Trojan Injector – crrss.exe – ef6f218688dd25e1558cf601c3eebd0c

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Trojan Injector
Also known as: Trojan-Ransom Gimemo, Trojan Zbot
SHA256: 84c35c494040c5148be758bf381d8d390d4bf5114ec69a0b9a673c06dca89a9e
SHA1: 8742f405f5ba9977bf0807f88737bb171b3378f7
MD5: ef6f218688dd25e1558cf601c3eebd0c
File size: 85851 bytes

Created files:

%SysDir%\crrss.exe – Trojan Injector
%Temp%\oid.bat – Trojan Injector
%UserProfile%\ss.exe – Trojan Injector
%UserProfile%\winlogon.exe – Trojan Injector

Trojan Injector created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\crrss: %WinDir%\System32\crrss.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,%WinDir%\System32\crrss.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\winlogon: %UserProfile%\winlogon.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: explorer.exe “%UserProfile%\winlogon.exe”

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images