CSRSS.EXE – Trojan Agent removal

File	MD5	Virus Alias
CSRSS.EXE	0aa16f7139ae1ab16de3705f1c77bf54	Trojan Agent
CSRSS.EXE	0aa16f7139ae1ab16de3705f1c77bf54	Trojan Artemis
CSRSS.EXE	0aa16f7139ae1ab16de3705f1c77bf54	Trojan Small
CSRSS.EXE	0aa16f7139ae1ab16de3705f1c77bf54	Trojan Invader

CSRSS.EXE size: 360680 bytes
CSRSS.EXE hash: 0AA16F7139AE1AB16DE3705F1C77BF54

Created files:

C:\Explorer\Folder.htt
C:\Explorer\Launch_U3.exe
C:\Explorer\msvbvm60.dll
C:\LaunchU3systemprofile.exe
%WinDir%\msvbvm60.dll
%UserProfile%\Local Settings\Application Data\WINDOWS\CSRSS.EXE
%UserProfile%\Local Settings\Application Data\WINDOWS\SERVICES.EXE
%UserProfile%\Local Settings\Application Data\WINDOWS\SMSS.EXE
%SysDir%\msvbvm60.dll
%SysDir%\shell.exe
%SysDir%\Telematika.scr
%WinDir%\WlNLOGON.EXE
C:\WlNLOGON.EXE

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\LogonSystemprofile: %Local AppData%\WINDOWS\CSRSS.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\System Monitoring: %Local AppData%\WINDOWS\SMSS.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe “%WinDir%\System32\Shell.exe”
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,%WinDir%\System32\Shell.exe
HKCU\Control Panel\Desktop\SCRNSAVE.EXE: %WinDir%\System32\TELEMA~1.SCR
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Depkominfo: %WinDir%\WlNLOGON.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ServiceSystemprofile: %Local AppData%\WINDOWS\SERVICES.EXE

Detected by UnHackMe:

CSRSS.EXE
Default location: %LOCAL APPDATA%\WINDOWS\CSRSS.EXE

Dropper information:
MD5: 0aa16f7139ae1ab16de3705f1c77bf54
File size: 360680 bytes

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

CSRSS.EXE – Trojan Agent removal

Created files:

Autostart registry keys:

Detected by UnHackMe:

Leave a Reply Cancel reply