The program SGCHOST.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with SGCHOST.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of SGCHOST.EXE
Full path on a computer: %WinDir%\PCDoctor\sgchost.exe
Detected by UnHackMe:
Item Name: Policies
Author: Unknown
Related File: %WinDir%\PCDOCTOR\SGCHOST.EXE
Type: Explorer Run
Item Name: {E02K6OSS-N547-5DS4-5CY2-G160Y4U4K1T7}
Author: Unknown
Related File: %WinDir%\PCDOCTOR\SGCHOST.EXE
Type: ActiveSetup
Item Name: DoctorHealtx
Author: Unknown
Related File: %WinDir%\PCDOCTOR\SGCHOST.EXE
Type: Registry Run
Item Name: SGCHOST.EXE
Author: Unknown
Related File: %WinDir%\PCDOCTOR\SGCHOST.EXE
Type: Multi AV Detected Files
Removal Results: Success
Number of reboot: 1
SGCHOST.EXE is known as:
Backdoor.SpyAll.a, Trojan.SpyAll.beran, W32.Spyrat, Rebhip.O, Trojan.Agent-192978, Backdoor.Agent.AAOF (B), TrojWare.PSW.Delf.~JHN, Backdoor:W32.Spyrat.A, Worm.Rebhip.A (v), TSPY_SPATET.SMT, Mal.Behav-328, Trojan.Delf.ngt, Worm.Rebhip.A, Backdoor.A.SpyAll.290304, Trojan.Llac, Malware.Spyrat.rem, Win32.Spatet.I, Worm.Rebhip.48C6, Worm.Rebhip, W32.Llac.GFU.tr, Trj.Ransom.AB
SGCHOST.EXE hash:
- MD5: 6b4408b9a65ebabe75ecc04ad496a228
Registry:- HKLM\Software\Microsoft\Active Setup\Installed Components\{E02K6OSS-N547-5DS4-5CY2-G160Y4U4K1T7}\StubPath: “%WinDir%\PCDoctor\sgchost.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Policies: “%WinDir%\PCDoctor\sgchost.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\DoctorHealth: “%WinDir%\PCDoctor\sgchost.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies: “%WinDir%\PCDoctor\sgchost.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\DoctorHealtx: “%WinDir%\PCDoctor\sgchost.exe”
Folders:- %WinDir%\PCDoctor
Files:- %Appdata%\cglogs.dat
- %Temp%\UuU.uUu
- %Temp%\XxX.xXx
- %WinDir%\PCDoctor\sgchost.exe