Solved! Use RASAPI32.DLL.BAK1 (Trojan Artemis) Removal Guide

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

RASAPI32.DLL.BAK1 – Trojan Artemis removal

FileMD5Virus Alias
RASAPI32.DLL.BAK1 81a0a7f41f2a06f74c2323b0db964fd5 Trojan Artemis
RASAPI32.DLL.BAK1 81a0a7f41f2a06f74c2323b0db964fd5 Trojan, Suspicious File
RASAPI32.DLL.BAK1 81a0a7f41f2a06f74c2323b0db964fd5 Trojan Eldorado
RASAPI32.DLL.BAK1 81a0a7f41f2a06f74c2323b0db964fd5 Trojan OnLineGames
RASAPI32.DLL.BAK1 81a0a7f41f2a06f74c2323b0db964fd5 Trojan Agent

RASAPI32.DLL.BAK1 size: 237568 bytes
RASAPI32.DLL.BAK1 hash: 81A0A7F41F2A06F74C2323B0DB964FD5

Created files:

%SysDir%\dllcache\rasapi32.dll.gaga
%SysDir%\e0x2.dll
%SysDir%\e4882184.e48
%SysDir%\edclient.exe
%SysDir%\rasapi32.dll.bak
%SysDir%\rasapi32.dll.bak1
%SysDir%\secposs.exe
%SysDir%\shedowfiter.exe
%SysDir%\vstaroge.exe
%SysDir%\wloadclient.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\54rk: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0073006800650064006F007700660069007400650072002E006500780065000000AC202E002400000000000000DC007300B8000000DC0073004800FB00120000000600000000000000AE002C0018207C00E4002C0018207C0051002D0018207C0058002D0018207C0046000000000000001000020000000000080002000000000000000000000000007000FB00120000000000D000FD007F00E000FB001200000000000000000000004000C00014000000FF00FF00FF00FF0058002D0018207C00000000001400000001000000000000000000000014000000A000F900120000000400010000000000B000FF0012000000100000000100000042000000000000001800FB00120000000000000000000000B000FF00120000000000E90090007C004000000018207C00FF00FF00FF00FF003D00000018207C005201040018207C00000000001400000000000000000000007000C10014000000F800FB00120000006200040018207C007000C10014000000A000F700C50077005800FE00120000004E006200C40077001800FC00120000007D006200C40077005800FE0012000000A80070004000000000000000000000000000000000000000C000FF001200000051005400400000005800FE0012000000A800700040000000

Detected by UnHackMe:

RASAPI32.DLL.BAK1
Default location: %SYSDIR%\RASAPI32.DLL.BAK1

Dropper information:
MD5: 7e1e091cf0f39b90a56e1ba21aa1ae87
File size: 348160 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images