I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Download UnHackMeFully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.
KJGJMN.SYS – Virus Sality removal
File | MD5 | Virus Alias |
---|---|---|
KJGJMN.SYS | bf31a8d79f704f488e3dbcb6eea3b3e3 | Virus Sality |
KJGJMN.SYS | bf31a8d79f704f488e3dbcb6eea3b3e3 | Trojan Lineage |
KJGJMN.SYS | bf31a8d79f704f488e3dbcb6eea3b3e3 | Trojan Generic |
KJGJMN.SYS | bf31a8d79f704f488e3dbcb6eea3b3e3 | Trojan Agent |
KJGJMN.SYS size: 5157 bytes
KJGJMN.SYS hash: BF31A8D79F704F488E3DBCB6EEA3B3E3
Created files:
C:\504d23
C:\51292e
C:\Documents and Settings\Temp\tuyen_tap_hai_2008.exe
%WinDir%\h2s.exe
%WinDir%\nacl.exe
%WinDir%\system\lsass.exe
%SysDir%\drivers\kjgjmn.sys
%WinDir%\userinit.exe
D:\50512a
D:\512d21
D:\cert\VBoxCertUtil.exe
D:\OS2\VBoxControl.exe
D:\OS2\VBoxReplaceDll.exe
D:\OS2\VBoxService.exe
D:\VBoxWindowsAdditions-amd64.exe
%Temp%\uwddr.exe
%Temp%\ytdqhm.exe
Autostart registry keys:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit: %WinDir%\userinit.exe
HKLM\System\CurrentControlSet\Services\amsint32\Type: 01000000
HKLM\System\CurrentControlSet\Services\amsint32\Start: 03000000
HKLM\System\CurrentControlSet\Services\amsint32\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\amsint32\DisplayName: amsint32
HKLM\System\CurrentControlSet\Services\amsint32\ImagePath: %WinDir%\System32\drivers\kjgjmn.sys
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\pikachu: %WinDir%\nacl.exe
Detected by UnHackMe:
KJGJMN.SYS
Default location: %SYSDIR%\DRIVERS\KJGJMN.SYS
Dropper information:
MD5: cb5dc84cbab633a0ac36878ff916cabb
File size: 297984 bytes