I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
DEFAULT2.SFX – Trojan Eldorado removal
| File | MD5 | Virus Alias |
|---|---|---|
| DEFAULT2.SFX | 6ea48ed99348fa2276b44f6abbdea538 | Trojan Eldorado |
| DEFAULT2.SFX | 6ea48ed99348fa2276b44f6abbdea538 | Trojan SuspiciousFile |
| DEFAULT2.SFX | 6ea48ed99348fa2276b44f6abbdea538 | Trojan Ransom |
| DEFAULT2.SFX | 6ea48ed99348fa2276b44f6abbdea538 | Trojan CI |
| DEFAULT2.SFX | 6ea48ed99348fa2276b44f6abbdea538 | Trojan Agent |
DEFAULT2.SFX size: 95232 bytes
DEFAULT2.SFX hash: 6EA48ED99348FA2276B44F6ABBDEA538
Created files:
C:\ProgramData\stppthmain\stppthmain.dll
%SysDir%\cfwin32.dll
%SysDir%\csrss32.dll
%SysDir%\csrss64.dll
%SysDir%\default2.sfx
%SysDir%\NoSafeMode.dll
%SysDir%\nsf.exe
%SysDir%\sdelete.dll
%SysDir%\svchostsv.exe
%SysDir%\svschost.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\fdPHosts\Type: 10000000
HKLM\System\CurrentControlSet\Services\fdPHosts\Start: 02000000
HKLM\System\CurrentControlSet\Services\fdPHosts\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\fdPHosts\DisplayName: Wdi Function Discovery Provider Host Records
HKLM\System\CurrentControlSet\Services\fdPHosts\ImagePath: %WinDir%\System32\svschost.exe
HKLM\System\CurrentControlSet\Services\NIaSvc\Type: 10000000
HKLM\System\CurrentControlSet\Services\NIaSvc\Start: 02000000
HKLM\System\CurrentControlSet\Services\NIaSvc\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\NIaSvc\DisplayName: Network Locatlon Awareness
HKLM\System\CurrentControlSet\Services\NIaSvc\ImagePath: %WinDir%\System32\svchostsv.exe
Detected by UnHackMe:
DEFAULT2.SFX
Default location: %SYSDIR%\DEFAULT2.SFX
Dropper information:
MD5: 2bf56d3cf979266de943b5b3fec3c732
File size: 586055 bytes