ROTDLLF.DLL – Trojan SuspiciousFile removal

ROTDLLF.DLL size: 729088 bytes
ROTDLLF.DLL hash: 9530AC3151D3E554E4AC57313078DA18

Created files:

%Program Files%\Fixed_Directory_Name\all.x
%Program Files%\Fixed_Directory_Name\bingo.x
%Program Files%\Fixed_Directory_Name\coin1.x
%Program Files%\Fixed_Directory_Name\coin10.x
%Program Files%\Fixed_Directory_Name\coin100.x
%Program Files%\Fixed_Directory_Name\coin1000.x
%Program Files%\Fixed_Directory_Name\coin100t.x
%Program Files%\Fixed_Directory_Name\coin10t.x
%Program Files%\Fixed_Directory_Name\coin2.x
%Program Files%\Fixed_Directory_Name\coin20.x
%Program Files%\Fixed_Directory_Name\coin200.x
%Program Files%\Fixed_Directory_Name\coin2000.x
%Program Files%\Fixed_Directory_Name\coin20t.x
%Program Files%\Fixed_Directory_Name\coin5.x
%Program Files%\Fixed_Directory_Name\coin50.x
%Program Files%\Fixed_Directory_Name\coin500.x
%Program Files%\Fixed_Directory_Name\coin5000.x
%Program Files%\Fixed_Directory_Name\coin50t.x
%Program Files%\Fixed_Directory_Name\desknum.x
%Program Files%\Fixed_Directory_Name\Music1.mid
%Program Files%\Fixed_Directory_Name\RotDllf.dll
%Program Files%\Fixed_Directory_Name\RotGame.exe
%Program Files%\Fixed_Directory_Name\star.x
%Program Files%\Fixed_Directory_Name\titleball.x
%TEMP%\svchost.exe
%TEMP%\???????????.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\scvhostp\Type: 10010000
HKLM\System\CurrentControlSet\Services\scvhostp\Start: 02000000
HKLM\System\CurrentControlSet\Services\scvhostp\DisplayName: scvhostp
HKLM\System\CurrentControlSet\Services\scvhostp\ImagePath: %TEMP%\svchost.exe -k

Detected by UnHackMe:

ROTDLLF.DLL
Default location: %PROGRAM FILES%\FIXED_DIRECTORY_NAME\ROTDLLF.DLL

Dropper information:
MD5: 5d611e2f836a782f9c4c4ed9b44822e5
File size: 3192832 bytes