Trojan Agent – Anfad.sys – 2c8e389c449f2165f654ff7e114c88d0

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Trojan Agent
SHA256: 1fa761ca8060431312c815586447165ebaa35ff2653d70565949a0409bd43a9e
SHA1: ab3a70bb7621c815acce7dd1d69a94acf0dec685
MD5: 2c8e389c449f2165f654ff7e114c88d0
File size: 143360 bytes

Created files:

%Program Files%\SearchNet\Anfad.sys – Trojan Agent
%Program Files%\SearchNet\FAD.inf – Trojan Agent
%Program Files%\SearchNet\FAD.sys – Trojan Agent
%Program Files%\SearchNet\SearchNet.exe – Trojan Agent
%Program Files%\SearchNet\ServeHost.exe – Trojan Agent
%Program Files%\SearchNet\ServeUp.exe – Trojan Agent
%Program Files%\SearchNet\SrvNet32.dll – Trojan Agent
%Program Files%\SearchNet\UnInstall.exe – Trojan Agent
%Program Files%\ZSXZ\UnInstall.exe – Trojan Agent
%SysDir%\drivers\Anfad.sys – Trojan Agent
%SysDir%\drivers\FAD.sys – Trojan Agent
%SysDir%\ServeHost.exe – Trojan Agent

Trojan Agent created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SearchNet_Up: “%Program Files%\SearchNet\ServeUp.exe”
HKLM\System\CurrentControlSet\Services\Anfad\Type: 01000000
HKLM\System\CurrentControlSet\Services\Anfad\Start: 01000000
HKLM\System\CurrentControlSet\Services\Anfad\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Anfad\DisplayName: Anfad
HKLM\System\CurrentControlSet\Services\Anfad\ImagePath: System32\drivers\Anfad.sys
HKLM\System\CurrentControlSet\Services\EventLog\Application\Remote Log\EventMessageFile: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C005300650072007600650048006F00730074002E006500780065000000
HKLM\System\CurrentControlSet\Services\EventLog\Application\Remote Log\TypesSupported: 07000000
HKLM\System\CurrentControlSet\Services\FAD\Type: 02000000
HKLM\System\CurrentControlSet\Services\FAD\Start: 01000000
HKLM\System\CurrentControlSet\Services\FAD\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\FAD\DisplayName: FAD
HKLM\System\CurrentControlSet\Services\FAD\ImagePath: System32\DRIVERS\FAD.sys
HKLM\System\CurrentControlSet\Services\FAD\MaxRecords: F4010000
HKLM\System\CurrentControlSet\Services\FAD\MaxNames: F4010000
HKLM\System\CurrentControlSet\Services\FAD\AttachMode: 02000000
HKLM\System\CurrentControlSet\Services\Remote Log\Description: ????????????????????????????·???????LOG???????????????????ã??????????????????????????
HKLM\System\CurrentControlSet\Services\Remote Log\Type: 10010000
HKLM\System\CurrentControlSet\Services\Remote Log\Start: 02000000
HKLM\System\CurrentControlSet\Services\Remote Log\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Remote Log\DisplayName: Remote Log
HKLM\System\CurrentControlSet\Services\Remote Log\ImagePath: %WinDir%\System32\ServeHost.exe

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images