Trojan Crypt – spools.exe – 0beafcc278e6d2c16008fe25f4c74f0a

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Trojan Crypt
Also known as: Worm Autorun, Trojan CI
SHA256: 0233112b21b553a82d65ce6e38c01f39061a6f40cd2975623efbae31aca0c1bf
SHA1: 1582407ef4064946570dd6ea9bef17b2827b99c7
MD5: 0beafcc278e6d2c16008fe25f4c74f0a
File size: 220083 bytes

Created files:

%SysDir%\drivers\spools.exe – Trojan Crypt
%UserProfile%\cftmon.exe – Trojan Crypt

Trojan Crypt created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ntuser: %WinDir%\System32\drivers\spools.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\autoload: %UserProfile%\cftmon.exe
HKLM\System\CurrentControlSet\Services\Schedule\ImagePath: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0064007200690076006500720073005C00730070006F006F006C0073002E006500780065000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ntuser: %WinDir%\System32\drivers\spools.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\autoload: %UserProfile%\cftmon.exe

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images