N is Trojan Win64.Sirefef.W

Dmitry Sokolov recommends his nice removal tool: UnHackMe


UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved!
5 Stars (5 / 5)


Rootkit N is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of N may be a very difficult process.
You should use anti-rootkit software to fix the N problem.

Malware Analysis of N
Full path on a computer: C:\Users\test\AppData\Local\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\n

Detected by RegRun Warrior:

N
Default location: C:\Users\test\AppData\Local\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\n

Removal Results: Success
Number of reboot: 1

N is known as:

Trojan.Win64.Sirefef.W

N hash:

  • MD5: 46d5bcfc944bd4bbc79ad6576d41c349
How to quickly detect N presence?

Registry:
  • HKLM\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32\: “C:\Windows\system32\Macromed\Flash\Flash64_11_3_300_257.ocx”
  • HKLM\Software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32\: “C:\Windows\system32\Macromed\Flash\Flash64_11_3_300_257.ocx”
  • HKLM\Software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32\: “C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_257.ocx”
  • HKLM\Software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32\: “C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_257.ocx”
  • HKLM\System\CurrentControlSet\services\AdobeFlashPlayerUpdateSvc\ImagePath: “C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe”
  • HKLM\System\CurrentControlSet\services\AdobeFlashPlayerUpdateSvc\DisplayName: “Adobe Flash Player Update Service”
Folders:
  • C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
  • C:\Users\test\AppData\Local\Temp\5E09.dir
  • C:\Users\test\AppData\Local\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}
  • C:\Users\test\AppData\Local\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\L
  • C:\Users\test\AppData\Local\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\U
  • C:\Windows\Installer\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}
  • C:\Windows\Installer\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\L
  • C:\Windows\Installer\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\U
  • C:\Windows\System32\Macromed
  • C:\Windows\System32\Macromed\Flash
  • C:\Windows\SysWOW64\Macromed
  • C:\Windows\SysWOW64\Macromed\Flash
Files:
  • C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_82be09e4-cf0a-4350-bd3a-3ac249f0fd59
  • C:\Users\test\AppData\Local\Temp\InstallFlashPlayer.exe
  • C:\Users\test\AppData\Local\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\@
  • C:\Users\test\AppData\Local\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\n
  • C:\Windows\Installer\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\@
  • C:\Windows\Installer\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\n
  • C:\Windows\Installer\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\U\00000001.@
  • C:\Windows\Installer\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\U\80000000.@
  • C:\Windows\Installer\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\U\800000cb.@
  • C:\Windows\System32\Tasks\Adobe Flash Player Updater
  • C:\Windows\System32\Macromed\Flash\Flash64_11_3_300_257.ocx
  • C:\Windows\System32\Macromed\Flash\FlashInstall.log
  • C:\Windows\System32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.dll
  • C:\Windows\System32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe
  • C:\Windows\SysWOW64\FlashPlayerApp.exe
  • C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
  • C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_257.ocx
  • C:\Windows\SysWOW64\Macromed\Flash\FlashInstall.log
  • C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  • C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.dll
  • C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
  • C:\Windows\SysWOW64\Macromed\Flash\mms.cfg
  • C:\Windows\Tasks\Adobe Flash Player Updater.job
  • C:\Windows\Temp\fwtsqmfile00.sqm

UnHackMe removes malware invisible for your antivirus!

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1. UnHackMe uses minimum of computer resources.

Testimonials:

Simon:
UnHackMe is a success where others have failed. We have used the software for sometime. Thank you for a great product, which actually works and we believe in the developers.

Bob:
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!

Leave a Reply