WININITW.EXE – Trojan Artemis

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

WININITW.EXE – Trojan Artemis removal

FileMD5Virus Alias
WININITW.EXE a7877de54fccebc5c229f29597ac22ca Trojan Artemis
WININITW.EXE a7877de54fccebc5c229f29597ac22ca Trojan SuspiciousFile
WININITW.EXE a7877de54fccebc5c229f29597ac22ca Trojan Generic
WININITW.EXE a7877de54fccebc5c229f29597ac22ca Worm Palevo
WININITW.EXE a7877de54fccebc5c229f29597ac22ca Backdoor Nitol
WININITW.EXE a7877de54fccebc5c229f29597ac22ca Trojan Agent

WININITW.EXE size: 204800 bytes
WININITW.EXE hash: A7877DE54FCCEBC5C229F29597AC22CA

Created files:

C:\passthru.sys
%WinDir%\inf\passthru.sys
%SysDir%\Black.dll
%SysDir%\Drivers\diskflt.sys
%SysDir%\Drivers\passthru.sys
%SysDir%\wininitw.exe
%TEMP%\passthru.sys
%TEMP%\snetcfg.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\BITS\Fuck_Time: 1
HKLM\System\CurrentControlSet\Services\diskflt\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\diskflt\Type: 01000000
HKLM\System\CurrentControlSet\Services\diskflt\Tag: 0A000000
HKLM\System\CurrentControlSet\Services\Wintesd fdde speed tdss \Type: 10000000
HKLM\System\CurrentControlSet\Services\Wintesd fdde speed tdss \Start: 02000000
HKLM\System\CurrentControlSet\Services\Wintesd fdde speed tdss \DisplayName: Windows Tfg ds789g speed tdl4
HKLM\System\CurrentControlSet\Services\Wintesd fdde speed tdss \ImagePath: %WinDir%\System32\wininitw.exe
HKLM\System\CurrentControlSet\Services\Wintesd fdde speed tdss \Description: This is Wintesd fdde speed tdss

Detected by UnHackMe:

WININITW.EXE
Default location: %SYSDIR%\WININITW.EXE

Dropper information:
MD5: a7877de54fccebc5c229f29597ac22ca
File size: 204800 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images