SHELL32.COM – Trojan Otran

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SHELL32.COM – Trojan Otran removal

File MD5 Virus Alias
SHELL32.COM 0c9e5b4a9ac09ed40753215546cf6200 Trojan Otran
SHELL32.COM 0c9e5b4a9ac09ed40753215546cf6200 Trojan VBTrojan
SHELL32.COM 0c9e5b4a9ac09ed40753215546cf6200 Trojan SuspiciousFile
SHELL32.COM 0c9e5b4a9ac09ed40753215546cf6200 Trojan Generic
SHELL32.COM 0c9e5b4a9ac09ed40753215546cf6200 Trojan Downloader
SHELL32.COM 0c9e5b4a9ac09ed40753215546cf6200 Worm Autorun

SHELL32.COM size: 331264 bytes
SHELL32.COM hash: 0C9E5B4A9AC09ED40753215546CF6200

Created files:

C:\Photo-XXX.exe
%SysDir%\4K51K4.exe
%SysDir%\GoldenGhost.exe
%SysDir%\K0L4B0R451.exe
%SysDir%\Kantuk.exe
%SysDir%\Shell32.com
%SysDir%\~A~m~B~u~R~a~D~u~L~\winlogon.exe
C:\WINFILE.exe
%Common Startmenu%\Programs\Startup\Empty.pif

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Winlogon: %WinDir%\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe “%WinDir%\System32\K0L4B0R451.exe”
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,%WinDir%\System32\K0L4B0R451.exe
HKCU\Control Panel\Desktop\SCRNSAVE.EXE: %WinDir%\System32\Windows_3D.scr
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Revenger: %WinDir%\System32\K0L4B0R451.exe

Detected by UnHackMe:

SHELL32.COM
Default location: %SYSDIR%\SHELL32.COM

Dropper information:
MD5: 0c9e5b4a9ac09ed40753215546cf6200
File size: 331264 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images