Quantcast
Channel: How to Remove Malware
Viewing all articles
Browse latest Browse all 38585

6CD30EC7C733DFA4.SYS is Rootkit Necurs

$
0
0

Rootkit 6CD30EC7C733DFA4.SYS is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of 6CD30EC7C733DFA4.SYS may be a very difficult process.
You should use anti-rootkit software to fix the 6CD30EC7C733DFA4.SYS problem.

Malware Analysis of 6CD30EC7C733DFA4.SYS
Full path on a computer: %SysDir%\drivers\6cd30ec7c733dfa4.sys (Rootkit Necurs)

Detected by UnHackMe:

6CD30EC7C733DFA4.SYS
Default location: %SysDir%\drivers\6cd30ec7c733dfa4.sys (Rootkit Necurs)

Removal Results: Success
Number of reboot: 1

6CD30EC7C733DFA4.SYS is known as:

Rootkit.Necurs

6CD30EC7C733DFA4.SYS hash:

  • MD5: a2f2b24bd6fa13095c319f7f61c21d2f
The file tries to connect to the dangerous web site.
How to quickly detect 6CD30EC7C733DFA4.SYS presence?
Registry:
  • HKLM\System\CurrentControlSet\Services\6cd30ec7c733dfa4\ImagePath: “\SystemRoot\System32\Drivers\6cd30ec7c733dfa4.sys”
  • HKLM\System\CurrentControlSet\Services\6cd30ec7c733dfa4\DisplayName: “hoeklo.exe”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Hoeklo: “”%Temp%\Anve\hoeklo.exe”"
Folders:
  • %Appdata%\Microsoft\Address Book
  • %Temp%\Anve
Files:
  • %Appdata%\Microsoft\Address Book\Administrator.wab
  • %Temp%\Anve\hoeklo.exe
  • %Temp%\firefox_updater.exe
  • %SysDir%\drivers\6cd30ec7c733dfa4.sys (Rootkit Necurs)


Viewing all articles
Browse latest Browse all 38585

Trending Articles