The file ANRO.SYS is malware related.
You must delete the file ANRO.SYS immediately!
Delete the file ANRO.SYS without delay!
Kill the process ANRO.SYS and remove ANRO.SYS from the Windows startup.
Malware Analysis of ANRO.SYS
Full path on a computer: %Temp%\Anro.sys
Detected by UnHackMe:
Item Name: ANRO.SYS
Author: Unknown
Related File: %TEMP%\ANRO.SYS
Type: Multi AV Detected Files
After first reboot detected by UnHackMe:
Item Name: ialdnwxf
Author:
Related File: %Temp%\Anro.sys
Type: Services detected by Partizan
Removal Results: Success
Number of reboot: 2
ANRO.SYS is known as:
Trojan.Orsam, Trojan.Agent.qeo, Trojan.Agent.ctqbd, Win32.Agent.AXA, Trojan.Agent-289821, not-a-virus:RiskTool.ProcPatcher.a, Trojan.Agent.EN6bnksl3E4, TrojWare.Agent.qeo, Trojan.MulDrop3.26100, Troj.DwnLdr-JCX, Trojan.Agent.3712, Dropper.Rootkit, Win32.Agent.QEO, W32.Agent.EWGF.tr, Agent3.BQYK
ANRO.SYS hash:
- MD5: 7fc8f430b830c119640c606de9bb907c
The file tries to download information from some web sites.
How to quickly detect ANRO.SYS presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\ialdnwxf\ErrorControl: 0×00000000
- HKLM\System\CurrentControlSet\Services\ialdnwxf\ImagePath: “%Temp%\Anro.sys”
- HKLM\System\CurrentControlSet\Services\ialdnwxf\DisplayName: “ialdnwxf”
Files:- %Temp%\Anro.sys