Is the file SYSLIB.EXE located on your computer? Then your computer is infected.
We do suggest you should remove SYSLIB.EXE from your computer as soon as possible.
SYSLIB.EXE is Trojan/Backdoor.
Kill the process SYSLIB.EXE and remove SYSLIB.EXE from the Windows startup.
Malware Analysis of SYSLIB.EXE
Full path on a computer: %SysDir%\syslib.exe
Detected by UnHackMe:
SYSLIB.EXE
Default location: %SysDir%\syslib.exe
Removal Results: Success
Number of reboot: 1
SYSLIB.EXE is known as:
Trojan.Downloader.Qhost
SYSLIB.EXE hash:
- MD5: 33194f464c16cc59e91c975791ffa1bb
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect SYSLIB.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SysLib: “%SysDir%\syslib.exe”
Folders:- %Local Appdata%\Adobe
- %Local Appdata%\Adobe\AIH.06d601d04dec1150bb0cf6f8baebef29c47f5e85
- %Personal%\My Music
- %Personal%\My Videos
Files:- %Appdata%\Microsoft\CryptnetUrlCache\Content\135BD6A358680A7BF1CCEC7C0172393D
- %Appdata%\Microsoft\CryptnetUrlCache\Content\398EE64D66758B5715368AA94044B13A
- %Appdata%\Microsoft\CryptnetUrlCache\Content\445D2A562929E59ED544CBBF32A5191A
- %Appdata%\Microsoft\CryptnetUrlCache\MetaData\135BD6A358680A7BF1CCEC7C0172393D
- %Appdata%\Microsoft\CryptnetUrlCache\MetaData\398EE64D66758B5715368AA94044B13A
- %Appdata%\Microsoft\CryptnetUrlCache\MetaData\445D2A562929E59ED544CBBF32A5191A
- %Local Appdata%\Adobe\AIH.06d601d04dec1150bb0cf6f8baebef29c47f5e85\downloader.bundle
- %Local Appdata%\Adobe\AIH.06d601d04dec1150bb0cf6f8baebef29c47f5e85\downloader.dll
- %Local Appdata%\Adobe\AIH.06d601d04dec1150bb0cf6f8baebef29c47f5e85\launcher.bundle
- %Local Appdata%\Adobe\AIH.06d601d04dec1150bb0cf6f8baebef29c47f5e85\launcher.dll
- %Temp%\install_flashplayer11x32_mssa_aaa_aih.exe
- %Personal%\My Music\Desktop.ini
- %Personal%\My Videos\Desktop.ini
- %SysDir%\syslib.exe