keepSafe.exe – Trojan Downloader.Generic removal

File	Virus Alias
keepSafe.exe	Trojan Downloader.Generic
keepSafe.exe	Trojan Agent
keepSafe.exe	Trojan Delf
keepSafe.exe	Trojan Generic
keepSafe.exe	Trojan AVKill
keepSafe.exe	Trojan Delphi

Created files:

%SysDir%\keepSafe.exe – Trojan Downloader.Generic

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\run\TXMouie: %WinDir%\System32\keepSafe.exe?R?%WinDir%\System32\Contxt.dat?}? %WinDir%\System32\keepSafe.exe?}? %WinDir%\System32\keepSafe.exe!?? %WinDir%\System32\keepSafe.exeQ?? %WinDir%\syst
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ilortgdg: %WinDir%\System32\keepSafe.exe??? %WinDir%\System32\keepSafe.exe?? %WinDir%\System32\keepSafe.exe %WinDir%\System32\keepSafe.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\cvhnykzx: %WinDir%\System32\keepSafe.exe?? %WinDir%\System32\keepSafe.exe %WinDir%\System32\keepSafe.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\deryheruxc: %WinDir%\System32\keepSafe.exe %WinDir%\System32\keepSafe.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dsfghjgj: %WinDir%\System32\keepSafe.exe!?? %WinDir%\System32\keepSafe.exeQ?? %WinDir%\System32\keepSafe.exe??? %WinDir%\System32\keepSafe.exe??? %WinDir%\System32\keepSafe.exe??? %WinDir%\System32\keepSafe.exe?? %WinDir%\System32\keepSafe.exe %WinDir%\System32\keepSafe.exe

Detected by UnHackMe:

keepSafe.exe
Default location: %SysDir%\keepSafe.exe

Dropper information:
SHA256: c06e313a0613b4f7d075c5baf38ffec0fdee4505b75d5e6bf2dbbab8682e8739
SHA1: 3386b16d3f5944850b785495e25b651d7b7dc05b
MD5: 4daf491b98d478426add5a9caf45185b
File size: 83968 bytes

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

keepSafe.exe – Trojan Downloader.Generic removal

Created files:

Autostart registry keys:

Detected by UnHackMe:

Leave a Reply Cancel reply