I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
F7N.EXE – Trojan Graftor removal
| File | MD5 | Virus Alias |
|---|---|---|
| F7N.EXE | 9242f407d792df3dc6522bc570ce7ae8 | Trojan Graftor |
| F7N.EXE | 9242f407d792df3dc6522bc570ce7ae8 | Trojan SuspiciousFile |
| F7N.EXE | 9242f407d792df3dc6522bc570ce7ae8 | Trojan Eldorado |
| F7N.EXE | 9242f407d792df3dc6522bc570ce7ae8 | Trojan Downloader |
| F7N.EXE | 9242f407d792df3dc6522bc570ce7ae8 | Backdoor Maximus |
| F7N.EXE | 9242f407d792df3dc6522bc570ce7ae8 | Trojan Agent |
F7N.EXE size: 71287 bytes
F7N.EXE hash: 9242F407D792DF3DC6522BC570CE7AE8
Created files:
C:\Documents and Settings\LocalService\Local Settings\Application Data\sLT.exf
%WinDir%\bot.exe
%WinDir%\joowd.exe
%WinDir%\reasd.exe
%SysDir%\antivar.exe
%SysDir%\antogoi.exe
%SysDir%\drivers\svchost.exe
%TEMP%\3bu.exe
%TEMP%\8jd.exe
%TEMP%\eg5.exe
%TEMP%\f7n.exe
%TEMP%\i71.exe
%TEMP%\j78.exe
%TEMP%\u4e.exe
%WinDir%\zexor.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\Host Generic Proces\Type: 10010000
HKLM\System\CurrentControlSet\Services\Host Generic Proces\Start: 02000000
HKLM\System\CurrentControlSet\Services\Host Generic Proces\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Host Generic Proces\DisplayName: Host Generic Proces
HKLM\System\CurrentControlSet\Services\Host Generic Proces\ImagePath: %WinDir%\System32\drivers\svchost.exe
HKLM\System\CurrentControlSet\Services\Pandoriums\Type: 10010000
HKLM\System\CurrentControlSet\Services\Pandoriums\Start: 02000000
HKLM\System\CurrentControlSet\Services\Pandoriums\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Pandoriums\DisplayName: Pandoriums
HKLM\System\CurrentControlSet\Services\Pandoriums\ImagePath: %WinDir%\System32\antivar.exe
HKLM\System\CurrentControlSet\Services\Serinfoe\Type: 10010000
HKLM\System\CurrentControlSet\Services\Serinfoe\Start: 02000000
HKLM\System\CurrentControlSet\Services\Serinfoe\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Serinfoe\DisplayName: Serinfoe
HKLM\System\CurrentControlSet\Services\Serinfoe\ImagePath: %WinDir%\zexor.exe
HKLM\System\CurrentControlSet\Services\Uiomotohypyto\Type: 10010000
HKLM\System\CurrentControlSet\Services\Uiomotohypyto\Start: 02000000
HKLM\System\CurrentControlSet\Services\Uiomotohypyto\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Uiomotohypyto\DisplayName: Waberra Teenpels
HKLM\System\CurrentControlSet\Services\Uiomotohypyto\ImagePath: %WinDir%\System32\antogoi.exe
HKLM\System\CurrentControlSet\Services\Wereficare\Type: 10010000
HKLM\System\CurrentControlSet\Services\Wereficare\Start: 02000000
HKLM\System\CurrentControlSet\Services\Wereficare\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Wereficare\DisplayName: Mountines Atmounts SE
HKLM\System\CurrentControlSet\Services\Wereficare\ImagePath: %WinDir%\joowd.exe
HKLM\System\CurrentControlSet\Services\Xereotice Cropess\Type: 10010000
HKLM\System\CurrentControlSet\Services\Xereotice Cropess\Start: 02000000
HKLM\System\CurrentControlSet\Services\Xereotice Cropess\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Xereotice Cropess\DisplayName: Joomleok Crocess
HKLM\System\CurrentControlSet\Services\Xereotice Cropess\ImagePath: %WinDir%\bot.exe
HKLM\System\CurrentControlSet\Services\Zereticareos\Type: 10010000
HKLM\System\CurrentControlSet\Services\Zereticareos\Start: 02000000
HKLM\System\CurrentControlSet\Services\Zereticareos\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Zereticareos\DisplayName: Tountines Araounteses
HKLM\System\CurrentControlSet\Services\Zereticareos\ImagePath: %WinDir%\reasd.exe
Detected by UnHackMe:
F7N.EXE
Default location: %TEMP%\F7N.EXE
Dropper information:
MD5: 102e440cc17134fff0216f2f1a67cdca
File size: 258052 bytes