skynetitnwhpmp.sys - Dangerous
skynetitnwhpmp.sys
Manual removal instructions:
Antivirus Report of skynetitnwhpmp.sys:
skynetitnwhpmp.sys
We suggest you to remove SKYNETitnwhpmp.sys from your computer as soon as possible.
SKYNETitnwhpmp.sys is Trojan/Backdoor.
Kill the file SKYNETitnwhpmp.sys and remove SKYNETitnwhpmp.sys from Windows startup.
File:
tmp62.exe (C:\sand-box\tmp62.exe)
Classification:
Antivirus Version Last Update Result
AntiVir 7.9.0.180 2009.06.08 SPR/Tool.Obfuscator.ET.5
eSafe 7.0.17.0 2009.06.07 Suspicious File
Kaspersky 7.0.0.125 2009.06.08 Trojan.Win32.TDSS.agmf
Microsoft 1.4701 2009.06.08 VirTool:Win32/Obfuscator.ET
NOD32 4137 2009.06.08 a variant of Win32/Kryptik.RQ
Additional information
File size: 91648 bytes
MD5 : 8210f79ebbb7fb95ca735b8a25b164
f1
SHA1 : b4b3bd927efe143f117b2afbb084d4958932b4de
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys deleted:0
----------------------------------
----------------------------------
Keys added:2
----------------------------------
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnmdxbvfv
----------------------------------
Values deleted:0
----------------------------------
----------------------------------
Values added:2
----------------------------------
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name: "wuauclt.exe"
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID: 0x48025345
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:4
----------------------------------
C:\WINDOWS\system32\drivers\SKYNETitnwhpmp.sys
C:\WINDOWS\system32\SKYNETeqxstomx.dll
C:\WINDOWS\system32\SKYNETuiebavbc.dat
C:\WINDOWS\system32\SKYNETxlnltjgt.dll
----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\tmp62.exe
----------------------------------
Files [attributes?] modified:1
----------------------------------
C:\WINDOWS\system32\wbem\Logs\wbemcore.log
----------------------------------
Folders added:0
----------------------------------
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:10
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Type: Services detected by Partizan
Item Name: SKYNETnmdxbvfv
Related File: \systemroot\system32\drivers\SKYNETitnwhpmp.sys
Type:
Item Name:
Related File:
Removal Results: Success
Number of reboot:
skynetitnwhpmp.sys | Malware |
skynetitnwhpmp.sys | Dangerous |
skynetitnwhpmp.sys | High Risk |
SKYNETitnwhpmp.sys is Trojan/Backdoor.
Kill the file SKYNETitnwhpmp.sys and remove SKYNETitnwhpmp.sys from Windows startup.
File:
tmp62.exe (C:\sand-box\tmp62.exe)
Classification:
Antivirus Version Last Update Result
AntiVir 7.9.0.180 2009.06.08 SPR/Tool.Obfuscator.ET.5
eSafe 7.0.17.0 2009.06.07 Suspicious File
Kaspersky 7.0.0.125 2009.06.08 Trojan.Win32.TDSS.agmf
Microsoft 1.4701 2009.06.08 VirTool:Win32/Obfuscator.ET
NOD32 4137 2009.06.08 a variant of Win32/Kryptik.RQ
Additional information
File size: 91648 bytes
MD5 : 8210f79ebbb7fb95ca735b8a25b164
f1
SHA1 : b4b3bd927efe143f117b2afbb084d4958932b4de
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys deleted:0
----------------------------------
----------------------------------
Keys added:2
----------------------------------
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnmdxbvfv
----------------------------------
Values deleted:0
----------------------------------
----------------------------------
Values added:2
----------------------------------
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name: "wuauclt.exe"
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID: 0x48025345
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:4
----------------------------------
C:\WINDOWS\system32\drivers\SKYNETitnwhpmp.sys
C:\WINDOWS\system32\SKYNETeqxstomx.dll
C:\WINDOWS\system32\SKYNETuiebavbc.dat
C:\WINDOWS\system32\SKYNETxlnltjgt.dll
----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\tmp62.exe
----------------------------------
Files [attributes?] modified:1
----------------------------------
C:\WINDOWS\system32\wbem\Logs\wbemcore.log
----------------------------------
Folders added:0
----------------------------------
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:10
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Type: Services detected by Partizan
Item Name: SKYNETnmdxbvfv
Related File: \systemroot\system32\drivers\SKYNETitnwhpmp.sys
Type:
Item Name:
Related File:
Removal Results: Success
Number of reboot:
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.