I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
Trojan Swisyn
Also known as: Trojan Agent, Trojan Downloader.Generic
SHA256: 148b862e4b034adec7ece97f71aa1d65107fa59c1882527efbdda11139ce9450
SHA1: dda74393b85caa006e16e6ba489e230814a4ce92
MD5: adce3a42572fc9ed3090451ff3423408
File size: 314368 bytes
Created files:
%Program Files Common%\Services\csboyDVD.dll – Trojan Swisyn
%Program Files Common%\Services\csboyDvd.ocx – Trojan Swisyn
%Program Files Common%\Services\csboyTj.ocx – Trojan Swisyn
%Program Files Common%\Services\csboyTT.dll – Trojan Swisyn
%Program Files Common%\Tencent\services.exe – Trojan Swisyn
%Program Files Common%\Tencent\tuziboyAuTo.dll – Trojan Swisyn
%Program Files Common%\Tencent\tuziboyAuTo.ocx – Trojan Swisyn
%Program Files Common%\Tencent\tuziboyDw.ocx – Trojan Swisyn
C:\test.bat – Trojan Swisyn
%SysDir%\dllcache\ksuser.dll – Trojan Swisyn
%SysDir%\sysapp7.dll – Trojan Swisyn
%SysDir%\yuksuser.dll – Trojan Swisyn
%SysDir%\yumidimap.dll – Trojan Swisyn
%SysDir%\yumsimg32.dll – Trojan Swisyn
%Temp%\FUCKFHcsol.exe – Trojan Swisyn
%Temp%\????????????°?.exe_5BB3C7E96208784D787EB50FCE8B3E64F91223EF.exe – Trojan Swisyn
Trojan Swisyn created autostart registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ttplay: %Program Files Common%\Tencent\services.exe
HKLM\System\CurrentControlSet\Services\cryptsvc\Start: 04000000
HKLM\System\CurrentControlSet\Services\diskmanager\Type: 10000000
HKLM\System\CurrentControlSet\Services\diskmanager\Start: 02000000
HKLM\System\CurrentControlSet\Services\diskmanager\DisplayName: windows Disk Manager
HKLM\System\CurrentControlSet\Services\diskmanager\ImagePath: %Program Files Common%\Tencent\tuziboyAuTo.dll