TESPAYSERVER.EXE – Trojan Artemis

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

TESPAYSERVER.EXE – Trojan Artemis removal

FileMD5Virus Alias
TESPAYSERVER.EXE 0491cb42a3463ad7a2081903a9cf945c Trojan Artemis
TESPAYSERVER.EXE 0491cb42a3463ad7a2081903a9cf945c Trojan SuspiciousFile
TESPAYSERVER.EXE 0491cb42a3463ad7a2081903a9cf945c Backdoor RBot
TESPAYSERVER.EXE 0491cb42a3463ad7a2081903a9cf945c Trojan Downloader
TESPAYSERVER.EXE 0491cb42a3463ad7a2081903a9cf945c Trojan CI
TESPAYSERVER.EXE 0491cb42a3463ad7a2081903a9cf945c Trojan Graftor

TESPAYSERVER.EXE size: 16384 bytes
TESPAYSERVER.EXE hash: 0491CB42A3463AD7A2081903A9CF945C

Created files:

C:\2777100.dll
C:\windows\system32\dllcache\ws2help.dll
C:\windows\system32\drivers\420a0a1f.sys
C:\windows\system32\drivers\xpV3001.sys
C:\windows\system32\ws2helpXP.dll
C:\windows\system32\wshtcpip.dll
C:\windows\Tasks\TespayServer.exe
C:\windows\temp\svohcst.exe
C:\windows\temp\temp1.exe
C:\windows\temp\temp2.exe
C:\windows\temp\temp3.exe
C:\windows\temp\temp4.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Download: C:\windows\temp\svohcst.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,%WinDir%\Tasks\TespayServer.exe|X- |2?`?Detected by UnHackMe:

TESPAYSERVER.EXE
Default location: %WinDir%\TASKS\TESPAYSERVER.EXE

Dropper information:
MD5: 288a5cc1a2c387f8f28969df45fc0d30
File size: 456720 bytes

Leave a Reply