skynetitnwhpmp.sys - Dangerous

skynetitnwhpmp.sys

Manual removal instructions:

Antivirus Report of skynetitnwhpmp.sys:
skynetitnwhpmp.sys Malware
skynetitnwhpmp.sysDangerous
skynetitnwhpmp.sysHigh Risk
skynetitnwhpmp.sys
We suggest you to remove SKYNETitnwhpmp.sys from your computer as soon as possible.
SKYNETitnwhpmp.sys is Trojan/Backdoor.
Kill the file SKYNETitnwhpmp.sys and remove SKYNETitnwhpmp.sys from Windows startup.

File:
tmp62.exe (C:\sand-box\tmp62.exe)

Classification:
Antivirus Version Last Update Result
AntiVir 7.9.0.180 2009.06.08 SPR/Tool.Obfuscator.ET.5
eSafe 7.0.17.0 2009.06.07 Suspicious File
Kaspersky 7.0.0.125 2009.06.08 Trojan.Win32.TDSS.agmf
Microsoft 1.4701 2009.06.08 VirTool:Win32/Obfuscator.ET
NOD32 4137 2009.06.08 a variant of Win32/Kryptik.RQ

Additional information
File size: 91648 bytes
MD5 : 8210f79ebbb7fb95ca735b8a25b164
f1
SHA1 : b4b3bd927efe143f117b2afbb084d4958932b4de


Installation
When the program is executed, it creates the following registry subkeys and values:


----------------------------------
Keys deleted:0
----------------------------------

----------------------------------
Keys added:2
----------------------------------
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnmdxbvfv

----------------------------------
Values deleted:0
----------------------------------

----------------------------------
Values added:2
----------------------------------
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name: "wuauclt.exe"
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID: 0x48025345

----------------------------------
Values modified:0
----------------------------------

----------------------------------
Files added:4
----------------------------------
C:\WINDOWS\system32\drivers\SKYNETitnwhpmp.sys
C:\WINDOWS\system32\SKYNETeqxstomx.dll
C:\WINDOWS\system32\SKYNETuiebavbc.dat
C:\WINDOWS\system32\SKYNETxlnltjgt.dll

----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\tmp62.exe

----------------------------------
Files [attributes?] modified:1
----------------------------------
C:\WINDOWS\system32\wbem\Logs\wbemcore.log

----------------------------------
Folders added:0
----------------------------------

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:10
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Type: Services detected by Partizan
Item Name: SKYNETnmdxbvfv
Related File: \systemroot\system32\drivers\SKYNETitnwhpmp.sys

Type:
Item Name:
Related File:

Removal Results: Success
Number of reboot:

Remove skynetitnwhpmp.sys now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.