I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
LZECKZHL.EXE – Trojan Crypt removal
File | MD5 | Virus Alias |
---|---|---|
LZECKZHL.EXE | 623f4fedaafa0fd648825a0d7a942597 | Trojan Crypt |
LZECKZHL.EXE | 623f4fedaafa0fd648825a0d7a942597 | Trojan Agent |
LZECKZHL.EXE size: 57856 bytes
LZECKZHL.EXE hash: 623F4FEDAAFA0FD648825A0D7A942597
Created files:
%Program Files Common%\Apple\Apple Application Support\WebKit.resources\inspector\lrrnsexs.exe
%Program Files Common%\System\ado\nhwelhke.exe
%Program Files%\NetMeeting\cbtrlewk.exe
%Program Files%\Safari\Safari.resources\bnczzbkn.exe
%Program Files%\Safari\Safari.resources\bnwttkbs.exe
%Program Files%\Safari\Safari.resources\brqcshec.exe
%Program Files%\Safari\Safari.resources\bwelbjvw.exe
%Program Files%\Safari\Safari.resources\Help\en.lproj\ttnjlehz.exe
%Program Files%\Safari\Safari.resources\Help\es.lproj\ljnbtzbn.exe
%Program Files%\Safari\Safari.resources\Help\it.lproj\xjhjbjtb.exe
%Program Files%\Safari\Safari.resources\Help\ja.lproj\lqzthjve.exe
%Program Files%\Safari\Safari.resources\Help\ko.lproj\rrcjscsc.exe
%Program Files%\Safari\Safari.resources\Help\nb.lproj\ereltzsj.exe
%Program Files%\Safari\Safari.resources\Help\nb.lproj\wkhlkvhc.exe
%Program Files%\Safari\Safari.resources\Help\nl.lproj\sqrhhehr.exe
%Program Files%\Safari\Safari.resources\Help\pt.lproj\qwbhkzhz.exe
%Program Files%\Safari\Safari.resources\Help\pt_PT.lproj\tkrljwlq.exe
%Program Files%\Safari\Safari.resources\Help\ru.lproj\brelkjqh.exe
%Program Files%\Safari\Safari.resources\Help\zh_CN.lproj\cwssrnkn.exe
%Program Files%\Safari\Safari.resources\Help\zh_CN.lproj\xbhssqjl.exe
%Program Files%\Safari\Safari.resources\hjzrrstb.exe
%Program Files%\Safari\Safari.resources\hsrxllws.exe
%Program Files%\Safari\Safari.resources\kejsevlj.exe
%Program Files%\Safari\Safari.resources\lkshvksz.exe
%Program Files%\Safari\Safari.resources\lkxekbkn.exe
%Program Files%\Safari\Safari.resources\lrnjbjws.exe
%Program Files%\Safari\Safari.resources\lzeckzhl.exe
%Program Files%\Safari\Safari.resources\nbbssehh.exe
%Program Files%\Safari\Safari.resources\ncqjlwlx.exe
%Program Files%\Safari\Safari.resources\nnesvett.exe
%Program Files%\Safari\Safari.resources\ntlzchhl.exe
%Program Files%\Safari\Safari.resources\nttlcrsv.exe
%Program Files%\Safari\Safari.resources\nxvzernr.exe
%Program Files%\Safari\Safari.resources\rjnjstej.exe
%Program Files%\Safari\Safari.resources\rxnrnlzc.exe
%Program Files%\Safari\Safari.resources\sbqkbcev.exe
%Program Files%\Safari\Safari.resources\SnippetEditor\kerwnckt.exe
%Program Files%\Safari\Safari.resources\tebvkjxn.exe
%Program Files%\Safari\Safari.resources\texqsbsk.exe
%Program Files%\Safari\Safari.resources\tjjbkwre.exe
%Program Files%\Safari\Safari.resources\tqssslhl.exe
%Program Files%\Safari\Safari.resources\trkebnhc.exe
%Program Files%\Safari\Safari.resources\ttbejntt.exe
%Program Files%\Safari\Safari.resources\vhxjxhrx.exe
%Program Files%\Safari\Safari.resources\ztqhlxnt.exe
%WinDir%\Help\ebhjntcl.exe
%WinDir%\Help\jltrernb.exe
%WinDir%\Help\senkevrn.exe
%WinDir%\Help\Tours\htmlTour\bjtckbnv.exe
%WinDir%\Help\Tours\htmlTour\bteesksk.exe
%WinDir%\Help\Tours\htmlTour\btkhnskj.exe
%WinDir%\Help\Tours\htmlTour\cknsevjc.exe
%WinDir%\Help\Tours\htmlTour\ejnnwhkv.exe
%WinDir%\Help\Tours\htmlTour\ekvehkkr.exe
%WinDir%\Help\Tours\htmlTour\elnqhjhe.exe
%WinDir%\Help\Tours\htmlTour\eresszbw.exe
%WinDir%\Help\Tours\htmlTour\heewexxj.exe
%WinDir%\Help\Tours\htmlTour\hnhbjljj.exe
%WinDir%\Help\Tours\htmlTour\jbwlzbjq.exe
%WinDir%\Help\Tours\htmlTour\jvbbzkve.exe
%WinDir%\Help\Tours\htmlTour\kexhnbrn.exe
%WinDir%\Help\Tours\htmlTour\lbkhesre.exe
%WinDir%\Help\Tours\htmlTour\nwnlnqlt.exe
%WinDir%\Help\Tours\htmlTour\rlnlncbn.exe
%WinDir%\Help\Tours\htmlTour\rzsbnlen.exe
%WinDir%\Help\Tours\htmlTour\sllhjkzl.exe
%WinDir%\Help\Tours\htmlTour\svnbntxj.exe
%WinDir%\Help\Tours\htmlTour\sxwkhwcz.exe
%WinDir%\Help\Tours\htmlTour\thbzcqsr.exe
%WinDir%\Help\Tours\htmlTour\tnqkrbsh.exe
%WinDir%\Help\Tours\htmlTour\tqbhxkqj.exe
%WinDir%\Help\Tours\htmlTour\vrqhjjrh.exe
%WinDir%\Help\Tours\htmlTour\zxjbnlnz.exe
%WinDir%\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe
%WinDir%\Help\Tours\WindowsMediaPlayer\Cnt\hrjbkzjr.exe
%WinDir%\pchealth\helpctr\System\CompatCtr\hrtbebze.exe
%WinDir%\pchealth\helpctr\System\CompatCtr\jbnxjtkn.exe
%WinDir%\pchealth\helpctr\System\CompatCtr\tnslrrhk.exe
%WinDir%\pchealth\helpctr\System\CompatCtr\zlhqrlbx.exe
%WinDir%\pchealth\helpctr\System\DFS\jlejjblt.exe
%WinDir%\pchealth\helpctr\System\DFS\jnxckxkh.exe
%WinDir%\pchealth\helpctr\System\DFS\nbzhnzrx.exe
%WinDir%\pchealth\helpctr\System\panels\nntlskwn.exe
%WinDir%\pchealth\helpctr\System\panels\sncncweb.exe
%WinDir%\pchealth\helpctr\System\Remote Assistance\rzqstbqq.exe
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hrnjeckt.exe
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\hrnjeckt.exe
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\vxwqhwzs.exe
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\hrnjeckt.exe
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\vxwqhwzs.exe
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Common\helchwrq.exe
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\qhknnnjv.exe
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Windows Component Publisher,L=Redmond,S=Washington,C=US\Remote Assistance\helchwrq.exe
%SysDir%\oobe\html\dslmain\erzznbjl.exe
%SysDir%\oobe\html\dslmain\hbxcxbwx.exe
%SysDir%\oobe\html\dslmain\rlreernv.exe
%SysDir%\oobe\html\isptype\lnvlnzbq.exe
%SysDir%\oobe\icserror\vcejlxkt.exe
%SysDir%\oobe\icserror\wjlnrwtw.exe
%SysDir%\oobe\nhbvqlkw.exe
%SysDir%\oobe\njhnwhbj.exe
%SysDir%\oobe\qjeejeej.exe
%SysDir%\oobe\setup\bknkjheh.exe
%SysDir%\oobe\setup\bvqncler.exe
%SysDir%\oobe\setup\crjrhltv.exe
%SysDir%\oobe\setup\elrbjlrn.exe
%SysDir%\oobe\setup\enbsjwre.exe
%SysDir%\oobe\setup\esjhxblq.exe
%SysDir%\oobe\setup\eskcxkhr.exe
%SysDir%\oobe\setup\hlqstwxz.exe
%SysDir%\oobe\setup\hnhkkene.exe
%SysDir%\oobe\setup\hwncrnhh.exe
%SysDir%\oobe\setup\hxckwnzl.exe
%SysDir%\oobe\setup\hxxttskn.exe
%SysDir%\oobe\setup\jejrhnvh.exe
%SysDir%\oobe\setup\jtxsbxwn.exe
%SysDir%\oobe\setup\kjqkxtnz.exe
%SysDir%\oobe\setup\kksksesr.exe
%SysDir%\oobe\setup\knkhrczb.exe
%SysDir%\oobe\setup\lhkhbjzl.exe
%SysDir%\oobe\setup\lkjtrhks.exe
%SysDir%\oobe\setup\lnestrnt.exe
%SysDir%\oobe\setup\nkhlvlzt.exe
%SysDir%\oobe\setup\nleevxqj.exe
%SysDir%\oobe\setup\nstnnnkk.exe
%SysDir%\oobe\setup\ntwbjnxv.exe
%SysDir%\oobe\setup\nvbbshss.exe
%SysDir%\oobe\setup\nwqjkkhn.exe
%SysDir%\oobe\setup\rresnsct.exe
%SysDir%\oobe\setup\rserkten.exe
%SysDir%\oobe\setup\sejkhevn.exe
%SysDir%\oobe\setup\seqtjbee.exe
%SysDir%\oobe\setup\shbqjhcl.exe
%SysDir%\oobe\setup\tnqsbljb.exe
%SysDir%\oobe\setup\tqkbrhnx.exe
%SysDir%\oobe\setup\tthzxntk.exe
%SysDir%\oobe\setup\vjbssbhj.exe
%SysDir%\oobe\setup\vkckxhbn.exe
%SysDir%\oobe\setup\wnklretl.exe
%SysDir%\oobe\setup\wrbbnjss.exe
%SysDir%\oobe\setup\wtenslnj.exe
%SysDir%\oobe\setup\zeblsxxw.exe
%SysDir%\oobe\setup\zhhrrltb.exe
%SysDir%\oobe\setup\zhzsnhje.exe
%SysDir%\oobe\setup\znnhhhtk.exe
%SysDir%\oobe\tttnwshl.exe
%SysDir%\urdvxc.exe
%WinDir%\Web\wxelrczk.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\MSWindows\Type: 10010000
HKLM\System\CurrentControlSet\Services\MSWindows\Start: 02000000
HKLM\System\CurrentControlSet\Services\MSWindows\DisplayName: Network Windows Service
HKLM\System\CurrentControlSet\Services\MSWindows\ImagePath: “%WinDir%\System32\urdvxc.exe” /service
Detected by UnHackMe:
LZECKZHL.EXE
Default location: %PROGRAM FILES%\SAFARI\SAFARI.RESOURCES\LZECKZHL.EXE
Dropper information:
MD5: 10a5dd39944fb8a93f561180db041979
File size: 57856 bytes