ANTIVAR.EXE – Trojan Graftor

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

ANTIVAR.EXE – Trojan Graftor removal

FileMD5Virus Alias
ANTIVAR.EXE 47cb33aebbd6fe51d86e97d60ad33345 Trojan Graftor
ANTIVAR.EXE 47cb33aebbd6fe51d86e97d60ad33345 Trojan SuspiciousFile
ANTIVAR.EXE 47cb33aebbd6fe51d86e97d60ad33345 Trojan Eldorado
ANTIVAR.EXE 47cb33aebbd6fe51d86e97d60ad33345 Trojan Downloader
ANTIVAR.EXE 47cb33aebbd6fe51d86e97d60ad33345 Backdoor Maximus
ANTIVAR.EXE 47cb33aebbd6fe51d86e97d60ad33345 Trojan Agent

ANTIVAR.EXE size: 71287 bytes
ANTIVAR.EXE hash: 47CB33AEBBD6FE51D86E97D60AD33345

Created files:

C:\Documents and Settings\LocalService\Local Settings\Application Data\sLT.exf
%WinDir%\bot.exe
%WinDir%\joowd.exe
%WinDir%\reasd.exe
%SysDir%\antivar.exe
%SysDir%\antogoi.exe
%SysDir%\drivers\svchost.exe
%TEMP%\3bu.exe
%TEMP%\8jd.exe
%TEMP%\eg5.exe
%TEMP%\f7n.exe
%TEMP%\i71.exe
%TEMP%\j78.exe
%TEMP%\u4e.exe
%WinDir%\zexor.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Host Generic Proces\Type: 10010000
HKLM\System\CurrentControlSet\Services\Host Generic Proces\Start: 02000000
HKLM\System\CurrentControlSet\Services\Host Generic Proces\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Host Generic Proces\DisplayName: Host Generic Proces
HKLM\System\CurrentControlSet\Services\Host Generic Proces\ImagePath: %WinDir%\System32\drivers\svchost.exe
HKLM\System\CurrentControlSet\Services\Pandoriums\Type: 10010000
HKLM\System\CurrentControlSet\Services\Pandoriums\Start: 02000000
HKLM\System\CurrentControlSet\Services\Pandoriums\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Pandoriums\DisplayName: Pandoriums
HKLM\System\CurrentControlSet\Services\Pandoriums\ImagePath: %WinDir%\System32\antivar.exe
HKLM\System\CurrentControlSet\Services\Serinfoe\Type: 10010000
HKLM\System\CurrentControlSet\Services\Serinfoe\Start: 02000000
HKLM\System\CurrentControlSet\Services\Serinfoe\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Serinfoe\DisplayName: Serinfoe
HKLM\System\CurrentControlSet\Services\Serinfoe\ImagePath: %WinDir%\zexor.exe
HKLM\System\CurrentControlSet\Services\Uiomotohypyto\Type: 10010000
HKLM\System\CurrentControlSet\Services\Uiomotohypyto\Start: 02000000
HKLM\System\CurrentControlSet\Services\Uiomotohypyto\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Uiomotohypyto\DisplayName: Waberra Teenpels
HKLM\System\CurrentControlSet\Services\Uiomotohypyto\ImagePath: %WinDir%\System32\antogoi.exe
HKLM\System\CurrentControlSet\Services\Wereficare\Type: 10010000
HKLM\System\CurrentControlSet\Services\Wereficare\Start: 02000000
HKLM\System\CurrentControlSet\Services\Wereficare\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Wereficare\DisplayName: Mountines Atmounts SE
HKLM\System\CurrentControlSet\Services\Wereficare\ImagePath: %WinDir%\joowd.exe
HKLM\System\CurrentControlSet\Services\Xereotice Cropess\Type: 10010000
HKLM\System\CurrentControlSet\Services\Xereotice Cropess\Start: 02000000
HKLM\System\CurrentControlSet\Services\Xereotice Cropess\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Xereotice Cropess\DisplayName: Joomleok Crocess
HKLM\System\CurrentControlSet\Services\Xereotice Cropess\ImagePath: %WinDir%\bot.exe
HKLM\System\CurrentControlSet\Services\Zereticareos\Type: 10010000
HKLM\System\CurrentControlSet\Services\Zereticareos\Start: 02000000
HKLM\System\CurrentControlSet\Services\Zereticareos\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Zereticareos\DisplayName: Tountines Araounteses
HKLM\System\CurrentControlSet\Services\Zereticareos\ImagePath: %WinDir%\reasd.exe

Detected by UnHackMe:

ANTIVAR.EXE
Default location: %SYSDIR%\ANTIVAR.EXE

Dropper information:
MD5: 102e440cc17134fff0216f2f1a67cdca
File size: 258052 bytes

Leave a Reply