I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
NETHELP32.EXE – Trojan Graftor removal
| File | MD5 | Virus Alias |
|---|---|---|
| NETHELP32.EXE | 78e4301b71d771b7ddd1346a6282d65e | Trojan Graftor |
| NETHELP32.EXE | 78e4301b71d771b7ddd1346a6282d65e | Trojan SuspiciousFile |
| NETHELP32.EXE | 78e4301b71d771b7ddd1346a6282d65e | Trojan Artemis |
| NETHELP32.EXE | 78e4301b71d771b7ddd1346a6282d65e | Trojan XPACK |
| NETHELP32.EXE | 78e4301b71d771b7ddd1346a6282d65e | Trojan Generic |
| NETHELP32.EXE | 78e4301b71d771b7ddd1346a6282d65e | Trojan Eldorado |
NETHELP32.EXE size: 626966 bytes
NETHELP32.EXE hash: 78E4301B71D771B7DDD1346A6282D65E
Created files:
%SysDir%\drivers\PCIDump.sys
%SysDir%\gyblack.lst
%SysDir%\lolcc.ss
%SysDir%\lolss.exe
%SysDir%\lolxcs.dll
%SysDir%\NetHelp32.exe
%SysDir%\RRsLol.exe
%SysDir%\WinHelp32.exe
%Temp%\bd.exe
%Temp%\L0L_Login.exe
%Temp%\LOLds.exe
%Temp%\LOL_Update.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\WS2IFSL\Type: 01000000
HKLM\System\CurrentControlSet\Services\WS2IFSL\Start: 01000000
HKLM\System\CurrentControlSet\Services\WS2IFSL\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\WS2IFSL\DisplayName: Windows Socket 2.0 Non-IFS Service Provider Support Environment
HKLM\System\CurrentControlSet\Services\WS2IFSL\ImagePath: \SystemRoot\System32\drivers\ws2ifsl.sys
Detected by UnHackMe:
NETHELP32.EXE
Default location: %SYSDIR%\NETHELP32.EXE
Dropper information:
MD5: d397c60c346a1aaf0814431df307f41a
File size: 1263616 bytes