Solved! Use PCIDUMP.SYS (Trojan Agent) Removal Guide

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

PCIDUMP.SYS – Trojan Agent removal

File MD5 Virus Alias
PCIDUMP.SYS d058dd1757e857d2cf1afcadce95a521 Trojan Agent
PCIDUMP.SYS d058dd1757e857d2cf1afcadce95a521 Trojan SuspiciousFile
PCIDUMP.SYS d058dd1757e857d2cf1afcadce95a521 Trojan Lineage
PCIDUMP.SYS d058dd1757e857d2cf1afcadce95a521 Trojan Generic
PCIDUMP.SYS d058dd1757e857d2cf1afcadce95a521 Trojan Eldorado
PCIDUMP.SYS d058dd1757e857d2cf1afcadce95a521 Trojan Downloader

PCIDUMP.SYS size: 4352 bytes
PCIDUMP.SYS hash: D058DD1757E857D2CF1AFCADCE95A521

Created files:

%SysDir%\drivers\PCIDump.sys
%SysDir%\gyblack.lst
%SysDir%\lolcc.ss
%SysDir%\lolss.exe
%SysDir%\lolxcs.dll
%SysDir%\NetHelp32.exe
%SysDir%\RRsLol.exe
%SysDir%\WinHelp32.exe
%Temp%\bd.exe
%Temp%\L0L_Login.exe
%Temp%\LOLds.exe
%Temp%\LOL_Update.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\WS2IFSL\Type: 01000000
HKLM\System\CurrentControlSet\Services\WS2IFSL\Start: 01000000
HKLM\System\CurrentControlSet\Services\WS2IFSL\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\WS2IFSL\DisplayName: Windows Socket 2.0 Non-IFS Service Provider Support Environment
HKLM\System\CurrentControlSet\Services\WS2IFSL\ImagePath: \SystemRoot\System32\drivers\ws2ifsl.sys

Detected by UnHackMe:

PCIDUMP.SYS
Default location: %SYSDIR%\DRIVERS\PCIDUMP.SYS

Dropper information:
MD5: d397c60c346a1aaf0814431df307f41a
File size: 1263616 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images