CSRSS.EXE – Worm Autorun

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

CSRSS.EXE – Worm Autorun removal

FileMD5Virus Alias
CSRSS.EXE 7441d8acc0feb811a8895d4308a79887 Worm Autorun
CSRSS.EXE 7441d8acc0feb811a8895d4308a79887 Trojan SuspiciousFile
CSRSS.EXE 7441d8acc0feb811a8895d4308a79887 Trojan Hllw
CSRSS.EXE 7441d8acc0feb811a8895d4308a79887 Worm Brontok
CSRSS.EXE 7441d8acc0feb811a8895d4308a79887 Trojan Agent
CSRSS.EXE 7441d8acc0feb811a8895d4308a79887 Trojan Crypt

CSRSS.EXE size: 71680 bytes
CSRSS.EXE hash: 7441D8ACC0FEB811A8895D4308A79887

Created files:

C:\Black Hole.exe
%WinDir%\Black Hole.exe
%WinDir%\msvbvm60.dll
%UserProfile%\Local Settings\Application Data\WINDOWS\CSRSS.EXE
%UserProfile%\Local Settings\Application Data\WINDOWS\LSASS.EXE
%UserProfile%\Local Settings\Application Data\WINDOWS\SERVICES.EXE
%UserProfile%\Local Settings\Application Data\WINDOWS\SMSS.EXE
%UserProfile%\Local Settings\Application Data\WINDOWS\WINLOGON.EXE
%SysDir%\Destruction.scr
%SysDir%\Lubang Hitam.exe
%SysDir%\msvbvm60.dll
%SysDir%\Shell.exe

Autostart registry keys:

HKCU\Control Panel\Desktop\SCRNSAVE.EXE: %WinDir%\System32\DESTRU~1.SCR
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Black Hole: %WinDir%\Black Hole.exe

Detected by UnHackMe:

CSRSS.EXE
Default location: %LOCAL APPDATA%\WINDOWS\CSRSS.EXE

Dropper information:
MD5: 0874f30a070991e8cc93673a345427f5
File size: 71680 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images