HP3900.SYS – Trojan Dulom

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

HP3900.SYS – Trojan Dulom removal

FileMD5Virus Alias
HP3900.SYS 5b88a465204e1f2b852427625c62d296 Trojan Dulom
HP3900.SYS 5b88a465204e1f2b852427625c62d296 Trojan SuspiciousFile
HP3900.SYS 5b88a465204e1f2b852427625c62d296 Trojan Generic
HP3900.SYS 5b88a465204e1f2b852427625c62d296 Trojan CI
HP3900.SYS 5b88a465204e1f2b852427625c62d296 Trojan Agent
HP3900.SYS 5b88a465204e1f2b852427625c62d296 Trojan Banker

HP3900.SYS size: 3456 bytes
HP3900.SYS hash: 5B88A465204E1F2B852427625C62D296

Created files:

%SysDir%\drivers\agroio.sys
%SysDir%\drivers\hp3900.sys

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\agroio\Type: 01000000
HKLM\System\CurrentControlSet\Services\agroio\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\agroio\DisplayName: agroio
HKLM\System\CurrentControlSet\Services\agroio\ImagePath: %WinDir%\System32\drivers\agroio.sys
HKLM\System\CurrentControlSet\Services\hp3900\Type: 01000000
HKLM\System\CurrentControlSet\Services\hp3900\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\hp3900\DisplayName: hp3900
HKLM\System\CurrentControlSet\Services\hp3900\ImagePath: %WinDir%\System32\drivers\hp3900.sys
HKLM\System\CurrentControlSet\Services\hp3900\Group: Boot Bus Extender
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\alg: \Macromidia\alg.exe

Detected by UnHackMe:

HP3900.SYS
Default location: %SYSDIR%\DRIVERS\HP3900.SYS

Dropper information:
MD5: 7803d7f80da5ee8fdce1625bce653108
File size: 650240 bytes

Leave a Reply