I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
TEMP2.EXE – Backdoor Farfli removal
| File | MD5 | Virus Alias |
|---|---|---|
| TEMP2.EXE | c208fd7baa6b49e3323872438dd99986 | Backdoor Farfli |
| TEMP2.EXE | c208fd7baa6b49e3323872438dd99986 | Trojan SuspiciousFile |
| TEMP2.EXE | c208fd7baa6b49e3323872438dd99986 | Trojan Eldorado |
| TEMP2.EXE | c208fd7baa6b49e3323872438dd99986 | Trojan Downloader |
| TEMP2.EXE | c208fd7baa6b49e3323872438dd99986 | Trojan Graftor |
| TEMP2.EXE | c208fd7baa6b49e3323872438dd99986 | Trojan OnLineGames |
TEMP2.EXE size: 141312 bytes
TEMP2.EXE hash: C208FD7BAA6B49E3323872438DD99986
Created files:
C:\175000.dll
C:\windows\svchost.exe
C:\windows\system32\drivers\ahnurla.sys
C:\windows\system32\RpcSvc.psd
C:\windows\temp\temp1.exe
C:\windows\temp\temp2.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\ahnurla\Type: 01000000
HKLM\System\CurrentControlSet\Services\ahnurla\Start: 02000000
HKLM\System\CurrentControlSet\Services\ahnurla\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\ahnurla\DisplayName: ahnurla
HKLM\System\CurrentControlSet\Services\ahnurla\ImagePath: %WinDir%\System32\drivers\ahnurla.sys
HKLM\System\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip\DLLPath: 43003A005C003100370035003000300030002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\RpcSvc\Type: 10010000
HKLM\System\CurrentControlSet\Services\RpcSvc\Start: 02000000
HKLM\System\CurrentControlSet\Services\RpcSvc\DisplayName: Remote Procedure Call (RPC) Service
HKLM\System\CurrentControlSet\Services\RpcSvc\ImagePath: %SystemRoot%\System32\svchost.exe -k imgsvc
Detected by UnHackMe:
TEMP2.EXE
Default location: %TEMP%\TEMP2.EXE
Dropper information:
MD5: cf3c356161faef259e7510950c9587a1
File size: 247304 bytes