420A0A1F.SYS – Trojan OnLineGames

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

Manual removal instructions:

420A0A1F.SYS – Trojan OnLineGames removal

File MD5 Virus Alias
420A0A1F.SYS 074a50fe42e787dedb1bf393105681b0 Trojan OnLineGames
420A0A1F.SYS 074a50fe42e787dedb1bf393105681b0 Trojan SuspiciousFile
420A0A1F.SYS 074a50fe42e787dedb1bf393105681b0 Trojan Generic
420A0A1F.SYS 074a50fe42e787dedb1bf393105681b0 Trojan Eldorado
420A0A1F.SYS 074a50fe42e787dedb1bf393105681b0 Trojan Agent
420A0A1F.SYS 074a50fe42e787dedb1bf393105681b0 Trojan Small

420A0A1F.SYS size: 36352 bytes
420A0A1F.SYS hash: 074A50FE42E787DEDB1BF393105681B0

Created files:

C:\2777100.dll
C:\windows\system32\dllcache\ws2help.dll
C:\windows\system32\drivers\420a0a1f.sys
C:\windows\system32\drivers\xpV3001.sys
C:\windows\system32\ws2helpXP.dll
C:\windows\system32\wshtcpip.dll
C:\windows\Tasks\TespayServer.exe
C:\windows\temp\svohcst.exe
C:\windows\temp\temp1.exe
C:\windows\temp\temp2.exe
C:\windows\temp\temp3.exe
C:\windows\temp\temp4.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Download: C:\windows\temp\svohcst.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,%WinDir%\Tasks\TespayServer.exe|X- |2?`?Detected by UnHackMe:

420A0A1F.SYS
Default location: %SYSDIR%\DRIVERS\420A0A1F.SYS

Dropper information:
MD5: 288a5cc1a2c387f8f28969df45fc0d30
File size: 456720 bytes

Leave a Reply