AMGR8888.DLL is Trojan Agent.5021504

Detected by UnHackMe:

AMGR8888.DLL
Default location: %Program Files Common%\Tencent\AMGR8888.dll

Removal Results: Success
Number of reboot: 1

AMGR8888.DLL is known as:

Trojan.Agent.5021504, Trojan.QBundle.JP4, Trojan.ChinAd, Trojan.Agent.sxw, Trojan.MulDrop4.bbwlfj, Win32.QBundle.A, HV_KILLAV_CA23359F.TOMC, Trojan-Downloader.Agent.xzyo, Trojan.Agent.D41e2O2sNTM, TrojWare.Agent.ucil, Trojan.MulDrop4.627, TR.MiniMal.A.110, TrojanDownloader.Agent.ekdi, Trojan.QBundle, Downloader.Agent, TrojanDownloader.Agent, Win32.Agent.SXW, Trojan.Killav.4818, Backdoor.Zegost, W32.Redosdru.BED.tr, Agent3.CFKQ

AMGR8888.DLL hash:

• MD5: 9d0f09e2c4907091301a8659008ac686

Registry:

• HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ttplay: “%Program Files Common%\Tencent\svchest.exe”
• HKLM\System\CurrentControlSet\Services\diskmanage\Type: 0×00000010
• HKLM\System\CurrentControlSet\Services\diskmanage\Start: 0×00000002
• HKLM\System\CurrentControlSet\Services\diskmanage\ErrorControl: 0×00000000
• HKLM\System\CurrentControlSet\Services\diskmanage\ImagePath: “%Program Files Common%\Tencent\AMGR8888.dll”
• HKLM\System\CurrentControlSet\Services\diskmanage\DisplayName: “windows Disk Manager”
• HKLM\System\CurrentControlSet\Services\diskmanage\ObjectName: “LocalSystem”

Folders:

• C:\Documents and Settings\LocalService\Favorites
• %Program Files Common%\Tencent

Files:

• C:\Documents and Settings\LocalService\Favorites\Desktop.ini
• %Program Files Common%\Services\csboybind.au
• %Program Files Common%\Services\csboyTT.dll
• %Program Files Common%\dbcdcddb_Amg_R8_Gtr.txt
• %Program Files Common%\rpqrqrrpdesk.ini
• %Program Files Common%\Tencent\AMGR8888.dll
• %Program Files Common%\Tencent\svchest.exe