I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
CJ.EXE – Trojan Delf removal
| File | MD5 | Virus Alias |
|---|---|---|
| CJ.EXE | a3cf4e2b746c7be85717610b062559a1 | Trojan Delf |
| CJ.EXE | a3cf4e2b746c7be85717610b062559a1 | Trojan Generic |
| CJ.EXE | a3cf4e2b746c7be85717610b062559a1 | Trojan Click |
| CJ.EXE | a3cf4e2b746c7be85717610b062559a1 | Trojan Downloader |
| CJ.EXE | a3cf4e2b746c7be85717610b062559a1 | Backdoor Maximus |
| CJ.EXE | a3cf4e2b746c7be85717610b062559a1 | Trojan Agent |
CJ.EXE size: 167463 bytes
CJ.EXE hash: A3CF4E2B746C7BE85717610B062559A1
Created files:
%Program Files%\Explorer\ES2.dll
%Program Files%\Explorer\Explorer.exe
%SysDir%\es2.dll
%SysDir%\MsServices\MsService.dll
%SysDir%\MsServices\OldUnReg.dll
%SysDir%\MsServices\Reg.exe
%SysDir%\MsServices\svchost.dll
%SysDir%\MsServices\unreg1.dll
%TEMP%\cj.exe
%TEMP%\cj1.exe
%TEMP%\service_lina_ruanzhong1.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\MessageService\Type: 10000000
HKLM\System\CurrentControlSet\Services\MessageService\Start: 02000000
HKLM\System\CurrentControlSet\Services\MessageService\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\MessageService\DisplayName: MessageService
HKLM\System\CurrentControlSet\Services\MessageService\ImagePath: %WinDir%\System32\Svchost.exe -k MessageService
HKLM\System\CurrentControlSet\Services\MessageService\Description: ???????????????????,????????????????????,??????????????????????????????????????
HKLM\System\CurrentControlSet\Services\MessageService\Parameters\ServiceDll: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C004D007300530065007200760069006300650073005C0073007600630068006F00730074002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\TrkWsk\Type: 10010000
HKLM\System\CurrentControlSet\Services\TrkWsk\Start: 02000000
HKLM\System\CurrentControlSet\Services\TrkWsk\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\TrkWsk\ImagePath: 2500530079007300740065006D0052006F006F00740025005C00730079007300740065006D00330032005C0073007600630068006F00730074002E0065007800650020002D006B0020006E006500740073007600730063000000
HKLM\System\CurrentControlSet\Services\TrkWsk\DisplayName: Distributed Link Tracking Server
HKLM\System\CurrentControlSet\Services\TrkWsk\Group: netsvsc
HKLM\System\CurrentControlSet\Services\TrkWsk\ObjectName: LocalSystem
HKLM\System\CurrentControlSet\Services\TrkWsk\Description: ????? NTFS ?????????????????????????
HKLM\System\CurrentControlSet\Services\TrkWsk\Parameters\ServiceDll: 2500530079007300740065006D0052006F006F00740025005C00730079007300740065006D00330032005C004500530032002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\TrkWsk\Security\Security: 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000
Detected by UnHackMe:
CJ.EXE
Default location: %TEMP%\CJ.EXE
Dropper information:
MD5: 088cb5a2d53e93b5493d6070abc9e2c5
File size: 294569 bytes