The program WSCNTFY.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with WSCNTFY.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of WSCNTFY.EXE
Full path on a computer: %Common Appdata%\wscntfy.exe
Detected by UnHackMe:
Item Name: Windows-Network Component
Author: Unknown
Related File: %PROGRAM FILES COMMON%\LSMASS.EXE
Type: Explorer Run
Detected by RegRun Warrior:
Item Name: Windows-Network Component
Author: Unknown
Related File: %PROGRAM FILES COMMON%\LSMASS.EXE
Type: Explorer Run
WSCNTFY.EXE
Default location: %COMMON APPDATA%\WSCNTFY.EXE
MD5: CB0E1690C0BCC5758D50AAD5DB35A7E9
SHA1: FAE3D7E1 84DD0408 80782B9B A9607C46 67378915
File Size: 30 272
Removal Results: Success
Number of reboot: 1
WSCNTFY.EXE is known as:
Backdoor.Zemra, Trojan.Kuluoz-1088, Trojan-Dropper.Dapato.azhe, Trojan.Agent.mQ5hCA11bIs, Trojan.DownLoader6.3264, Trojan.Downloader.JPHF (B), TrojanDropper.Dapato.gwp, Troj.Dapato.(kcloud), Trojan.Malagent, W32.Trojan.DINM-7077, TrojanDropper.Dapato, a variant of MSIL.Injector.AAF, Trojan-Dropper.Dapato, W32.Dapato.AZHE.tr, Trojan.MSIL.Injector.AAF
WSCNTFY.EXE hash:
- MD5: cb0e1690c0bcc5758d50aad5db35a7e9
Registry:- HKLM\Software\Microsoft\Active Setup\Installed Components\{61832be3-2feb-11de-a55e-806d6172696f}\StubPath: “%Common Appdata%\wscntfy.exe -r”
- HKLM\Software\Microsoft\Active Setup\Installed Components\{61832be3-2feb-11de-a55e-806d6172696f}\IsInstalled: 0×00000001
- HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Windows-Network Component: “%Program Files Common%\lsmass.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows-Audio Driver: “%Common Appdata%\wscntfy.exe”
Files:- %Common Appdata%\wscntfy.exe
- %Program Files Common%\lsmass.exe