I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
Trojan Agent
Also known as: Trojan CI, Trojan Siggen
SHA256: db66006b336e533dd2219e07bcfa0d828ff5bb60c203a600d00930f29ae0f5df
SHA1: 73d6437370f7160903f6a53f8f63a0db1c2a2097
MD5: 8b094057807da32591c596189c127d02
File size: 774144 bytes
Created files:
C:\Windows\System32\Dowire\021.exe – Trojan Agent
C:\Windows\System32\Dowire\851.exe – Trojan Agent
C:\Windows\System32\Dowire\NPOP.EXE – Trojan Agent
C:\Windows\System32\Dowire\s6.exe – Trojan Agent
C:\Windows\System32\Dowire\s9.exe – Trojan Agent
C:\Windows\System32\DOWIRE.sys – Trojan Agent
C:\Windows\System32\iexplorer.exe – Trojan Agent
C:\Windows\System32\SSDT01.sys – Trojan Agent
%Temp%\10001.exe – Trojan Agent
%Temp%\6003.exe – Trojan Agent
%Temp%\baidu.exe – Trojan Agent
%Temp%\jiandan5.exe – Trojan Agent
%Temp%\KINSTALLERS_41_6101290.exe – Trojan Agent
Trojan Agent created autostart registry keys:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,%Temp%\10001.exe,
HKLM\System\CurrentControlSet\Services\DOWIRE\Type: 01000000
HKLM\System\CurrentControlSet\Services\DOWIRE\Start: 03000000
HKLM\System\CurrentControlSet\Services\DOWIRE\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\DOWIRE\DisplayName: DOWIRE
HKLM\System\CurrentControlSet\Services\DOWIRE\ImagePath: C:\Windows\System32\DOWIRE.sys
HKLM\System\CurrentControlSet\Services\S\Type: 01000000
HKLM\System\CurrentControlSet\Services\S\Start: 03000000
HKLM\System\CurrentControlSet\Services\S\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\S\DisplayName: S
HKLM\System\CurrentControlSet\Services\S\ImagePath: %WinDir%\System32\SSDT01.sys
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: %Temp%\10001.exe