BOOTMGR.SYS is Trojan Delf.hyso

Detected by UnHackMe:

Item Name: WinNsi
Author:
Related File: C:\BOOTMGR.SYS
Type: Svchost DLLs

Item Name: BOOTMGR.SYS
Author:
Related File: C:\BOOTMGR.SYS
Type: Multi AV Detected Files

Removal Results: Success
Number of reboot: 1

BOOTMGR.SYS is known as:

Trojan.Delf.hyso, Mal.Behav-363, Backdoor.Delf.RAN, a variant of Win32.Delf.OES, W32.Delf.OES

BOOTMGR.SYS hash:

• MD5: a38f948e4d487342a53a3922919a0ea5

Registry:

• HKLM\System\CurrentControlSet\Services\WinNsi\Parameters\ServiceDll: “C:\bootmgr.sys”
• HKLM\System\CurrentControlSet\Services\WinNsi\Type: 0×00000120
• HKLM\System\CurrentControlSet\Services\WinNsi\Start: 0×00000002
• HKLM\System\CurrentControlSet\Services\WinNsi\ErrorControl: 0×00000000
• HKLM\System\CurrentControlSet\Services\WinNsi\ImagePath: “%SystemRoot%\System32\svchost.exe -k WinNsi”
• HKLM\System\CurrentControlSet\Services\WinNsi\DisplayName: “Windows Network Store Interface Service”
• HKLM\System\CurrentControlSet\Services\WinNsi\ObjectName: “LocalSystem”
• HKLM\System\CurrentControlSet\Services\WinNsi\Description: “The service to the user mode client network notice. Stop this service will result in the loss of the network connection.”

Folders:

• C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3PCMMHXU
• C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LUIIOHEM

Files:

• C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3PCMMHXU\desktop.ini
• C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3PCMMHXU\favicon[1].ico
• C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LUIIOHEM\desktop.ini
• C:\bootmgr.sys