SYS.DLL – Unclassified Malware

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

SYS.DLL – Unclassified Malware removal

FileMD5Virus Alias

SYS.DLL size: 32768 bytes

Created files:

C:\1726700.dll
C:\cfgdll.dll
C:\Fxsmnmwxl_NET.exe
C:\plugin\MSG.DLL
C:\plugin\REGDLL.DLL
C:\plugin\SYS.DLL
C:\plugin\WINDOW.DLL
%AppData%\qmacro\qdisp.dll
C:\??????.exe

Autostart registry keys:

HKLM\Software\Classes\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\InProcServer32 : %WinDir%\System32\config\SYSTEM~1\APPLIC~1\qmacro\qdisp.dll
HKLM\Software\Classes\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\InProcServer32 : %WinDir%\System32\config\SYSTEM~1\APPLIC~1\qmacro\qdisp.dll
HKLM\Software\Classes\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\InProcServer32 : %WinDir%\System32\config\SYSTEM~1\APPLIC~1\qmacro\qdisp.dll
HKLM\System\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip\DLLPath: 43003A005C0031003700320036003700300030002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\Rpmrtf Vekrfewo Nbn\Type: 10010000
HKLM\System\CurrentControlSet\Services\Rpmrtf Vekrfewo Nbn\Start: 02000000
HKLM\System\CurrentControlSet\Services\Rpmrtf Vekrfewo Nbn\DisplayName: Xjnamt Lnjrtnkn Jjyekrgk Qwgx
HKLM\System\CurrentControlSet\Services\Rpmrtf Vekrfewo Nbn\ImagePath: %SystemRoot%\System32\svchost.exe -k imgsvc

Detected by UnHackMe:

SYS.DLL
Default location: C:\PLUGIN\SYS.DLL

Leave a Reply