YJJPJWHI.EXE – Trojan Crypt

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

YJJPJWHI.EXE – Trojan Crypt removal

FileMD5Virus Alias
YJJPJWHI.EXE effe3e1b317a41340256613a1984dceb Trojan Crypt
YJJPJWHI.EXE effe3e1b317a41340256613a1984dceb Trojan Ransom
YJJPJWHI.EXE effe3e1b317a41340256613a1984dceb Trojan Generic
YJJPJWHI.EXE effe3e1b317a41340256613a1984dceb Trojan CI
YJJPJWHI.EXE effe3e1b317a41340256613a1984dceb Trojan Agent
YJJPJWHI.EXE effe3e1b317a41340256613a1984dceb Trojan Delphi

YJJPJWHI.EXE size: 130560 bytes
YJJPJWHI.EXE hash: EFFE3E1B317A41340256613A1984DCEB

Created files:

%Program Files%\microsoft frontpage\yJjPJWhi.exe
%Local AppData%\Microsoft\BovXdYyO.exe
%SysDir%\config\systemprofile\Start Menu\Programs\Startup\sdmmVYnN.exe
%TEMP%\OLCjeUbW.exe
%AppData%\Microsoft\Crypto\RSA\S-1-5-21-515967899-854245398-1708537768-1003\655a7350831c302c746f72e92c1ab924_78de4566-a5cc-4192-bf8d-014e0d2bd235

Autostart registry keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,,%Program Files%\Microsoft frontpage\yJjPJWhi.exe
HKLM\System\CurrentControlSet\Services\wscsvc\Start: 04000000
HKLM\System\CurrentControlSet\Services\wuauserv\Start: 04000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\AkjsDDLS: %WinDir%\System32\config\Systemprofile\Local Settings\Application Data\Microsoft\BovXdYyO.exe

Detected by UnHackMe:

YJJPJWHI.EXE
Default location: %PROGRAM FILES%\MICROSOFT FRONTPAGE\YJJPJWHI.EXE

Dropper information:
MD5: effe3e1b317a41340256613a1984dceb
File size: 130560 bytes

Leave a Reply