REG.EXE – Trojan Adload

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

REG.EXE – Trojan Adload removal

FileMD5Virus Alias
REG.EXE 78432c25058e1d807f20a01a66e9c1f4 Trojan Adload
REG.EXE 78432c25058e1d807f20a01a66e9c1f4 Trojan SuspiciousFile
REG.EXE 78432c25058e1d807f20a01a66e9c1f4 Trojan Downloader
REG.EXE 78432c25058e1d807f20a01a66e9c1f4 Trojan Agent

REG.EXE size: 24576 bytes
REG.EXE hash: 78432C25058E1D807F20A01A66E9C1F4

Created files:

%Program Files%\Explorer\ES2.dll
%Program Files%\Explorer\Explorer.exe
%SysDir%\es2.dll
%SysDir%\MsServices\MsService.dll
%SysDir%\MsServices\OldUnReg.dll
%SysDir%\MsServices\Reg.exe
%SysDir%\MsServices\svchost.dll
%SysDir%\MsServices\unreg1.dll
%TEMP%\cj.exe
%TEMP%\cj1.exe
%TEMP%\service_lina_ruanzhong1.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\MessageService\Type: 10000000
HKLM\System\CurrentControlSet\Services\MessageService\Start: 02000000
HKLM\System\CurrentControlSet\Services\MessageService\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\MessageService\DisplayName: MessageService
HKLM\System\CurrentControlSet\Services\MessageService\ImagePath: %WinDir%\System32\Svchost.exe -k MessageService
HKLM\System\CurrentControlSet\Services\MessageService\Description: ???????????????????,????????????????????,??????????????????????????????????????
HKLM\System\CurrentControlSet\Services\MessageService\Parameters\ServiceDll: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C004D007300530065007200760069006300650073005C0073007600630068006F00730074002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\TrkWsk\Type: 10010000
HKLM\System\CurrentControlSet\Services\TrkWsk\Start: 02000000
HKLM\System\CurrentControlSet\Services\TrkWsk\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\TrkWsk\ImagePath: 2500530079007300740065006D0052006F006F00740025005C00730079007300740065006D00330032005C0073007600630068006F00730074002E0065007800650020002D006B0020006E006500740073007600730063000000
HKLM\System\CurrentControlSet\Services\TrkWsk\DisplayName: Distributed Link Tracking Server
HKLM\System\CurrentControlSet\Services\TrkWsk\Group: netsvsc
HKLM\System\CurrentControlSet\Services\TrkWsk\ObjectName: LocalSystem
HKLM\System\CurrentControlSet\Services\TrkWsk\Description: ????? NTFS ?????????????????????????
HKLM\System\CurrentControlSet\Services\TrkWsk\Parameters\ServiceDll: 2500530079007300740065006D0052006F006F00740025005C00730079007300740065006D00330032005C004500530032002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\TrkWsk\Security\Security: 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

Detected by UnHackMe:

REG.EXE
Default location: %SYSDIR%\MSSERVICES\REG.EXE

Dropper information:
MD5: 088cb5a2d53e93b5493d6070abc9e2c5
File size: 294569 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images