6122.dll - Dangerous

6122.dll

Manual removal instructions:

Antivirus Report of 6122.dll:
6122.dll Malware
6122.dllDangerous
6122.dllHigh Risk
6122.dll
We suggest you to remove 6122.dll from your computer as soon as possible.
6122.dll is Trojan/Backdoor.
Kill the file 6122.dll and remove 6122.dll from Windows startup.

File: server.exe
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1351.0 2009.09.04 Win32:Trojan-gen {Other}
AVG 8.5.0.409 2009.09.03 Agent2.QBG
BitDefender 7.2 2009.09.04 Trojan.Generic.2207190
Comodo 2196 2009.09.04 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.09.04 Trojan.MulDrop.34078
F-Secure 8.0.14470.0 2009.09.04 Trojan-Downloader.Win32.Agent.cosy
Kaspersky 7.0.0.125 2009.09.04 Trojan-Downloader.Win32.Agent.cosy
Microsoft 1.5005 2009.09.03 -
NOD32 4392 2009.09.03 Win32/Dialer.NJO
Symantec 1.4.4.12 2009.09.04 Trojan Horse

Additional information
File size: 51792 bytes
MD5 : 6cfd17b43003c8d95e6cf42f4ddcc9f6
SHA1 : 336485f158134421e9b2dc298cb07a21f4896f5a
-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys added:5
----------------------------------
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6122
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6122\0000
HKLM\SYSTEM\CurrentControlSet\Services\6122
HKLM\SYSTEM\CurrentControlSet\Services\6122\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\6122\Security

----------------------------------
Values added:16
----------------------------------
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6122\0000\Service: "6122"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6122\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6122\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6122\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6122\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6122\0000\DeviceDesc: "6122"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6122\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\6122\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\6122\Parameters\ServiceDll: "C:\WINDOWS\system32\6122.dll"
HKLM\SYSTEM\CurrentControlSet\Services\6122\Type: 0x00000110
HKLM\SYSTEM\CurrentControlSet\Services\6122\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\6122\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\6122\ImagePath: "%SystemRoot%\System32\svchost.exe -k netsvcs"
HKLM\SYSTEM\CurrentControlSet\Services\6122\DisplayName: "6122"
HKLM\SYSTEM\CurrentControlSet\Services\6122\ObjectName: "LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Services\6122\Description: "6122"

----------------------------------
Values modified:2
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs: '6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov napagent hkmsvc BITS wuauserv ShellHWDetection helpsvc WmdmPmSN'
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs: 36 74 6F 34 00 41 70 70 4D 67 6D 74 00 41 75 64 69 6F 53 72 76 00 42 72 6F 77 73 65 72 00 43 72 79 70 74 53 76 63 00 44 4D 53 65 72 76 65 72 00 44 48 43 50 00 45 52 53 76 63 00 45 76 65 6E 74 53 79 73 74 65 6D 00 46 61 73 74 55 73 65 72 53 77 69 74 63 68 69 6E 67 43 6F 6D 70 61 74 69 62 69 6C 69 74 79 00 48 69 64 53 65 72 76 00 49 61 73 00 49 70 72 69 70 00 49 72 6D 6F 6E 00 4C 61 6E 6D 61 6E 53 65 72 76 65 72 00 4C 61 6E 6D 61 6E 57 6F 72 6B 73 74 61 74 69 6F 6E 00 4D 65 73 73 65 6E 67 65 72 00 4E 65 74 6D 61 6E 00 4E 6C 61 00 4E 74 6D 73 73 76 63 00 4E 57 43 57 6F 72 6B 73 74 61 74 69 6F 6E 00 4E 77 73 61 70 61 67 65 6E 74 00 52 61 73 61 75 74 6F 00 52 61 73 6D 61 6E 00 52 65 6D 6F 74 65 61 63 63 65 73 73 00 53 63 68 65 64 75 6C 65 00 53 65 63 6C 6F 67 6F 6E 00 53 45 4E 53 00 53 68 61 72 65 64 61 63 63 65 73 73 00 53 52 53 65 72 76 69 63 65 00 54 61 70 69 73 72 76 00 54 68 65 6D 65 73 00 54 72 6B 57 6B 73 00 57 33 32 54 69 6D 65 00 57 5A 43 53 56 43 00 57 6D 69 00 57 6D 64 6D 50 6D 53 70 00 77 69 6E 6D 67 6D 74 00 77 73 63 73 76 63 00 78 6D 6C 70 72 6F 76 00 6E 61 70 61 67 65 6E 74 00 68 6B 6D 73 76 63 00 42 49 54 53 00 77 75 61 75 73 65 72 76 00 53 68 65 6C 6C 48 57 44 65 74 65 63 74 69 6F 6E 00 68 65 6C 70 73 76 63 00 57 6D 64 6D 50 6D 53 4E 00 36 31 32 32 00 01 00

----------------------------------
Files added:1
----------------------------------
C:\WINDOWS\system32\6122.dll

----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\server.exe

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:0
----------------------------------

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:25
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: 6122
Author: Unknown
Related File: C:\WINDOWS\system32\6122.dll
Type: Svchost DLLs

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove 6122.dll now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.