CDNPROT.SYS – Trojan Agent

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

CDNPROT.SYS – Trojan Agent removal

FileMD5Virus Alias
CDNPROT.SYS 4532c5ffb0dc6eb66ed506ffaac100b5 Trojan Agent
CDNPROT.SYS 4532c5ffb0dc6eb66ed506ffaac100b5 Trojan Small

CDNPROT.SYS size: 170752 bytes
CDNPROT.SYS hash: 4532C5FFB0DC6EB66ED506FFAAC100B5

Created files:

%TEMP%\2vns3s.dll
%TEMP%\33\cdn.dll
%TEMP%\33\cdnaux.dll
%TEMP%\33\cdncmd.dll
%TEMP%\33\cdncol.dll
%TEMP%\33\cdndet.dll
%TEMP%\33\cdndrag.dll
%TEMP%\33\cdnforie.dll
%TEMP%\33\cdnins.dll
%TEMP%\33\cdnns.dll
%TEMP%\33\cdnprh.dll
%TEMP%\33\cdnprot.sys
%TEMP%\33\cdnsign.dll
%TEMP%\33\cdntdns.dll
%TEMP%\33\cdntran.sys
%TEMP%\33\cdnuc.exe
%TEMP%\33\cdnunins.exe
%TEMP%\33\cdnup.exe
%TEMP%\33\cdnuplib.dll
%TEMP%\33\client.dll
%TEMP%\33\idnconv.dll
%TEMP%\33\iesrch.dll
%TEMP%\33\imaoe.dll
%TEMP%\33\rbtnhtm.cab
%TEMP%\33\setup.exe
%TEMP%\33\wmhlpr.dll
%TEMP%\cijbdswwkb
%TEMP%\r6qqyl.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\cijbdsw\Type: 01000000
HKLM\System\CurrentControlSet\Services\cijbdsw\Start: 03000000
HKLM\System\CurrentControlSet\Services\cijbdsw\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\cijbdsw\DisplayName: cijbdsw
HKLM\System\CurrentControlSet\Services\cijbdsw\ImagePath: %TEMP%\cijbdswwkb

Detected by UnHackMe:

CDNPROT.SYS
Default location: %TEMP%\33\CDNPROT.SYS

Dropper information:
MD5: 239831e7cf8be91748bd79c16f8eeea2
File size: 670208 bytes

Leave a Reply