DisplayName: Schedulo
HKLM\System\CurrentControlSet\Services\Schedulo\ImagePath: C:\Windows\Cursors\taskhost.exe Star
HKLM\System\CurrentControlSet\Services\Schedulo\ObjectName: LocalSystem
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\QQNews: “%Program Files%\QQNews\QQNews.exe” /r 
-Software\Microsoft\Wind

Detected by UnHackMe:

QQNEWS.EXE
Default location: %PROGRAM FILES%\QQNEWS\QQNEWS.EXE

Dropper information:
MD5: 0bc5efed3004d1d5e1fc01aeee32a0d1
File size: 1862493 bytes