I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
TPNHLX.EXE – Trojan QQPass removal
| File | MD5 | Virus Alias |
|---|---|---|
| TPNHLX.EXE | f354383b9fc2ecb14ed4431466c1e489 | Trojan QQPass |
| TPNHLX.EXE | f354383b9fc2ecb14ed4431466c1e489 | Trojan SuspiciousFile |
| TPNHLX.EXE | f354383b9fc2ecb14ed4431466c1e489 | Trojan Generic |
| TPNHLX.EXE | f354383b9fc2ecb14ed4431466c1e489 | Trojan Hllw |
| TPNHLX.EXE | f354383b9fc2ecb14ed4431466c1e489 | Trojan DNAScan |
| TPNHLX.EXE | f354383b9fc2ecb14ed4431466c1e489 | Trojan Small |
TPNHLX.EXE size: 475014 bytes
TPNHLX.EXE hash: F354383B9FC2ECB14ED4431466C1E489
Created files:
C:\Documents and Settings\DJOJ.EXE
C:\Documents and Settings\svchost.exe
C:\filedebug
C:\HYZ.EXE
C:\QOO.EXE
C:\System Volume Information\ctfmon.exe
C:\System Volume Information\IIOBMJQ.EXE
%SysDir%\Ms7002.dll
%SysDir%\TPNHLX.EXE
Autostart registry keys:
HKLM\Software\Classes\CLSID\{7CD4138D-4147-420B-9749-00A13B526785}\InprocServer32 : %WinDir%\System32\Ms7002.dll
HKLM\Software\Classes\txtfile\shell\open\command : C:\.\HYZ.EXE %1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TXJSXR.EXE: C:\System Volume Information\ctfmon.exe
HKLM\System\CurrentControlSet\Services\NKMMTY.EXE\Type: 10010000
HKLM\System\CurrentControlSet\Services\NKMMTY.EXE\Start: 02000000
HKLM\System\CurrentControlSet\Services\NKMMTY.EXE\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\NKMMTY.EXE\DisplayName: NKMMTY.EXE
HKLM\System\CurrentControlSet\Services\NKMMTY.EXE\ImagePath: C:\Sandboxie\NKMMTY.EXE
Detected by UnHackMe:
TPNHLX.EXE
Default location: %SYSDIR%\TPNHLX.EXE
Dropper information:
MD5: 040c03113ba08997e90a59075dcd9851
File size: 474665 bytes