Solved! Use VMMREG32.BKP (Trojan Agent) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

VMMREG32.BKP – Trojan Agent removal

FileMD5Virus Alias
VMMREG32.BKP 8f0561794f979a70754baf35ebf301fc Trojan Agent
VMMREG32.BKP 8f0561794f979a70754baf35ebf301fc Trojan Click

VMMREG32.BKP size: 249856 bytes
VMMREG32.BKP hash: 8F0561794F979A70754BAF35EBF301FC

Created files:

%Program Files%\Mozilla Firefox\extensions\admin@firestarterfox.net\chrome\bor.jar
%SYSDIR%\bootcats.sys
%SYSDIR%\drvhive.ocx
%SYSDIR%\VIDEO.sys
%SYSDIR%\vmmreg32.dll
%SYSDIR%\webmin\VIDEO.bkp
%SYSDIR%\webmin\vmmreg32.bkp

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1: %SYSDIR%\winhelp32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Help Service: %SYSDIR%\winhelp32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Windows Help Service: %SYSDIR%\winhelp32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\Windows Help Service: %SYSDIR%\winhelp32.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: %SYSDIR%\winhelp32.exe
HKLM\System\CurrentControlSet\Services\VIDEO\Type: 01000000
HKLM\System\CurrentControlSet\Services\VIDEO\Start: 01000000
HKLM\System\CurrentControlSet\Services\VIDEO\DisplayName: VIDEO
HKLM\System\CurrentControlSet\Services\VIDEO\ImagePath: %SYSDIR%\VIDEO.sys
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Help Service: %SYSDIR%\winhelp32.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Windows Help Service: %SYSDIR%\winhelp32.exe

Detected by UnHackMe:

VMMREG32.BKP
Default location: %SYSDIR%\WEBMIN\VMMREG32.BKP

Dropper information:
MD5: 07f80bcea04da1af4bb2d52c926c6b57
File size: 164352 bytes

Leave a Reply