TEMP2.EXE – Trojan Artemis

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

TEMP2.EXE – Trojan Artemis removal

FileMD5Virus Alias
TEMP2.EXE 889cc16c792e21aefb75c738a58b3ff6 Trojan Artemis
TEMP2.EXE 889cc16c792e21aefb75c738a58b3ff6 Trojan SuspiciousFile
TEMP2.EXE 889cc16c792e21aefb75c738a58b3ff6 Trojan XPACK
TEMP2.EXE 889cc16c792e21aefb75c738a58b3ff6 Trojan Generic
TEMP2.EXE 889cc16c792e21aefb75c738a58b3ff6 Trojan Click
TEMP2.EXE 889cc16c792e21aefb75c738a58b3ff6 Trojan Eldorado

TEMP2.EXE size: 29184 bytes
TEMP2.EXE hash: 889CC16C792E21AEFB75C738A58B3FF6

Created files:

C:\1289100.dll
C:\windows\system32\dllcache\ws2help.dll
C:\windows\system32\drivers\420a0a1f.sys
C:\windows\system32\drivers\xpV3001.sys
C:\windows\system32\RpcSvc.psd
C:\windows\system32\ws2helpXP.dll
C:\windows\system32\wshtcpip.dll
C:\windows\Tasks\csrss.exe
C:\windows\temp\svohcst.exe
C:\windows\temp\temp1.exe
C:\windows\temp\temp2.exe
C:\windows\temp\temp3.exe
C:\windows\temp\temp4.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Download: C:\windows\temp\svohcst.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,%WinDir%\Tasks\csrss.exe?, |Q- |X- |2?`?Detected by UnHackMe:

TEMP2.EXE
Default location: %TEMP%\TEMP2.EXE

Dropper information:
MD5: 0061ab968be10a5fdec3098f6289ec02
File size: 452624 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images