Rootkit Popureb – 6d76ckill.dll – 839a4fb5f8d18489757228eaabf84477

Rootkits No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Rootkit Popureb
Also known as: Trojan Agent, Trojan CI
SHA256: 2fe35723077273de3cfd9bf5a4cf16d2b5ff92628f682c542bc1d3f40798fde3
SHA1: 95ea13296933778457b36deea6011f812192a47c
MD5: 839a4fb5f8d18489757228eaabf84477
File size: 141353 bytes

Created files:

%WinDir%\Web\6d76ckill.dll – Rootkit Popureb
%WinDir%\Web\6f58bkill.dll – Rootkit Popureb
%Temp%\DogKiller.sys – Rootkit Popureb

Rootkit Popureb created autostart registry keys:

HKLM\System\CurrentControlSet\Services\360svc\Type: 10000000
HKLM\System\CurrentControlSet\Services\360svc\Start: 02000000
HKLM\System\CurrentControlSet\Services\360svc\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\360svc\DisplayName: dfab1d123456teaafababbbadaa3
HKLM\System\CurrentControlSet\Services\360svc\ImagePath: %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\System\CurrentControlSet\Services\360svc\Description: Allows McAafeaaaae appdlicdationsl to communicate securely on the local network.
HKLM\System\CurrentControlSet\Services\360svc\InstallModule: %Temp%\sv1.tmp
HKLM\System\CurrentControlSet\Services\360svc\Parameters\ServiceDll: 43003A005C00570069006E0064006F00770073005C005700650062005C00360064003700360063006B0069006C006C002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\360svc\Parameters\ServiceMain: LOevTtoo
HKLM\System\CurrentControlSet\Services\361svc\Type: 10000000
HKLM\System\CurrentControlSet\Services\361svc\Start: 02000000
HKLM\System\CurrentControlSet\Services\361svc\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\361svc\DisplayName: dfab1d12a3456teaafabaaaaabbbdfadaa3aa1
HKLM\System\CurrentControlSet\Services\361svc\ImagePath: %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\System\CurrentControlSet\Services\361svc\Description: Allows McAafeaaaae apapdlicdationsl to communicate securely on the local network.
HKLM\System\CurrentControlSet\Services\361svc\InstallModule: %Temp%\sv2.tmp
HKLM\System\CurrentControlSet\Services\361svc\Parameters\ServiceDll: 43003A005C00570069006E0064006F00770073005C005700650062005C00360066003500380062006B0069006C006C002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\361svc\Parameters\ServiceMain: LOevTtoo
HKLM\System\CurrentControlSet\Services\DogKiller\Type: 01000000
HKLM\System\CurrentControlSet\Services\DogKiller\Start: 03000000
HKLM\System\CurrentControlSet\Services\DogKiller\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\DogKiller\DisplayName: DogKiller
HKLM\System\CurrentControlSet\Services\DogKiller\ImagePath: %Temp%\DogKiller.sys

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images