I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
ES2.DLL – Trojan Delf removal
| File | MD5 | Virus Alias |
|---|---|---|
| ES2.DLL | 84e6d4d2995e2da839b5acbe5705758d | Trojan Delf |
| ES2.DLL | 84e6d4d2995e2da839b5acbe5705758d | Trojan Artemis |
| ES2.DLL | 84e6d4d2995e2da839b5acbe5705758d | Trojan Xema |
| ES2.DLL | 84e6d4d2995e2da839b5acbe5705758d | Trojan Eldorado |
| ES2.DLL | 84e6d4d2995e2da839b5acbe5705758d | Trojan Downloader |
| ES2.DLL | 84e6d4d2995e2da839b5acbe5705758d | Backdoor Maximus |
ES2.DLL size: 253952 bytes
ES2.DLL hash: 84E6D4D2995E2DA839B5ACBE5705758D
Created files:
%Program Files%\Explorer\ES2.dll
%Program Files%\Explorer\Explorer.exe
%SysDir%\es2.dll
%SysDir%\MsServices\MsService.dll
%SysDir%\MsServices\OldUnReg.dll
%SysDir%\MsServices\Reg.exe
%SysDir%\MsServices\svchost.dll
%SysDir%\MsServices\unreg1.dll
%TEMP%\cj.exe
%TEMP%\cj1.exe
%TEMP%\service_lina_ruanzhong1.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\MessageService\Type: 10000000
HKLM\System\CurrentControlSet\Services\MessageService\Start: 02000000
HKLM\System\CurrentControlSet\Services\MessageService\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\MessageService\DisplayName: MessageService
HKLM\System\CurrentControlSet\Services\MessageService\ImagePath: %WinDir%\System32\Svchost.exe -k MessageService
HKLM\System\CurrentControlSet\Services\MessageService\Description: ???????????????????,????????????????????,??????????????????????????????????????
HKLM\System\CurrentControlSet\Services\MessageService\Parameters\ServiceDll: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C004D007300530065007200760069006300650073005C0073007600630068006F00730074002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\TrkWsk\Type: 10010000
HKLM\System\CurrentControlSet\Services\TrkWsk\Start: 02000000
HKLM\System\CurrentControlSet\Services\TrkWsk\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\TrkWsk\ImagePath: 2500530079007300740065006D0052006F006F00740025005C00730079007300740065006D00330032005C0073007600630068006F00730074002E0065007800650020002D006B0020006E006500740073007600730063000000
HKLM\System\CurrentControlSet\Services\TrkWsk\DisplayName: Distributed Link Tracking Server
HKLM\System\CurrentControlSet\Services\TrkWsk\Group: netsvsc
HKLM\System\CurrentControlSet\Services\TrkWsk\ObjectName: LocalSystem
HKLM\System\CurrentControlSet\Services\TrkWsk\Description: ????? NTFS ?????????????????????????
HKLM\System\CurrentControlSet\Services\TrkWsk\Parameters\ServiceDll: 2500530079007300740065006D0052006F006F00740025005C00730079007300740065006D00330032005C004500530032002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\TrkWsk\Security\Security: 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000
Detected by UnHackMe:
ES2.DLL
Default location: %PROGRAM FILES%\EXPLORER\ES2.DLL
Dropper information:
MD5: 088cb5a2d53e93b5493d6070abc9e2c5
File size: 294569 bytes