Solved! Use LOGMAN.EXE (Trojan Graftor) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

LOGMAN.EXE – Trojan Graftor removal

File MD5 Virus Alias
LOGMAN.EXE 00e5ea04c184368881f6dd0efdcf2161 Trojan Graftor
LOGMAN.EXE 00e5ea04c184368881f6dd0efdcf2161 Trojan, Suspicious File
LOGMAN.EXE 00e5ea04c184368881f6dd0efdcf2161 Trojan Ransom
LOGMAN.EXE 00e5ea04c184368881f6dd0efdcf2161 Trojan Generic
LOGMAN.EXE 00e5ea04c184368881f6dd0efdcf2161 Trojan Eldorado
LOGMAN.EXE 00e5ea04c184368881f6dd0efdcf2161 Trojan Downloader

LOGMAN.EXE size: 273408 bytes
LOGMAN.EXE hash: 00E5EA04C184368881F6DD0EFDCF2161

Created files:

%WinDir%\System\logman.exe
%WinDir%\System\lsm.exe
%AppData%\Microsoft\lsm.exe
%AppData%\wininit.exe
%Local AppData%\ieudinit.exe
%Temp%\Twain002.Mtx

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Logman: %WinDir%\System\logman.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\lsm service: %WinDir%\System\lsm.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\IEudInit: %Local AppData%\ieudinit.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lsm service: %AppData%\Microsoft\lsm.exe

Detected by UnHackMe:

LOGMAN.EXE
Default location: %WinDir%\SYSTEM\LOGMAN.EXE

Dropper information:
MD5: 00e5ea04c184368881f6dd0efdcf2161
File size: 273408 bytes

Leave a Reply