MAY BE SMANSA WAS WONDERFUL PLACE TO US.SCR – Trojan Agent removal

MAY BE SMANSA WAS WONDERFUL PLACE TO US.SCR size: 616885 bytes
MAY BE SMANSA WAS WONDERFUL PLACE TO US.SCR hash: 7D1F6D38167F039ADDD64D89B8D9B723

Created files:

C:\Penylethylamine.scr
%Program Files Common%\Aliciana.Alisa
%Program Files Common%\Emira.Emma
%Program Files%\Irma Triana.scr
%Program Files%\I_Miss_U_MyPrincess.scr
%Program Files%\May be Smansa was wonderful place to us.scr
%Program Files%\Your_Prince_Will_Be_Waiting_For_You.scr
C:\Renova.htt
%WinDir%\services.exe
%SysDir%\3IPA2.SMANSA.PKP.exe
%SysDir%\jd.exe
C:\Xenova.scr
%AppData%\Mr_CF\Renova_Join_Mr_CoolFace.htt
%Desktop%\Message For My Princess.scr
%UserProfile%\Local Settings\AKGNAB_UALUP.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Alumni_Smoensa_Pangkalpinang: Mr_CoolFaceDid You Miss Me… My PrincessThe Prince is Asking a QuestionIrma Trianainf4D2.tmp
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\My_Old_Class: 3IPA2.SMANSA.PKP.exeAlumni_Smoensa_Pangkalpinang\3IPA2.SMANSA.PKP.exeWindowsSecurityServ
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WindowsSecurityService: %WinDir%\services.exe2.SMANSA.PKP.exe9b8d9b723.EXE|X- |l?p????U???
HKCU\Control Panel\Desktop\SCRNSAVE.EXE: MR_COO~1.SCR

Detected by UnHackMe:

MAY BE SMANSA WAS WONDERFUL PLACE TO US.SCR
Default location: %PROGRAM FILES%\MAY BE SMANSA WAS WONDERFUL PLACE TO US.SCR

Dropper information:
MD5: 7d1f6d38167f039addd64d89b8d9b723
File size: 616885 bytes