TNT2USER.EXE is Trojan Barys

May 19, 2013 by NightWatcher
Filed under: Malware 
: Solved!

You should Download Removal Tool here...

We checked some samples of TNT2USER.EXE and detected the file TNT2USER.EXE as threat.
Remove the TNT2USER.EXE file from your computer right now.
Removal tool: http://www.unhackme.com

Malware Analysis of TNT2USER.EXE
Full path on a computer: %Local Appdata%\TNT2\2.0.0.1534\TNT2User.exe

Detected by UnHackMe:

TNT2USER.EXE
Default location: %Local Appdata%\TNT2\2.0.0.1534\TNT2User.exe

Removal Results: Success
Number of reboot: 1

TNT2USER.EXE is known as:

Trojan.Barys

TNT2USER.EXE hash:

  • MD5: c89c47f425982d3d5100857af83939c1
How to quickly detect TNT2USER.EXE presence?

Registry:
  • HKLM\Software\Classes\xmlfile\shell\Open\command\: “”%Program Files%\Internet Explorer\IEXPLORE.EXE” -nohome”
  • HKLM\Software\Classes\xslfile\shell\Open\command\: “”%Program Files%\Internet Explorer\IEXPLORE.EXE” -nohome”
Folders:
  • %Local Appdata%\TNT2
  • %Local Appdata%\TNT2\2.0.0.1534
Files:
  • %Local Appdata%\TNT2\2.0.0.1534\Autorun.inf
  • %Local Appdata%\TNT2\2.0.0.1534\crx.tar
  • %Local Appdata%\TNT2\2.0.0.1534\ffassist.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\GLOBALUNINSTALL.TNT
  • %Local Appdata%\TNT2\2.0.0.1534\hmac.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\ie8starter.exe
  • %Local Appdata%\TNT2\2.0.0.1534\iehpr.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\iestage2.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\IEToolbar.dll
  • %Local Appdata%\TNT2\2.0.0.1534\IEToolbar64.dll
  • %Local Appdata%\TNT2\2.0.0.1534\INSTALL.TNT
  • %Local Appdata%\TNT2\2.0.0.1534\log.dll
  • %Local Appdata%\TNT2\2.0.0.1534\npTNT2.dll
  • %Local Appdata%\TNT2\2.0.0.1534\npTNT2Ghost.dll
  • %Local Appdata%\TNT2\2.0.0.1534\OldStyleSB.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\PARTNER.TNT
  • %Local Appdata%\TNT2\2.0.0.1534\passport.dll
  • %Local Appdata%\TNT2\2.0.0.1534\passport64.dll
  • %Local Appdata%\TNT2\2.0.0.1534\pinnedSearch.htm
  • %Local Appdata%\TNT2\2.0.0.1534\pinnedSearch_FindWide.htm
  • %Local Appdata%\TNT2\2.0.0.1534\progress.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\regsvr.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\RemoteSkin.wms
  • %Local Appdata%\TNT2\2.0.0.1534\sqlite.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\tnt2chrome.dll
  • %Local Appdata%\TNT2\2.0.0.1534\TNT2User.exe
  • %Local Appdata%\TNT2\2.0.0.1534\TNT2UserPS.dll
  • %Local Appdata%\TNT2\2.0.0.1534\TNT2UserPS64.dll
  • %Local Appdata%\TNT2\2.0.0.1534\TntMagicDel.dll
  • %Local Appdata%\TNT2\2.0.0.1534\UnInjLib.dll
  • %Local Appdata%\TNT2\2.0.0.1534\UnInjLib64.dll
  • %Local Appdata%\TNT2\2.0.0.1534\UNINSTALL.TNT
  • %Local Appdata%\TNT2\2.0.0.1534\UninstallDlg.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\untar.1.dll
  • %Local Appdata%\TNT2\2.0.0.1534\UPDATE.TNT
  • %Local Appdata%\TNT2\2.0.0.1534\xpi.tar
  • %Local Appdata%\TNT2\2.0.0.1534\zipunzip.1.dll


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Comments

Comments are closed.