TNT2USER.EXE is Trojan Barys

Dmitry Sokolov recommends his nice removal tool: UnHackMe


UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved!
5 Stars (5 / 5)


We checked some samples of TNT2USER.EXE and detected the file TNT2USER.EXE as threat.
Remove the TNT2USER.EXE file from your computer right now.
Removal tool: http://www.unhackme.com

Malware Analysis of TNT2USER.EXE
Full path on a computer: %Local Appdata%\TNT2\2.0.0.1534\TNT2User.exe

Detected by UnHackMe:

TNT2USER.EXE
Default location: %Local Appdata%\TNT2\2.0.0.1534\TNT2User.exe

Removal Results: Success
Number of reboot: 1

TNT2USER.EXE is known as:

Trojan.Barys

TNT2USER.EXE hash:

  • MD5: c89c47f425982d3d5100857af83939c1
How to quickly detect TNT2USER.EXE presence?

Registry:
  • HKLM\Software\Classes\xmlfile\shell\Open\command\: “”%Program Files%\Internet Explorer\IEXPLORE.EXE” -nohome”
  • HKLM\Software\Classes\xslfile\shell\Open\command\: “”%Program Files%\Internet Explorer\IEXPLORE.EXE” -nohome”
Folders:
  • %Local Appdata%\TNT2
  • %Local Appdata%\TNT2\2.0.0.1534
Files:
  • %Local Appdata%\TNT2\2.0.0.1534\Autorun.inf
  • %Local Appdata%\TNT2\2.0.0.1534\crx.tar
  • %Local Appdata%\TNT2\2.0.0.1534\ffassist.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\GLOBALUNINSTALL.TNT
  • %Local Appdata%\TNT2\2.0.0.1534\hmac.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\ie8starter.exe
  • %Local Appdata%\TNT2\2.0.0.1534\iehpr.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\iestage2.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\IEToolbar.dll
  • %Local Appdata%\TNT2\2.0.0.1534\IEToolbar64.dll
  • %Local Appdata%\TNT2\2.0.0.1534\INSTALL.TNT
  • %Local Appdata%\TNT2\2.0.0.1534\log.dll
  • %Local Appdata%\TNT2\2.0.0.1534\npTNT2.dll
  • %Local Appdata%\TNT2\2.0.0.1534\npTNT2Ghost.dll
  • %Local Appdata%\TNT2\2.0.0.1534\OldStyleSB.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\PARTNER.TNT
  • %Local Appdata%\TNT2\2.0.0.1534\passport.dll
  • %Local Appdata%\TNT2\2.0.0.1534\passport64.dll
  • %Local Appdata%\TNT2\2.0.0.1534\pinnedSearch.htm
  • %Local Appdata%\TNT2\2.0.0.1534\pinnedSearch_FindWide.htm
  • %Local Appdata%\TNT2\2.0.0.1534\progress.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\regsvr.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\RemoteSkin.wms
  • %Local Appdata%\TNT2\2.0.0.1534\sqlite.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\tnt2chrome.dll
  • %Local Appdata%\TNT2\2.0.0.1534\TNT2User.exe
  • %Local Appdata%\TNT2\2.0.0.1534\TNT2UserPS.dll
  • %Local Appdata%\TNT2\2.0.0.1534\TNT2UserPS64.dll
  • %Local Appdata%\TNT2\2.0.0.1534\TntMagicDel.dll
  • %Local Appdata%\TNT2\2.0.0.1534\UnInjLib.dll
  • %Local Appdata%\TNT2\2.0.0.1534\UnInjLib64.dll
  • %Local Appdata%\TNT2\2.0.0.1534\UNINSTALL.TNT
  • %Local Appdata%\TNT2\2.0.0.1534\UninstallDlg.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\untar.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\UPDATE.TNT
  • %Local Appdata%\TNT2\2.0.0.1534\xpi.tar
  • %Local Appdata%\TNT2\2.0.0.1534\zipunzip.1.dll

UnHackMe removes malware invisible for your antivirus!

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1. UnHackMe uses minimum of computer resources.

Testimonials:

Simon:
UnHackMe is a success where others have failed. We have used the software for sometime. Thank you for a great product, which actually works and we believe in the developers.

Bob:
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!