Solved! Use TCPS.EXE (Trojan Artemis) Removal Guide

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

TCPS.EXE – Trojan Artemis removal

FileMD5Virus Alias
TCPS.EXE 49c6eb718cfef87eb3965030809361c0 Trojan Artemis
TCPS.EXE 49c6eb718cfef87eb3965030809361c0 Trojan SuspiciousFile
TCPS.EXE 49c6eb718cfef87eb3965030809361c0 Trojan Generic
TCPS.EXE 49c6eb718cfef87eb3965030809361c0 Trojan Downloader
TCPS.EXE 49c6eb718cfef87eb3965030809361c0 Trojan Siggen
TCPS.EXE 49c6eb718cfef87eb3965030809361c0 Trojan Banker

TCPS.EXE size: 40960 bytes
TCPS.EXE hash: 49C6EB718CFEF87EB3965030809361C0

Created files:

%SysDir%\drivers\disdn\CDial.dll
%SysDir%\drivers\disdn\iniuser1.exe
%SysDir%\drivers\disdn\ping.exe
%SysDir%\drivers\disdn\regeditfuwu.exe
%SysDir%\drivers\disdn\sql.exe
%SysDir%\drivers\disdn\svchost.exe
%SysDir%\drivers\disdn\tcps.exe
%SysDir%\drivers\disdn\uuid.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\RunAServces\Type: 10000000
HKLM\System\CurrentControlSet\Services\RunAServces\Start: 02000000
HKLM\System\CurrentControlSet\Services\RunAServces\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\RunAServces\DisplayName: Remote Procedure Call (RPC) Service
HKLM\System\CurrentControlSet\Services\RunAServces\ImagePath: %WinDir%\System32\drivers\disdn\svchost.exe -service

Detected by UnHackMe:

TCPS.EXE
Default location: %SYSDIR%\DRIVERS\DISDN\TCPS.EXE

Dropper information:
MD5: 2d12c6fc593e4f2f092a0c6c1ce925ce
File size: 1039020 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images