Quantcast
Channel: How to Remove Malware
Viewing all articles
Browse latest Browse all 38585

TERMS.EXE is Backdoor Farfli.AH

$
0
0

The program TERMS.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with TERMS.EXE.
Download for free: http://www.unhackme.com

Malware Analysis of TERMS.EXE
Full path on a computer: %WinDir%\Terms.EXE

Detected by UnHackMe:

TERMS.EXE
Default location: %WinDir%\Terms.EXE

Removal Results: Success
Number of reboot: 1

TERMS.EXE is known as:

Backdoor.Farfli.AH, W32.GenBl.A148D5CF.Olympus, a variant of Win32.Farfli.OS, Trojan.Agent.4DB6, Trojan.KillAV, W32.Farfli.OS

TERMS.EXE hash:

  • MD5: a148d5cfa88280196acf95a2d6618f0f
The file tries to connect to the dangerous web site.
How to quickly detect TERMS.EXE presence?
Registry:
  • HKLM\System\CurrentControlSet\Services\Ioiylq waigxa\Type: 0×00000110
  • HKLM\System\CurrentControlSet\Services\Ioiylq waigxa\Start: 0×00000002
  • HKLM\System\CurrentControlSet\Services\Ioiylq waigxa\ErrorControl: 0×00000000
  • HKLM\System\CurrentControlSet\Services\Ioiylq waigxa\ImagePath: “%WinDir%\Terms.EXE”
  • HKLM\System\CurrentControlSet\Services\Ioiylq waigxa\DisplayName: “Xuucxz mkcungyq”
  • HKLM\System\CurrentControlSet\Services\Ioiylq waigxa\ObjectName: “LocalSystem”
  • HKLM\System\CurrentControlSet\Services\Ioiylq waigxa\Description: “Agymsj hmkumnqk cknpooinlag”
  • HKLM\System\CurrentControlSet\Services\YYYYYYYYYYYY\ReleiceName: “Ioiylq waigxa”
Files:
  • %WinDir%\Terms.EXE


Viewing all articles
Browse latest Browse all 38585

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>