Solved! Use 002BADC8.EXE (Trojan OnLineGames) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

002BADC8.EXE – Trojan OnLineGames removal

File MD5 Virus Alias
002BADC8.EXE 0e084687318c4483de03bbfbccb9d780 Trojan OnLineGames
002BADC8.EXE 0e084687318c4483de03bbfbccb9d780 Trojan SuspiciousFile
002BADC8.EXE 0e084687318c4483de03bbfbccb9d780 Trojan Generic
002BADC8.EXE 0e084687318c4483de03bbfbccb9d780 Backdoor Koutodoor
002BADC8.EXE 0e084687318c4483de03bbfbccb9d780 Worm Autorun
002BADC8.EXE 0e084687318c4483de03bbfbccb9d780 Trojan Siggen

002BADC8.EXE size: 76471 bytes
002BADC8.EXE hash: 0E084687318C4483DE03BBFBCCB9D780

Created files:

%SysDir%\002BADC8.exe
%SysDir%\zzxxcck.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\WS2IFSL\Type: 01000000
HKLM\System\CurrentControlSet\Services\WS2IFSL\Start: 01000000
HKLM\System\CurrentControlSet\Services\WS2IFSL\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\WS2IFSL\DisplayName: Windows Socket 2.0 Non-IFS Service Provider Support Environment
HKLM\System\CurrentControlSet\Services\WS2IFSL\ImagePath: \SystemRoot\System32\drivers\ws2ifsl.sys

Detected by UnHackMe:

002BADC8.EXE
Default location: %SYSDIR%\002BADC8.EXE

Dropper information:
MD5: 0e084687318c4483de03bbfbccb9d780
File size: 76471 bytes

Leave a Reply