TEMP1.EXE – Trojan Magania

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

TEMP1.EXE – Trojan Magania removal

File MD5 Virus Alias
TEMP1.EXE b82e75376afdb3e0bb092f4fca53e4b9 Trojan Magania
TEMP1.EXE b82e75376afdb3e0bb092f4fca53e4b9 Trojan SuspiciousFile
TEMP1.EXE b82e75376afdb3e0bb092f4fca53e4b9 Trojan Eldorado
TEMP1.EXE b82e75376afdb3e0bb092f4fca53e4b9 Trojan Downloader
TEMP1.EXE b82e75376afdb3e0bb092f4fca53e4b9 Trojan Siggen
TEMP1.EXE b82e75376afdb3e0bb092f4fca53e4b9 Trojan Agent

TEMP1.EXE size: 137216 bytes
TEMP1.EXE hash: B82E75376AFDB3E0BB092F4FCA53E4B9

Created files:

C:\2777100.dll
C:\windows\system32\dllcache\ws2help.dll
C:\windows\system32\drivers\420a0a1f.sys
C:\windows\system32\drivers\xpV3001.sys
C:\windows\system32\ws2helpXP.dll
C:\windows\system32\wshtcpip.dll
C:\windows\Tasks\TespayServer.exe
C:\windows\temp\svohcst.exe
C:\windows\temp\temp1.exe
C:\windows\temp\temp2.exe
C:\windows\temp\temp3.exe
C:\windows\temp\temp4.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Download: C:\windows\temp\svohcst.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,%WinDir%\Tasks\TespayServer.exe|X- |2?`?Detected by UnHackMe:

TEMP1.EXE
Default location: %TEMP%\TEMP1.EXE

Dropper information:
MD5: 288a5cc1a2c387f8f28969df45fc0d30
File size: 456720 bytes

Leave a Reply