I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
XPV3001.SYS – Trojan Agent removal
| File | MD5 | Virus Alias |
|---|---|---|
| XPV3001.SYS | 81d5da189e2db7cc857cd5b05ce1ea67 | Trojan Agent |
| XPV3001.SYS | 81d5da189e2db7cc857cd5b05ce1ea67 | Trojan SuspiciousFile |
| XPV3001.SYS | 81d5da189e2db7cc857cd5b05ce1ea67 | Trojan Generic |
| XPV3001.SYS | 81d5da189e2db7cc857cd5b05ce1ea67 | Trojan CI |
| XPV3001.SYS | 81d5da189e2db7cc857cd5b05ce1ea67 | Trojan OnLineGames |
| XPV3001.SYS | 81d5da189e2db7cc857cd5b05ce1ea67 | Trojan AVKill |
XPV3001.SYS size: 7680 bytes
XPV3001.SYS hash: 81D5DA189E2DB7CC857CD5B05CE1EA67
Created files:
C:\1851700.dll
C:\windows\system32\dllcache\ws2help.dll
C:\windows\system32\drivers\420a0a1f.sys
C:\windows\system32\drivers\xpV3001.sys
C:\windows\system32\RpcSvc.psd
C:\windows\system32\ws2helpXP.dll
C:\windows\system32\wshtcpip.dll
C:\windows\temp\svohcst.exe
C:\windows\temp\temp1.exe
C:\windows\temp\temp2.exe
C:\windows\temp\temp3.exe
Autostart registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Download: C:\windows\temp\svohcst.exe
HKLM\System\CurrentControlSet\Services\420a0a1f\Type: 01000000
HKLM\System\CurrentControlSet\Services\420a0a1f\Start: 02000000
HKLM\System\CurrentControlSet\Services\420a0a1f\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\420a0a1f\DisplayName: 420a0a1f
HKLM\System\CurrentControlSet\Services\420a0a1f\ImagePath: 5C003F003F005C0043003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0064007200690076006500720073005C00340032003000610030006100310066002E007300790073000000
HKLM\System\CurrentControlSet\Services\420a0a1f\ProcessID: 50110000
HKLM\System\CurrentControlSet\Services\neverdeath\Type: 01000000
HKLM\System\CurrentControlSet\Services\neverdeath\Start: 02000000
HKLM\System\CurrentControlSet\Services\neverdeath\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\neverdeath\DisplayName: neverdeath
HKLM\System\CurrentControlSet\Services\neverdeath\ImagePath: 5C003F003F005C0043003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0064007200690076006500720073005C0078007000560033003000300031002E007300790073000000
HKLM\System\CurrentControlSet\Services\neverdeath\ProcessID: 50110000
HKLM\System\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip\DLLPath: 43003A005C0031003800350031003700300030002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\RpcSvc\Type: 10010000
HKLM\System\CurrentControlSet\Services\RpcSvc\Start: 02000000
HKLM\System\CurrentControlSet\Services\RpcSvc\DisplayName: Remote Procedure Call (RPC) Service
HKLM\System\CurrentControlSet\Services\RpcSvc\ImagePath: %SystemRoot%\System32\svchost.exe -k imgsvc
Detected by UnHackMe:
XPV3001.SYS
Default location: %SYSDIR%\DRIVERS\XPV3001.SYS
Dropper information:
MD5: e38a119271ba37174bd3f6fba74af4dc
File size: 440332 bytes