WINDMAD.DLL – Backdoor Hupigon removal

File	MD5	Virus Alias
WINDMAD.DLL	de474b4be0ddd8d6afa1eda65f1aea76	Backdoor Hupigon
WINDMAD.DLL	de474b4be0ddd8d6afa1eda65f1aea76	Trojan Eldorado
WINDMAD.DLL	de474b4be0ddd8d6afa1eda65f1aea76	Backdoor PcClien
WINDMAD.DLL	de474b4be0ddd8d6afa1eda65f1aea76	Trojan Magania
WINDMAD.DLL	de474b4be0ddd8d6afa1eda65f1aea76	Trojan Siggen
WINDMAD.DLL	de474b4be0ddd8d6afa1eda65f1aea76	Trojan Agent

WINDMAD.DLL size: 100949 bytes
WINDMAD.DLL hash: DE474B4BE0DDD8D6AFA1EDA65F1AEA76

Created files:

C:\Documents and Settings\Local User\windmad.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\360svc\Type: 10000000
HKLM\System\CurrentControlSet\Services\360svc\Start: 02000000
HKLM\System\CurrentControlSet\Services\360svc\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\360svc\DisplayName: Microsoft Device Manager
HKLM\System\CurrentControlSet\Services\360svc\ImagePath: %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\System\CurrentControlSet\Services\360svc\Description: ?????????????????????????????????
HKLM\System\CurrentControlSet\Services\360svc\InstallModule: 1C653D7481B0A29275F975127E50EE6C.EXE
HKLM\System\CurrentControlSet\Services\360svc\SBIE_Win32ExitCode: 02000000
HKLM\System\CurrentControlSet\Services\360svc\Parameters\ServiceDll: 43003A005C0044006F00630075006D0065006E0074007300200061006E0064002000530065007400740069006E00670073005C004C006F00630061006C00200055007300650072005C00770069006E0064006D00610064002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\360svc\Parameters\ServiceMain: MyLive

Detected by UnHackMe:

WINDMAD.DLL
Default location: C:\DOCUMENTS AND SETTINGS\LOCAL USER\WINDMAD.DLL

Dropper information:
MD5: 1c653d7481b0a29275f975127e50ee6c
File size: 116926 bytes

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

WINDMAD.DLL – Backdoor Hupigon removal

Created files:

Autostart registry keys:

Detected by UnHackMe:

Leave a Reply Cancel reply