PASSTHRU.SYS – Trojan Agent

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

PASSTHRU.SYS – Trojan Agent removal

FileMD5Virus Alias
PASSTHRU.SYS f23e8927cc852084f6ebaf3c7290ac80 Trojan Agent
PASSTHRU.SYS f23e8927cc852084f6ebaf3c7290ac80 Trojan SuspiciousFile
PASSTHRU.SYS f23e8927cc852084f6ebaf3c7290ac80 Trojan Generic
PASSTHRU.SYS f23e8927cc852084f6ebaf3c7290ac80 Trojan JboxGeneric
PASSTHRU.SYS f23e8927cc852084f6ebaf3c7290ac80 Trojan Jbox
PASSTHRU.SYS f23e8927cc852084f6ebaf3c7290ac80 Trojan Scar

PASSTHRU.SYS size: 15360 bytes
PASSTHRU.SYS hash: F23E8927CC852084F6EBAF3C7290AC80

Created files:

C:\passthru.sys
%WinDir%\inf\passthru.sys
%SysDir%\Black.dll
%SysDir%\Drivers\diskflt.sys
%SysDir%\Drivers\passthru.sys
%SysDir%\wininitw.exe
%TEMP%\passthru.sys
%TEMP%\snetcfg.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\BITS\Fuck_Time: 1
HKLM\System\CurrentControlSet\Services\diskflt\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\diskflt\Type: 01000000
HKLM\System\CurrentControlSet\Services\diskflt\Tag: 0A000000
HKLM\System\CurrentControlSet\Services\Wintesd fdde speed tdss \Type: 10000000
HKLM\System\CurrentControlSet\Services\Wintesd fdde speed tdss \Start: 02000000
HKLM\System\CurrentControlSet\Services\Wintesd fdde speed tdss \DisplayName: Windows Tfg ds789g speed tdl4
HKLM\System\CurrentControlSet\Services\Wintesd fdde speed tdss \ImagePath: %WinDir%\System32\wininitw.exe
HKLM\System\CurrentControlSet\Services\Wintesd fdde speed tdss \Description: This is Wintesd fdde speed tdss

Detected by UnHackMe:

PASSTHRU.SYS
Default location: %SYSDIR%\DRIVERS\PASSTHRU.SYS

Dropper information:
MD5: a7877de54fccebc5c229f29597ac22ca
File size: 204800 bytes

Leave a Reply