I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
TEMP1.EXE – Trojan Magania removal
File | MD5 | Virus Alias |
---|---|---|
TEMP1.EXE | b82e75376afdb3e0bb092f4fca53e4b9 | Trojan Magania |
TEMP1.EXE | b82e75376afdb3e0bb092f4fca53e4b9 | Trojan SuspiciousFile |
TEMP1.EXE | b82e75376afdb3e0bb092f4fca53e4b9 | Trojan Eldorado |
TEMP1.EXE | b82e75376afdb3e0bb092f4fca53e4b9 | Trojan Downloader |
TEMP1.EXE | b82e75376afdb3e0bb092f4fca53e4b9 | Trojan Siggen |
TEMP1.EXE | b82e75376afdb3e0bb092f4fca53e4b9 | Trojan Agent |
TEMP1.EXE size: 137216 bytes
TEMP1.EXE hash: B82E75376AFDB3E0BB092F4FCA53E4B9
Created files:
C:\1851700.dll
C:\windows\system32\dllcache\ws2help.dll
C:\windows\system32\drivers\420a0a1f.sys
C:\windows\system32\drivers\xpV3001.sys
C:\windows\system32\RpcSvc.psd
C:\windows\system32\ws2helpXP.dll
C:\windows\system32\wshtcpip.dll
C:\windows\temp\svohcst.exe
C:\windows\temp\temp1.exe
C:\windows\temp\temp2.exe
C:\windows\temp\temp3.exe
Autostart registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Download: C:\windows\temp\svohcst.exe
HKLM\System\CurrentControlSet\Services\420a0a1f\Type: 01000000
HKLM\System\CurrentControlSet\Services\420a0a1f\Start: 02000000
HKLM\System\CurrentControlSet\Services\420a0a1f\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\420a0a1f\DisplayName: 420a0a1f
HKLM\System\CurrentControlSet\Services\420a0a1f\ImagePath: 5C003F003F005C0043003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0064007200690076006500720073005C00340032003000610030006100310066002E007300790073000000
HKLM\System\CurrentControlSet\Services\420a0a1f\ProcessID: 50110000
HKLM\System\CurrentControlSet\Services\neverdeath\Type: 01000000
HKLM\System\CurrentControlSet\Services\neverdeath\Start: 02000000
HKLM\System\CurrentControlSet\Services\neverdeath\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\neverdeath\DisplayName: neverdeath
HKLM\System\CurrentControlSet\Services\neverdeath\ImagePath: 5C003F003F005C0043003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0064007200690076006500720073005C0078007000560033003000300031002E007300790073000000
HKLM\System\CurrentControlSet\Services\neverdeath\ProcessID: 50110000
HKLM\System\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip\DLLPath: 43003A005C0031003800350031003700300030002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\RpcSvc\Type: 10010000
HKLM\System\CurrentControlSet\Services\RpcSvc\Start: 02000000
HKLM\System\CurrentControlSet\Services\RpcSvc\DisplayName: Remote Procedure Call (RPC) Service
HKLM\System\CurrentControlSet\Services\RpcSvc\ImagePath: %SystemRoot%\System32\svchost.exe -k imgsvc
Detected by UnHackMe:
TEMP1.EXE
Default location: %TEMP%\TEMP1.EXE
Dropper information:
MD5: ca33e1826f8d03ed2c11fba563ca3bbb
File size: 4207 bytes