ANTIVAR.EXE – Trojan Graftor removal

File	MD5	Virus Alias
ANTIVAR.EXE	47cb33aebbd6fe51d86e97d60ad33345	Trojan Graftor
ANTIVAR.EXE	47cb33aebbd6fe51d86e97d60ad33345	Trojan SuspiciousFile
ANTIVAR.EXE	47cb33aebbd6fe51d86e97d60ad33345	Trojan Eldorado
ANTIVAR.EXE	47cb33aebbd6fe51d86e97d60ad33345	Trojan Downloader
ANTIVAR.EXE	47cb33aebbd6fe51d86e97d60ad33345	Backdoor Maximus
ANTIVAR.EXE	47cb33aebbd6fe51d86e97d60ad33345	Trojan Agent

ANTIVAR.EXE size: 71287 bytes
ANTIVAR.EXE hash: 47CB33AEBBD6FE51D86E97D60AD33345

Created files:

C:\Documents and Settings\LocalService\Local Settings\Application Data\sLT.exf
%WinDir%\bot.exe
%WinDir%\joowd.exe
%WinDir%\reasd.exe
%SysDir%\antivar.exe
%SysDir%\antogoi.exe
%SysDir%\drivers\svchost.exe
%TEMP%\3bu.exe
%TEMP%\8jd.exe
%TEMP%\eg5.exe
%TEMP%\f7n.exe
%TEMP%\i71.exe
%TEMP%\j78.exe
%TEMP%\u4e.exe
%WinDir%\zexor.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Host Generic Proces\Type: 10010000
HKLM\System\CurrentControlSet\Services\Host Generic Proces\Start: 02000000
HKLM\System\CurrentControlSet\Services\Host Generic Proces\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Host Generic Proces\DisplayName: Host Generic Proces
HKLM\System\CurrentControlSet\Services\Host Generic Proces\ImagePath: %WinDir%\System32\drivers\svchost.exe
HKLM\System\CurrentControlSet\Services\Pandoriums\Type: 10010000
HKLM\System\CurrentControlSet\Services\Pandoriums\Start: 02000000
HKLM\System\CurrentControlSet\Services\Pandoriums\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Pandoriums\DisplayName: Pandoriums
HKLM\System\CurrentControlSet\Services\Pandoriums\ImagePath: %WinDir%\System32\antivar.exe
HKLM\System\CurrentControlSet\Services\Serinfoe\Type: 10010000
HKLM\System\CurrentControlSet\Services\Serinfoe\Start: 02000000
HKLM\System\CurrentControlSet\Services\Serinfoe\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Serinfoe\DisplayName: Serinfoe
HKLM\System\CurrentControlSet\Services\Serinfoe\ImagePath: %WinDir%\zexor.exe
HKLM\System\CurrentControlSet\Services\Uiomotohypyto\Type: 10010000
HKLM\System\CurrentControlSet\Services\Uiomotohypyto\Start: 02000000
HKLM\System\CurrentControlSet\Services\Uiomotohypyto\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Uiomotohypyto\DisplayName: Waberra Teenpels
HKLM\System\CurrentControlSet\Services\Uiomotohypyto\ImagePath: %WinDir%\System32\antogoi.exe
HKLM\System\CurrentControlSet\Services\Wereficare\Type: 10010000
HKLM\System\CurrentControlSet\Services\Wereficare\Start: 02000000
HKLM\System\CurrentControlSet\Services\Wereficare\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Wereficare\DisplayName: Mountines Atmounts SE
HKLM\System\CurrentControlSet\Services\Wereficare\ImagePath: %WinDir%\joowd.exe
HKLM\System\CurrentControlSet\Services\Xereotice Cropess\Type: 10010000
HKLM\System\CurrentControlSet\Services\Xereotice Cropess\Start: 02000000
HKLM\System\CurrentControlSet\Services\Xereotice Cropess\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Xereotice Cropess\DisplayName: Joomleok Crocess
HKLM\System\CurrentControlSet\Services\Xereotice Cropess\ImagePath: %WinDir%\bot.exe
HKLM\System\CurrentControlSet\Services\Zereticareos\Type: 10010000
HKLM\System\CurrentControlSet\Services\Zereticareos\Start: 02000000
HKLM\System\CurrentControlSet\Services\Zereticareos\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Zereticareos\DisplayName: Tountines Araounteses
HKLM\System\CurrentControlSet\Services\Zereticareos\ImagePath: %WinDir%\reasd.exe

Detected by UnHackMe:

ANTIVAR.EXE
Default location: %SYSDIR%\ANTIVAR.EXE

Dropper information:
MD5: 102e440cc17134fff0216f2f1a67cdca
File size: 258052 bytes

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

ANTIVAR.EXE – Trojan Graftor removal

Created files:

Autostart registry keys:

Detected by UnHackMe:

Leave a Reply Cancel reply