b278c9b.sys - Dangerous

b278c9b.sys

Manual removal instructions:

Antivirus Report of b278c9b.sys:
b278c9b.sys Malware
b278c9b.sysDangerous
b278c9b.sysHigh Risk
b278c9b.sys
We suggest you to remove FTOLC.EXE from your computer as soon as possible.
FTOLC.EXE is Trojan/Backdoor.
Kill the process FTOLC.EXE and remove FTOLC.EXE from Windows startup.

Malware dropper: C:\sand-box\FTOLC.EXE
Removed: C:\WINDOWS\system32\drivers\b278c9b.sys
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
F-Secure 8.0.14470.0 2009.09.28 Backdoor.Win32.Agent.akwi
Kaspersky 7.0.0.125 2009.09.28 Backdoor.Win32.Agent.akwi
McAfee 5754 2009.09.27 Generic BackDoor.o
Microsoft 1.5005 2009.09.23 Backdoor:Win32/Rustock.G
NOD32 4464 2009.09.28 -
Symantec 1.4.4.12 2009.09.28 -

Additional information
File size: 155648 bytes
MD5 : 9f587ef00c4ce3e661ac17dbe35f8d09
SHA1 : fff057b4b21ea2f58831ad5e9be3a6ccfa35e3cc
-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys added:2
----------------------------------
HKLM\SOFTWARE\Classes\.key
HKLM\SYSTEM\CurrentControlSet\Services\b278c9b

----------------------------------
Values added:5
----------------------------------
HKLM\SOFTWARE\Classes\.key\: "regfile"
HKLM\SYSTEM\CurrentControlSet\Services\b278c9b\ImagePath: "\SystemRoot\System32\drivers\b278c9b.sys"
HKLM\SYSTEM\CurrentControlSet\Services\b278c9b\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\b278c9b\Start: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\b278c9b\ErrorControl: 0x00000001

----------------------------------
Values modified:0
----------------------------------

----------------------------------
Files added:2
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\2.tmp
C:\WINDOWS\system32\drivers\b278c9b.sys

----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\FTOLC.EXE

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:0
----------------------------------

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:10
----------------------------------

-------------------------------------------------------------------------------------
Detected by UnHackMe:

none

After first reboot detected by UnHackMe:

Item Name: b278c9b
Author:
Related File: \SystemRoot\System32\drivers\b278c9b.sys
Type: Services detected by Partizan

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove b278c9b.sys now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.