Solved! Use QWEMNKO.EXE (Backdoor Farfli) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

QWEMNKO.EXE – Backdoor Farfli removal

FileMD5Virus Alias
QWEMNKO.EXE 4be774bb1c336a6186288b1de7b89f54 Backdoor Farfli
QWEMNKO.EXE 4be774bb1c336a6186288b1de7b89f54 Trojan Generic
QWEMNKO.EXE 4be774bb1c336a6186288b1de7b89f54 Trojan Downloader
QWEMNKO.EXE 4be774bb1c336a6186288b1de7b89f54 Trojan Agent
QWEMNKO.EXE 4be774bb1c336a6186288b1de7b89f54 Backdoor Zegost

QWEMNKO.EXE size: 190464 bytes
QWEMNKO.EXE hash: 4BE774BB1C336A6186288B1DE7B89F54

Created files:

%WinDir%\Qwemnko.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Ruigam asmsjpxq\ReleiceName: Yskysq qakcva
HKLM\System\CurrentControlSet\Services\Yskysq qakcva\ConnectGroup: ??????
HKLM\System\CurrentControlSet\Services\Yskysq qakcva\MarkTime: 2015-01-12 05:28
HKLM\System\CurrentControlSet\Services\Yskysq qakcva\Type: 10010000
HKLM\System\CurrentControlSet\Services\Yskysq qakcva\Start: 02000000
HKLM\System\CurrentControlSet\Services\Yskysq qakcva\DisplayName: Bnyxnl ubokruue
HKLM\System\CurrentControlSet\Services\Yskysq qakcva\ImagePath: %WinDir%\Qwemnko.exe

Detected by UnHackMe:

QWEMNKO.EXE
Default location: %WinDir%\QWEMNKO.EXE

Dropper information:
MD5: 4be774bb1c336a6186288b1de7b89f54
File size: 190464 bytes

Leave a Reply