WinHpln32.exe – Backdoor Farfli removal

File	Virus Alias
WinHpln32.exe	Backdoor Farfli
WinHpln32.exe	Trojan Agent
WinHpln32.exe	Backdoor Hupigon
WinHpln32.exe	Trojan DNAScan
WinHpln32.exe	Trojan Generic

Created files:

%SysDir%\Internet.dll – Backdoor Farfli
%SysDir%\WinHpln32.exe – Backdoor Farfli
%WinDir%\TEMP\DS_Server.exe – Backdoor Farfli
%WinDir%\TEMP\UnicodeFile.bin – Backdoor Farfli

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Internet Explorer\Type: 10000000
HKLM\System\CurrentControlSet\Services\Internet Explorer\Start: 02000000
HKLM\System\CurrentControlSet\Services\Internet Explorer\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Internet Explorer\DisplayName: Internet Explorer
HKLM\System\CurrentControlSet\Services\Internet Explorer\ImagePath: %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\System\CurrentControlSet\Services\Internet Explorer\Description: Internet Explorer
HKLM\System\CurrentControlSet\Services\Internet Explorer\InstallModule: %WinDir%\TEMP\???.exe
HKLM\System\CurrentControlSet\Services\Internet Explorer\SBIE_Win32ExitCode: 02000000
HKLM\System\CurrentControlSet\Services\Internet Explorer\Parameters\ServiceDll: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0049006E007400650072006E00650074002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\Internet Explorer\Parameters\ServiceMain: Ghostzjz

Detected by UnHackMe:

WinHpln32.exe
Default location: %SysDir%\WinHpln32.exe

Dropper information:
SHA256: 7d8ea5d0da7c9d86d6f4faf1dc45882994b84e60ac6dfef87cb215b820bed04f
SHA1: e55c5da36c6bb8b13b2178d2198cb0af5205d715
MD5: 98be311ac9776f1151838541111684e1
File size: 323072 bytes

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

WinHpln32.exe – Backdoor Farfli removal

Created files:

Autostart registry keys:

Detected by UnHackMe:

Leave a Reply Cancel reply