CTFMON.EXE – Trojan QQPass

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

CTFMON.EXE – Trojan QQPass removal

FileMD5Virus Alias
CTFMON.EXE 33d091327da1eb1913bf2ec1266350f4 Trojan QQPass
CTFMON.EXE 33d091327da1eb1913bf2ec1266350f4 Trojan SuspiciousFile
CTFMON.EXE 33d091327da1eb1913bf2ec1266350f4 Trojan Generic
CTFMON.EXE 33d091327da1eb1913bf2ec1266350f4 Trojan Hllw
CTFMON.EXE 33d091327da1eb1913bf2ec1266350f4 Trojan DNAScan
CTFMON.EXE 33d091327da1eb1913bf2ec1266350f4 Trojan Small

CTFMON.EXE size: 475281 bytes
CTFMON.EXE hash: 33D091327DA1EB1913BF2EC1266350F4

Created files:

C:\Documents and Settings\DJOJ.EXE
C:\Documents and Settings\svchost.exe
C:\filedebug
C:\HYZ.EXE
C:\QOO.EXE
C:\System Volume Information\ctfmon.exe
C:\System Volume Information\IIOBMJQ.EXE
%SysDir%\Ms7002.dll
%SysDir%\TPNHLX.EXE

Autostart registry keys:

HKLM\Software\Classes\CLSID\{7CD4138D-4147-420B-9749-00A13B526785}\InprocServer32 : %WinDir%\System32\Ms7002.dll
HKLM\Software\Classes\txtfile\shell\open\command : C:\.\HYZ.EXE %1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TXJSXR.EXE: C:\System Volume Information\ctfmon.exe
HKLM\System\CurrentControlSet\Services\NKMMTY.EXE\Type: 10010000
HKLM\System\CurrentControlSet\Services\NKMMTY.EXE\Start: 02000000
HKLM\System\CurrentControlSet\Services\NKMMTY.EXE\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\NKMMTY.EXE\DisplayName: NKMMTY.EXE
HKLM\System\CurrentControlSet\Services\NKMMTY.EXE\ImagePath: C:\Sandboxie\NKMMTY.EXE

Detected by UnHackMe:

CTFMON.EXE
Default location: C:\SYSTEM VOLUME INFORMATION\CTFMON.EXE

Dropper information:
MD5: 040c03113ba08997e90a59075dcd9851
File size: 474665 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images