Trojan Agent – gei33.dll – f25ac9674c10ceb7ffcd16b45a268dd7

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Trojan Agent
SHA256: a983a301d0ed316d9dabefd3da4fa0450e88042e526337bd1c1a817074785dcf
SHA1: eb2b3c1b934e0fbd0e00dabeb162e05854cf4e44
MD5: f25ac9674c10ceb7ffcd16b45a268dd7
File size: 271360 bytes

Created files:

%SysDir%\gei33.dll – Trojan Agent
%SysDir%\kssesc.exe – Trojan Agent
%WinDir%\TEMP\ReInstall.exe – Trojan Agent
%WinDir%\TEMP\wowsub.sys – Trojan Agent
%Temp%\ReInstall.exe – Trojan Agent

Trojan Agent created autostart registry keys:

HKLM\System\CurrentControlSet\Services\bits\SBIE_StartTicks: 7BAB2400
HKLM\System\CurrentControlSet\Services\bits\Start: 02000000
HKLM\System\CurrentControlSet\Services\netscvred\Type: 10000000
HKLM\System\CurrentControlSet\Services\netscvred\Start: 02000000
HKLM\System\CurrentControlSet\Services\netscvred\DisplayName: NT LM Security Support Profviders
HKLM\System\CurrentControlSet\Services\netscvred\ImagePath: %WinDir%\System32\kssesc.exe
HKLM\System\CurrentControlSet\Services\netscvred\Description: NT LM Security Support Profviders
HKLM\System\CurrentControlSet\Services\wowsub\Type: 01000000
HKLM\System\CurrentControlSet\Services\wowsub\Start: 03000000
HKLM\System\CurrentControlSet\Services\wowsub\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\wowsub\DisplayName: wowsub
HKLM\System\CurrentControlSet\Services\wowsub\ImagePath: %WinDir%\TEMP\wowsub.sys

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images