I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
YATAGHAN.EXE – Backdoor Hupigon removal
| File | MD5 | Virus Alias |
|---|---|---|
| YATAGHAN.EXE | 63a2b153c5eb029e8e63fe1ec4c37304 | Backdoor Hupigon |
| YATAGHAN.EXE | 63a2b153c5eb029e8e63fe1ec4c37304 | Trojan SuspiciousFile |
| YATAGHAN.EXE | 63a2b153c5eb029e8e63fe1ec4c37304 | Trojan Eldorado |
| YATAGHAN.EXE | 63a2b153c5eb029e8e63fe1ec4c37304 | Backdoor Pigeon |
| YATAGHAN.EXE | 63a2b153c5eb029e8e63fe1ec4c37304 | Trojan Downloader |
| YATAGHAN.EXE | 63a2b153c5eb029e8e63fe1ec4c37304 | Trojan Agent |
YATAGHAN.EXE size: 710656 bytes
YATAGHAN.EXE hash: 63A2B153C5EB029E8E63FE1EC4C37304
Created files:
%SysDir%\core.dll
%TEMP%\server.exe
%TEMP%\yataghan.exe
%WinDir%\yataghan.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\JavaLibrary\Type: 10000000
HKLM\System\CurrentControlSet\Services\JavaLibrary\Start: 02000000
HKLM\System\CurrentControlSet\Services\JavaLibrary\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\JavaLibrary\DisplayName: Prefetches JRE files for faster startup
HKLM\System\CurrentControlSet\Services\JavaLibrary\ImagePath: %SystemRoot%\System32\svchost.exe -k imgsvc
HKLM\System\CurrentControlSet\Services\JavaLibrary\Description: Prefetches JRE files for faster startup of Java applets and applications.
HKLM\System\CurrentControlSet\Services\JavaLibrary\INSTALLModuLe: %TEMP%\server.exe
HKLM\System\CurrentControlSet\Services\JavaLibrary\Parameters\ServiceDll: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0063006F00720065002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\yataghanfuckurmother\Type: 10010000
HKLM\System\CurrentControlSet\Services\yataghanfuckurmother\Start: 02000000
HKLM\System\CurrentControlSet\Services\yataghanfuckurmother\DisplayName: yataghanfuckurmother
HKLM\System\CurrentControlSet\Services\yataghanfuckurmother\ImagePath: %WinDir%\yataghan.exe
Detected by UnHackMe:
YATAGHAN.EXE
Default location: %TEMP%\YATAGHAN.EXE
Dropper information:
MD5: 4fc6116a7641bf6ae0bdb354b25b04d5
File size: 922112 bytes