I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
Trojan Jorik
Also known as: Trojan Agent, Rootkit TDSS
SHA256: 2fdc27afcbf817969b0216c0501b6b56de74212fd7421f01e5dd56bc7add0d19
SHA1: fc33ed705220c4b450061f45401c3dfdfe7f8940
MD5: c0c41ba12fa6bd7a83560c0fcbf7802b
File size: 80896 bytes
Created files:
%SysDir%\274A7A32.sys – Trojan Jorik
%SysDir%\29C113E1.sys – Trojan Jorik
%SysDir%\67BE1259.sys – Trojan Jorik
%Temp%\6a8f679e.bat – Trojan Jorik
Trojan Jorik created autostart registry keys:
HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010409\Layout File: KBDUS.DLL
HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010409\Layout Text: 4B2F7437
HKLM\System\CurrentControlSet\Services\274A7A32\Type: 01000000
HKLM\System\CurrentControlSet\Services\274A7A32\Start: 02000000
HKLM\System\CurrentControlSet\Services\274A7A32\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\274A7A32\DisplayName: 274A7A32
HKLM\System\CurrentControlSet\Services\274A7A32\ImagePath: %WinDir%\System32\274A7A32.sys
HKLM\System\CurrentControlSet\Services\29C113E1\Type: 01000000
HKLM\System\CurrentControlSet\Services\29C113E1\Start: 02000000
HKLM\System\CurrentControlSet\Services\29C113E1\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\29C113E1\DisplayName: 29C113E1
HKLM\System\CurrentControlSet\Services\29C113E1\ImagePath: %WinDir%\System32\29C113E1.sys
HKLM\System\CurrentControlSet\Services\67BE1259\Type: 01000000
HKLM\System\CurrentControlSet\Services\67BE1259\ImagePath: 730079007300740065006D00330032005C00360037004200450031003200350039002E007300790073000000
HKLM\System\CurrentControlSet\Services\67BE1259\Group: 42006100730065000000
HKLM\System\CurrentControlSet\Services\bits\SBIE_StartTicks: 64A40900