I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
WinHpln32.exe – Backdoor Farfli removal
File | Virus Alias |
---|---|
WinHpln32.exe | Backdoor Farfli |
WinHpln32.exe | Trojan Agent |
WinHpln32.exe | Backdoor Hupigon |
WinHpln32.exe | Trojan DNAScan |
WinHpln32.exe | Trojan Generic |
Created files:
%SysDir%\Internet.dll – Backdoor Farfli
%SysDir%\WinHpln32.exe – Backdoor Farfli
%WinDir%\TEMP\DS_Server.exe – Backdoor Farfli
%WinDir%\TEMP\UnicodeFile.bin – Backdoor Farfli
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\Internet Explorer\Type: 10000000
HKLM\System\CurrentControlSet\Services\Internet Explorer\Start: 02000000
HKLM\System\CurrentControlSet\Services\Internet Explorer\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Internet Explorer\DisplayName: Internet Explorer
HKLM\System\CurrentControlSet\Services\Internet Explorer\ImagePath: %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\System\CurrentControlSet\Services\Internet Explorer\Description: Internet Explorer
HKLM\System\CurrentControlSet\Services\Internet Explorer\InstallModule: %WinDir%\TEMP\???.exe
HKLM\System\CurrentControlSet\Services\Internet Explorer\SBIE_Win32ExitCode: 02000000
HKLM\System\CurrentControlSet\Services\Internet Explorer\Parameters\ServiceDll: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0049006E007400650072006E00650074002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\Internet Explorer\Parameters\ServiceMain: Ghostzjz
Detected by UnHackMe:
WinHpln32.exe
Default location: %SysDir%\WinHpln32.exe
Dropper information:
SHA256: 7d8ea5d0da7c9d86d6f4faf1dc45882994b84e60ac6dfef87cb215b820bed04f
SHA1: e55c5da36c6bb8b13b2178d2198cb0af5205d715
MD5: 98be311ac9776f1151838541111684e1
File size: 323072 bytes