The file SDMR.EXE can destroy your system, thus making the computer to work abnormally.
SDMR.EXE is a dangerous file.
RemoveSDMR.EXE from your computer immediately.
Kill the process SDMR.EXE and remove SDMR.EXE from the Windows startup.
Malware Analysis of SDMR.EXE
Full path on a computer: C:\program files\Sdmr.exe
Detected by UnHackMe:
SDMR.EXE
Default location: C:\program files\Sdmr.exe
Removal Results: Success
Number of reboot: 1
SDMR.EXE is known as:
Trojan.Banki
SDMR.EXE hash:
- MD5: ed455c71aca6aeba6e8de00d1830e6ba
How to quickly detect SDMR.EXE presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{03ACC284-B757-4B8F-9951-86E600D2CD06}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{22A85CE1-F011-4231-B9E4-7E7A0438F71B}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{3605B612-C3CF-4ab4-A426-2D853391DB2E}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{54BA1E8F-818D-407F-949D-BAE1692C5C18}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{550C8FFB-4DC0-4756-828C-862E6D0AE74F}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{60A9863A-11FD-4080-850E-A8E184FC3A3C}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{65104D73-BA60-4160-A95A-4B4782E7AA62}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{78E61E52-0E57-4456-A2F2-517492BCBF8F}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{8C3E4934-9FA4-4693-9253-A29A05F99186}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{91D221C4-0CD4-461C-A728-01D509321556}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{94AFFFCC-6C05-4814-B123-A941105AA77F}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{9E7EA907-5810-4FCA-B817-CD0BBA8496FC}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{A440BD76-CFE1-4D46-AB1F-15F238437A3D}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{A996E48C-D3DC-4244-89F7-AFA33EC60679}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{CE32ABF6-475D-41F6-BF82-D27F03E3D38B}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{E38FD381-6404-4041-B5E9-B2739258941F}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{F3A12E08-EDE9-4160-8B51-334D982A9AD0}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\Software\Classes\CLSID\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}\InprocServer32\: “%SysDir%\capicom.dll”
- HKLM\System\CurrentControlSet\Services\MyServiceDemos\ImagePath: “C:\program files\Sdmr.exe”
- HKLM\System\CurrentControlSet\Services\MyServiceDemos\DisplayName: “My Service Demos”
Files:- %Program Files%\capicom.dll
- %Program Files%\dmr.exe
- %Program Files%\Sdmr.exe
- %SysDir%\capicom.dll