The program ATMARPH.SYS is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with ATMARPH.SYS.
Download for free: http://www.unhackme.com
Malware Analysis of ATMARPH.SYS
Full path on a computer: %SysDir%\drivers\atmarph.sys
Detected by UnHackMe:
ATMARPH.SYS
Default location: %SysDir%\drivers\atmarph.sys
Removal Results: Success
Number of reboot: 1
ATMARPH.SYS is known as:
Backdoor.Small, Backdoor.Agent
ATMARPH.SYS hash:
- MD5: 9c944bd7a0af0ebd8a52f16d2e09f4ae
The file tries to connect to the dangerous web site.
How to quickly detect ATMARPH.SYS presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\atmarph\ImagePath: “\??\%SysDir%\drivers\atmarph.sys”
- HKLM\System\CurrentControlSet\Services\atmarph\DisplayName: “atmarph”
Files:- %Temp%\77696E766965772E6F6378FA.tmp
- %SysDir%\drivers\atmarph.sys