Solved! Use SVCHOST.EXE (Trojan Downloader) Removal Guide

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SVCHOST.EXE – Trojan Downloader removal

File MD5 Virus Alias
SVCHOST.EXE 77b5e81083fc7c3dfe9424c2c452e54d Trojan Downloader
SVCHOST.EXE 77b5e81083fc7c3dfe9424c2c452e54d Trojan Generic
SVCHOST.EXE 77b5e81083fc7c3dfe9424c2c452e54d Trojan Click
SVCHOST.EXE 77b5e81083fc7c3dfe9424c2c452e54d Trojan Genome
SVCHOST.EXE 77b5e81083fc7c3dfe9424c2c452e54d Trojan Agent
SVCHOST.EXE 77b5e81083fc7c3dfe9424c2c452e54d Trojan Small

SVCHOST.EXE size: 25465 bytes
SVCHOST.EXE hash: 77B5E81083FC7C3DFE9424C2C452E54D

Created files:

%WinDir%\ctfmon.exe
%WinDir%\Drv12\svchost.exe
%WinDir%\RLT6987\services.exe
%AppData%\Opera\Opera\operaprefs.-ni
%Local AppData%\Google\Chrome\User Data\Default\Preferen-es
%Temp%\md.exe
%Temp%\tmpt.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\UI: %WinDir%\ctfmon.exe
HKLM\System\CurrentControlSet\Services\RLN06523\Type: 10000000
HKLM\System\CurrentControlSet\Services\RLN06523\Start: 02000000
HKLM\System\CurrentControlSet\Services\RLN06523\DisplayName: RLN06523
HKLM\System\CurrentControlSet\Services\RLN06523\ImagePath: %WinDir%\RLT6987\services.exe

Detected by UnHackMe:

SVCHOST.EXE
Default location: %WinDir%\DRV12\SVCHOST.EXE

Dropper information:
MD5: a0ec79a1587fe03d97e507cdddef47ed
File size: 976396 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images