22CC6C32.exe – trojan LockScreen

May 13, 2011 by NightWatcher
Filed under: Ransomware 
: Solved!

Fix it immediately:

Is the file 22CC6C32.exe located on your computer? Then your computer is infected.
We do suggest you should remove 22CC6C32.exe from your computer as soon as possible.
22CC6C32.exe is Trojan/Backdoor.
Kill the process 22CC6C32.exe and remove 22CC6C32.exe from the Windows startup.

Malware Analysis of 22CC6C32.exe
Executed: pa.exe
Removed: 22CC6C32.exe. Full path: C:\Documents and Settings\All Users\Application Data\22CC6C32.exe

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: shell
Author: Unknown
Related File: C:\Documents and Settings\All Users\Application Data\22CC6C32.exe
Type: System.ini

Removal Results: Success
Number of reboot: 1

—————————————————————————————————————————-
How to quickly detect malware presence?

Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Value: “C:\Documents and Settings\All Users\Application Data\22CC6C32.exe”

Files:
C:\Documents and Settings\All Users\Application Data\22CC6C32.exe
C:\WINDOWS\system32\dllcache\taskmgr.exe
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.16440.0 2011.05.13 Trojan.Generic.KD.194454
Kaspersky 9.0.0.837 2011.05.11 Trojan-Ransom.Win32.PornoAsset.k
Microsoft 1.6802 2011.05.13 Trojan:Win32/Inlogta.A
NOD32 6117 2011.05.13 Win32/LockScreen.AGD

—————————————————————————————————————————-

MD5 e7f93f0d7106ff1b0534fbe28023138d

SHA1 f0aa1d9a7652f37c1f011d12d3927fd4859a6ca4

SHA256 9aa49286577dbab965bcd943c46b1def61458663c7ca26a67160d5665f35a256

—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Values modified:4
———————————-
(-) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “Explorer.exe”
(+) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “C:\Documents and Settings\All Users\Application Data\22CC6C32.exe”
(-) HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags: 0×00000004
(+) HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags: 0×00000005

———————————-
Files added:2
———————————-
C:\Documents and Settings\All Users\Application Data\22CC6C32.exe
C:\WINDOWS\system32\dllcache\taskmgr.exe

———————————-
Files [attributes?] modified:1
———————————-
C:\WINDOWS\system32\taskmgr.exe

———————————-
Total changes:7
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: 22CC6C32.exe, LockScreen, Trojan

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.