I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
SYS.EXE – Backdoor Hupigon removal
| File | MD5 | Virus Alias |
|---|---|---|
| SYS.EXE | 63e8d5647bfef8d259d1f5a3e4ff2401 | Backdoor Hupigon |
| SYS.EXE | 63e8d5647bfef8d259d1f5a3e4ff2401 | Trojan Eldorado |
| SYS.EXE | 63e8d5647bfef8d259d1f5a3e4ff2401 | Backdoor Pigeon |
| SYS.EXE | 63e8d5647bfef8d259d1f5a3e4ff2401 | Trojan Delf |
| SYS.EXE | 63e8d5647bfef8d259d1f5a3e4ff2401 | Trojan Banker |
SYS.EXE size: 393728 bytes
SYS.EXE hash: 63E8D5647BFEF8D259D1F5A3E4FF2401
Created files:
%WinDir%\love.exe
%WinDir%\sys.exe
%SysDir%\love.exe
%SysDir%\LOVEHKS.DLL
%TEMP%\tmp2B.exe
%TEMP%\tmp2D.exe
%TEMP%\tmp2F.exe
%WinDir%\wint.DLL
%WinDir%\wint.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\LOVE_SERVICE\Type: 10010000
HKLM\System\CurrentControlSet\Services\LOVE_SERVICE\Start: 02000000
HKLM\System\CurrentControlSet\Services\LOVE_SERVICE\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\LOVE_SERVICE\DisplayName: LOVE Service
HKLM\System\CurrentControlSet\Services\LOVE_SERVICE\ImagePath: “%WinDir%\System32\love.exe” /service
HKLM\System\CurrentControlSet\Services\wint\Type: 10010000
HKLM\System\CurrentControlSet\Services\wint\Start: 02000000
HKLM\System\CurrentControlSet\Services\wint\DisplayName: win_t
HKLM\System\CurrentControlSet\Services\wint\ImagePath: %WinDir%\wint.exe
Detected by UnHackMe:
SYS.EXE
Default location: %WinDir%\SYS.EXE
Dropper information:
MD5: 217ba9217d5e110b6ca9a1f5830e4448
File size: 600148 bytes