Solved! Use MESSENGER.EXE (Trojan Agent) Removal Guide

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

MESSENGER.EXE – Trojan Agent removal

FileMD5Virus Alias
MESSENGER.EXE 72a6d43a220aff3e2c3afc7ee86f5cad Trojan Agent
MESSENGER.EXE 72a6d43a220aff3e2c3afc7ee86f5cad Trojan (Suspicious File)
MESSENGER.EXE 72a6d43a220aff3e2c3afc7ee86f5cad Trojan Generic
MESSENGER.EXE 72a6d43a220aff3e2c3afc7ee86f5cad Trojan NSIS
MESSENGER.EXE 72a6d43a220aff3e2c3afc7ee86f5cad Trojan Downloader
MESSENGER.EXE 72a6d43a220aff3e2c3afc7ee86f5cad Trojan StartPage

MESSENGER.EXE size: 93761 bytes
MESSENGER.EXE hash: 72A6D43A220AFF3E2C3AFC7EE86F5CAD

Created files:

C:\messenger.exe
%Program Files Common%\Microsoft Shared\Web Components\messenger.exe
%SysDir%\drivers\rootrepeal.sys
%Temp%\hosts
%Temp%\RootRepeal.exe
%Temp%\svchost.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\messenger.exe: %Program Files Common%\Microsoft Shared\Web Components\messenger.exe
HKLM\System\CurrentControlSet\Services\rootrepeal\Type: 01000000
HKLM\System\CurrentControlSet\Services\rootrepeal\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\rootrepeal\Start: 03000000
HKLM\System\CurrentControlSet\Services\rootrepeal\ImagePath: \??\%WinDir%\System32\drivers\rootrepeal.sys

Detected by UnHackMe:

MESSENGER.EXE
Default location: %PROGRAM FILES COMMON%\MICROSOFT SHARED\WEB COMPONENTS\MESSENGER.EXE

Dropper information:
MD5: c5cebe57ec90a09a24db86bcb1bb32d3
File size: 707893 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images