TASKHOST.EXE – Trojan Downloader removal

TASKHOST.EXE size: 106496 bytes
TASKHOST.EXE hash: E38E157BF381DA7B7DBC5FAC23B1DD92

Created files:

%Program Files%\QQNews\QQNews.exe
%WinDir%\conime\iexplorer.exe
%WinDir%\conime\SSDT01.sys
%WinDir%\Cursors\taskhost.exe
%WinDir%\kahiekjd.exe
%WinDir%\nabloskf.exe
%WinDir%\nlvabhdfj.exe
%WinDir%\pkablfn.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\S\Type: 01000000
HKLM\System\CurrentControlSet\Services\S\Start: 03000000
HKLM\System\CurrentControlSet\Services\S\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\S\DisplayName: S
HKLM\System\CurrentControlSet\Services\S\ImagePath: %WinDir%\conime\SSDT01.sys
HKLM\System\CurrentControlSet\Services\Schedulo\Type: 10010000
HKLM\System\CurrentControlSet\Services\Schedulo\Start: 02000000
HKLM\System\CurrentControlSet\Services\Schedulo\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Schedulo\DisplayName: Schedulo
HKLM\System\CurrentControlSet\Services\Schedulo\ImagePath: C:\Windows\Cursors\taskhost.exe Star
HKLM\System\CurrentControlSet\Services\Schedulo\ObjectName: LocalSystem
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\QQNews: “%Program Files%\QQNews\QQNews.exe” /r 
-Software\Microsoft\Wind

Detected by UnHackMe:

TASKHOST.EXE
Default location: %WinDir%\CURSORS\TASKHOST.EXE

Dropper information:
MD5: b4b3d3eab53d220935fdf16504d9bd05
File size: 1862493 bytes