The program TERMS.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with TERMS.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of TERMS.EXE
Full path on a computer: %WinDir%\Terms.EXE
Detected by UnHackMe:
TERMS.EXE
Default location: %WinDir%\Terms.EXE
Removal Results: Success
Number of reboot: 1
TERMS.EXE is known as:
Backdoor.Farfli.AH, W32.GenBl.A148D5CF.Olympus, a variant of Win32.Farfli.OS, Trojan.Agent.4DB6, Trojan.KillAV, W32.Farfli.OS
TERMS.EXE hash:
- MD5: a148d5cfa88280196acf95a2d6618f0f
The file tries to connect to the dangerous web site.
How to quickly detect TERMS.EXE presence?
Registry:
- HKLM\System\CurrentControlSet\Services\Ioiylq waigxa\Type: 0×00000110
- HKLM\System\CurrentControlSet\Services\Ioiylq waigxa\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\Ioiylq waigxa\ErrorControl: 0×00000000
- HKLM\System\CurrentControlSet\Services\Ioiylq waigxa\ImagePath: “%WinDir%\Terms.EXE”
- HKLM\System\CurrentControlSet\Services\Ioiylq waigxa\DisplayName: “Xuucxz mkcungyq”
- HKLM\System\CurrentControlSet\Services\Ioiylq waigxa\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\Ioiylq waigxa\Description: “Agymsj hmkumnqk cknpooinlag”
- HKLM\System\CurrentControlSet\Services\YYYYYYYYYYYY\ReleiceName: “Ioiylq waigxa”
Files:
- %WinDir%\Terms.EXE