SVCH0ST.EXE – Trojan AVKill

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SVCH0ST.EXE – Trojan AVKill removal

File Virus Alias
SVCH0ST.EXE Trojan AVKill
SVCH0ST.EXE Trojan Small
SVCH0ST.EXE Trojan Crypt
SVCH0ST.EXE Trojan Agent

Created files:

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ .exe – Trojan AVKill
%WinDir%\system\wincirl.com – Trojan AVKill
%SysDir%\SVCH0ST.EXE – Trojan AVKill
%Common Startmenu%\Programs\Startup\ .exe – Trojan AVKill
%AppData%\Microsoft\Internet Explorer\Quick Launch\TEST.exe – Trojan AVKill
%Favorites%\Links\www.test.com – Trojan AVKill
%Temp%\TEST.EXE – Trojan AVKill
%Startup%\ .exe – Trojan AVKill

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\run\Microsoft Agent: %WinDir%\System32\SVCH0ST.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: Explorer.exe %WinDir%/System32/SVCH0ST.EXE
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: %WinDir%/System/wincirl.com

Detected by UnHackMe:

SVCH0ST.EXE
Default location: %SysDir%\SVCH0ST.EXE

Dropper information:
SHA256: 3f243a1ee5e83e81bd1577971e66e9e16cdec1e08357ffbaa921e1cfb4a79376
SHA1: dc1584bcb5ceacbeb3143c961a01adc96011ce8a
MD5: 13222dbbfaf00c46124b43e9067a009d
File size: 47340 bytes

Leave a Reply