Solved! Use CSSRSS.EXE (Trojan Graftor) Removal Guide

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

CSSRSS.EXE – Trojan Graftor removal

File MD5 Virus Alias
CSSRSS.EXE 432e866d46bf9f793cbb1f6cb350cc0b Trojan Graftor
CSSRSS.EXE 432e866d46bf9f793cbb1f6cb350cc0b Trojan SuspiciousFile
CSSRSS.EXE 432e866d46bf9f793cbb1f6cb350cc0b Trojan Generic
CSSRSS.EXE 432e866d46bf9f793cbb1f6cb350cc0b Trojan Downloader
CSSRSS.EXE 432e866d46bf9f793cbb1f6cb350cc0b Trojan Adload
CSSRSS.EXE 432e866d46bf9f793cbb1f6cb350cc0b Trojan Agent

CSSRSS.EXE size: 127532 bytes
CSSRSS.EXE hash: 432E866D46BF9F793CBB1F6CB350CC0B

Created files:

%WinDir%\Help\64.exe
%WinDir%\Help\cssrss.exe
%WinDir%\Help\WStemp.vbs
%WinDir%\Temp\HostService.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\iCount\Type: 10010000
HKLM\System\CurrentControlSet\Services\iCount\Start: 02000000
HKLM\System\CurrentControlSet\Services\iCount\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\iCount\DisplayName: iCount
HKLM\System\CurrentControlSet\Services\iCount\ImagePath: %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\System\CurrentControlSet\Services\iCount\Description: ????????
HKLM\System\CurrentControlSet\Services\iCount\SBIE_Win32ExitCode: 02000000
HKLM\System\CurrentControlSet\Services\iCount\Parameters\ServiceDll: 43003A005C00570049004E0044004F00570053005C00540065006D0070005C0048006F007300740053006500720076006900630065002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\iCount\Parameters\ServiceMain: ServiceMain

Detected by UnHackMe:

CSSRSS.EXE
Default location: %WinDir%\HELP\CSSRSS.EXE

Dropper information:
MD5: ebf59b34fd1ab3a0eed3853a69b7c98c
File size: 340775 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images