ENTENG.EXE – Trojan Agent removal

ENTENG.EXE size: 92160 bytes
ENTENG.EXE hash: 0213AFD3721928DAA1FD4192C9EDAF16

Created files:

%Program Files Common%\msbuildnt32\enteng.exe

Autostart registry keys:

HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445a} : msbuildnt32 (VML)
HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445a}\StubPath: %Program Files Common%\msbuildnt32\enteng.exe /starta
HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445a}\ComponentID: msbuildnt32
HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445a}\Version: 3,0,214,01
HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445a}\Locale: EN
HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445b} : msbuildnt32 (VML)
HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445b}\StubPath: %Program Files Common%\msbuildnt32\enteng.exe /startb
HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445b}\ComponentID: msbuildnt32
HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445b}\Version: 3,0,214,01
HKLM\Software\Microsoft\Active Setup\Installed Components\{003g66230-a069-12d1-a5ar-00eb30985445b}\Locale: EN

Detected by UnHackMe:

ENTENG.EXE
Default location: %PROGRAM FILES COMMON%\MSBUILDNT32\ENTENG.EXE

Dropper information:
MD5: 0213afd3721928daa1fd4192c9edaf16
File size: 92160 bytes