I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
XARPPROTO.SYS – Trojan Artemis removal
| File | MD5 | Virus Alias |
|---|---|---|
| XARPPROTO.SYS | 79b80970ab0de1f9545df9c4c627ce5e | Trojan Artemis |
| XARPPROTO.SYS | 79b80970ab0de1f9545df9c4c627ce5e | Trojan SuspiciousFile |
| XARPPROTO.SYS | 79b80970ab0de1f9545df9c4c627ce5e | Trojan Agent |
XARPPROTO.SYS size: 18560 bytes
XARPPROTO.SYS hash: 79B80970AB0DE1F9545DF9C4C627CE5E
Created files:
%WinDir%\inf\atm.ldb
%WinDir%\inf\atm.PNF
%SysDir%\drivers\Kvboot.sys
%SysDir%\drivers\TdiFilter.sys
%SysDir%\drivers\xArpProto.sys
%SysDir%\LDAPSVC.dll
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\KVBOOT\Type: 01000000
HKLM\System\CurrentControlSet\Services\KVBOOT\DisplayName: KVBOOT
HKLM\System\CurrentControlSet\Services\KVBOOT\ImagePath: System32\DRIVERS\Kvboot.sys
HKLM\System\CurrentControlSet\Services\KVBOOT\Group: Boot Bus Extender
HKLM\System\CurrentControlSet\Services\LDAPSVC\Type: 20000000
HKLM\System\CurrentControlSet\Services\LDAPSVC\Start: 02000000
HKLM\System\CurrentControlSet\Services\LDAPSVC\DisplayName: LDAP Service
HKLM\System\CurrentControlSet\Services\LDAPSVC\ImagePath: %SystemRoot%\System32\svchost.exe -k LDAPSVC
HKLM\System\CurrentControlSet\Services\LDAPSVC\Parameters\ServiceDll: 2500530079007300740065006D0052006F006F00740025005C00730079007300740065006D00330032005C004C004400410050005300560043002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\TdiFilter\Start: 03000000
HKLM\System\CurrentControlSet\Services\TdiFilter\Type: 01000000
HKLM\System\CurrentControlSet\Services\TdiFilter\ImagePath: 730079007300740065006D00330032005C0064007200690076006500720073005C00540064006900460069006C007400650072002E007300790073000000
Detected by UnHackMe:
XARPPROTO.SYS
Default location: %SYSDIR%\DRIVERS\XARPPROTO.SYS
Dropper information:
MD5: 33a4fed818d37a01f2ee4de4a0c0f0a5
File size: 48640 bytes