slingshot malware Removal Guide

Threat Level:
9/10
Rate this Article:
Comments (0)
Article Views: 346
Category: Trojans

It must the worst possible day when you realize that slingshot malware has hit your computer. This Trojan program has multiple "surprises" for you. As a matter of fact, it drops five modules onto your system, which can all cause serious system security issues for you. You should take this attack very seriously because your privacy can be breached and your bank account information along with other sensitive materials stolen from you. It is possible that you are using one of the Mikrotik routers made in Latvia, which have certain security holes that cyber criminals can exploit and gain system administrator privileges to your PC to activate this Trojan. Of course, this may not be the only way to get infected with it, so do not get your hopes high if you do not have a Mikrotik router. We advise you to act immediately and remove slingshot malware from your PC.

If you have the aforementioned type of router, you had better send your "C:\Windows\System32\scesrv.dll" file to VirusTotal (virustotal.com/#/home/upload) for an inspection to see whether it has been compromised yet. Because, chances are you could be infected with this dangerous Trojan. Since this malware infection may remain undetected for long, god knows how much damage it has done to you already. This is why it is not worth waiting any longer to find out about it. These cyber criminals can exploit these routers to access your system and drop this Trojan to start up the malicious operations unnoticed. It is obvious that you need to delete slingshot malware the moment you find out that your computer has been compromised.

Other possibilities of infection with this Trojan may include downloading free software or cracks from shady torrent or freeware sites, clicking on corrupt third-party ads on suspicious websites like online gaming, betting, video streaming, dating, and porn sites, and landing on malicious pages armed with Exploit Kits (e.g., RIG). In order to avoid these types of attacks, you need to keep all your programs updated frequently, you need to avoid unfamiliar and questionable websites, quit clicking on random ads, and it is also important that you remove slingshot malware and all other threats from your system.

This is a dangerous Trojan that can attack your system and your privacy in multiple fronts. In fact, its payload consists of five modules that are capable of different malicious operations ranging from taking screenshots of your screen to keylogging and stealing sensitive account details. Here is a list of these modules and what they are designed for:

  • GollumApp: collects network information, steals browser passwords, implements keylogger functionality
  • SsCB: captures screenshots, steals information from clipboard and window size, title, and position
  • ffproxy: collects Firefox proxy settings and configuration details
  • NeedleWatch: injects in different files
  • Sfc2: disables Windows file protection

Each can cause serious virtual security issues separately. But when these all operate on your system, the damage can be irreparable and devastating. The sour icing on this malware cake is that this Trojan can also download further dangerous threats behind your back. This makes it even more difficult to remove slingshot malware from your PC without leaving leftovers.

Still, you can try to eliminate this Trojan by following our instructions below this article. Please bear in mind that you may only be able to overwrite the infected .dll files by running a Windows repair. But even if you perform these steps, you need to remember that there could be several more malicious threats on your system that also need immediate action. Apart from keeping away from suspicious websites and clicking on third-party ads, it is also essential to update your software park regularly to prevent further malicious attacks. Of course, unless you are an advanced computer user, you still may not be able to keep all possible threats away from your system. If you are looking for a powerful way to protect your computer against all possible threats, we suggest that you install a reputable malware removal application, such as SpyHunter.

How to remove slingshot malware from Windows

  1. Tap Win+E to launch your File Explorer.
  2. Go to "C:\Windows\System32\" and overwrite "scesrv.dll" with the original system file.
  3. Open "C:\Windows\SysWow64\" and overwrite "scesrv.dll" with the original system file.
  4. Empty your Recycle Bin.
  5. Reboot your system.
Download Remover for slingshot malware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

slingshot malware technical info for manual removal:

Files Modified/Created on the system:

# File Name File Size (Bytes) File Hash
1%SystemRoot%\System32\phc?????????
2%SystemRoot%\System32\whc?????????
3KBDURsr.dll62976 bytesMD5: e3beace9fb53c4ea2a2a5517d76b5b38
4nl5.exe1464320 bytes
5idolowun.dll180736 bytesMD5: 15689f041fb926413e423597a913f5e2
6kozeyizu.dll89088 bytes
7roam five.exe700416 bytes
8%UserProfile%\Application Data\thc?????????
9sihosido.dll108032 bytes
10yamanewa.dll80384 bytes
11kedisuzo.dll50688 bytes
12hekeyapi.dll89088 bytes
13DisplaySwitch.exe118272 bytesMD5: dde7ef6358e594956b13fc291d92e52a
14asade.exe133120 bytesMD5: c5ed7ab3a7f1b367bc77480907a71274
15%SystemRoot%\System32\thc?????????
16jimofiji.dll49152 bytes
17nsx23.dll1351680 bytes
18zelovumi.dll49152 bytes
19kurtapt24@yahoo.com9458 bytesMD5: 2e124646bd0fbe6838796bd181df0eef
20pjdeya.exe597504 bytesMD5: 5d4743a302e76421c449e8cfc2d8be2f
21nl4.exe668160 bytes
22bujiwofi.dll70144 bytes
23207163515.exe892416 bytesMD5: 695a8155cf64fa91f33241cb825a78c4
24%UserProfile%\Application Data\pphc?????????
25RqAds.exe135168 bytes
26Warn Support.exe704512 bytes
27iyupodovujepope.dll194048 bytesMD5: 20df5aee46a31774c749f9945b711641
28ovamudutibofe.dll195584 bytesMD5: 636d4967bd46a237f681c8339559688c
29stuvwxy.exe
30bdsyslink.dll86016 bytes
31flsysio.exe371200 bytesMD5: 386e79decf1debf931692da686d2941f
32comparevers.exe455575 bytesMD5: 832ffbc37551be1f9b14dd44a462d3a8
33nl2.exe1918976 bytes
34winlo.exe1220215 bytes
35hnwqrys.exe368896 bytesMD5: 3603e534db5178036425c5e6bcca8ee4
36ugavisidu.dll180224 bytesMD5: 6aa2d902c4637662f7dac98aabf95544
37fejolave.dll50688 bytes
38alivevukov.dll179712 bytesMD5: 64b417db53c23d036d2843b44c22bb7c
39uyuhapuhid.dll195072 bytesMD5: 5f6b1405d57dc8df91144601b605e3ae
40dxva2C.dll62464 bytesMD5: 41cb45cccc9897274d77c847ba946b6d
41%UserProfile%\lphc?????????
42realsvc.exe143537 bytes
43%UserProfile%\blphc?????????
44pcpriv.exe397824 bytes
45hesudobu.dll104960 bytes
46mcfg.exe15360 bytesMD5: 3026b2ce720126c88cb8831e002a7f42
47tijawani.dll50688 bytes
48nupanogo.dll107520 bytes
49nohisoye.dll108544 bytes
50mulirowo.dll50688 bytes
51pokumala.dll107520 bytes
52%UserProfile%\rhc?????????
53emihotepopeg.dll187392 bytesMD5: 0df79c59f0e032e5bc995786d5815461
54photo_id.exe27755 bytes
55PowerJa.ask70777 bytes
56icocalolacihir.dll182272 bytesMD5: a0f9b695b2711007dc5201a98de184f4
57odbn0.exe295424 bytes
58onifr.exe147454 bytesMD5: 055c5d04c1cb3c4945637d38c7ba9933
59ree2.exe748032 bytes
60kekasika.dll49664 bytes
61pujosove.dll48640 bytes
62atl7.dll122368 bytes
63sekisahi.dll48128 bytes
64zipavagi.dll50688 bytes
65%SystemRoot%\System32\pphc?????????
66kalerazo.dll88064 bytes
67zofowoda.dll50688 bytes
68%SystemRoot%\System32\lphc?????????
69sesanujo.dll70144 bytes
70evejubet.dll194048 bytesMD5: 73b599d33ae2f39ef880ac2195ea6ce9
71mivi.exe171520 bytesMD5: 947f14f76240dc31ff436dc3ff906114
72unapatax.dll182272 bytesMD5: 13c74cdba40b44b226697a503a1efe5f
73rigiwoti.dll81920 bytes
74xoipk.exe142848 bytesMD5: 97c65e1c3df2ea29ceb58b3390bd0b37
75kusers.dll205840 bytes
76wujiwibe.dll88064 bytes
77iksuy.exe140151 bytesMD5: cfc995ef0b0728896b5120c5adf214e0
78caese.exe116736 bytesMD5: a3e5d6733da460ebf9d0c4332bb95f37
79Ffodoa.exe163840 bytesMD5: a5690ed0f4f2a3184fd469d5be888072
80ixelinet.dll182272 bytesMD5: a1b569c180afb2dd878a45bba9c078d4
81%UserProfile%\643f??????????
82asvdxl.dll79872 bytesMD5: bc2780a2a6d2c21b76c8716975c10813
83bdsl2.dll86016 bytes
84uhoyureg.dll182272 bytesMD5: e27f0bd6b5d9af43fd35abaa37123f54
85penipure.dll50688 bytes
86uclyv.exe100352 bytesMD5: 904c33d27f3b145fbb9506955049d90b
87SystemAutorun.exe377344 bytesMD5: a1451e7535d918f60a31409acb76186a
88nageduge.dll50688 bytes
89dot3cfg32.dll119808 bytes
90yatodimi.dll70144 bytes
91yovalono.dll49664 bytes
92irxoe.exe116736 bytesMD5: 4f883bd12740c865a1765183767f979a
93ree1.exe646656 bytes
94%UserProfile%\thc?????????
95verabija.dll88064 bytes
96etomemap.dll179200 bytesMD5: 637e74ea2f3f3b948ca58a3f9fa9da53
97debodoro.dll71168 bytes
98uzewerilupavid.dll186368 bytesMD5: fa537293c1587d408722591ed4020a20
99ehczrw312.exe1150976 bytes
100balomane.dll80384 bytes
101fenofaki.dll87040 bytes
102ope2314.exe 401920 bytesMD5: 64e9e281d180395b1f60872930a8d19a
103kdpini.dll192528 bytes
104ClipHelp3xx.dll86016 bytesMD5: 0a102507a28680434a8231199c7ac913
105uvojigulukacega.dll181760 bytesMD5: 8ba96641c0cf6ba391ad8b6081ba36e7
106ijusuyanami.dll266240 bytesMD5: 39c5f01af18aa97ace2b61ff4040d4e6
107akuzivazoveraxif.dll185344 bytesMD5: 8ccb115f9ae7f00b03e5fe57313915c9
108wahayaga.dll49664 bytes
109fehamito.dll50176 bytes
110obaluqizevax.dll182784 bytesMD5: e18c0753f6729408f93832496a7085be
111kavumefe.dll81920 bytes
112bopufeto.dll50176 bytes
113%SystemRoot%\System32
114kory.exe92672 bytesMD5: 0db0abdcf82af6f56402d11cca6ad0dd
115pivumedo.dll190976 bytes
116uheludeje.dll173056 bytesMD5: b34cdd55229d93f43cebd8bac52597e6
117AdobeSoftVaallupjhn.exe507840 bytesMD5: 86c6ad598623186d95a83b4b86180ab4
118lepopoka.dll50688 bytes
119fahokipa.dll86528 bytes
120fozusayo.dll49152 bytes
121asycfil.dll123904 bytes
122%UserProfile%\phc?????????
123%SystemRoot%\System32\bpph??????????
124norozuse.dll69632 bytes
125ptidle.exe56832 bytes
126tikatabi.dll80384 bytes
127mukejowe.dll89600 bytes
128hoyuvuki.dll50176 bytes
129%UserProfile%\Application Data\whc?????????
130tepepife.dll70144 bytes
131papororo.dll88576 bytes
132beipq.exe169472 bytesMD5: ac12fcef12aec513bd5e8e8fcf389e1f
133kbdnet.dll30720 bytes
134%ProgramFiles%\rhc?????????
135yosineku.dll89600 bytes
136ufdsvc.exe69632 bytesMD5: 99184adc5b7fab997146971f20afff18
137sdasda.exe66560 bytes
138%UserProfile%\Application Data\bpph??????????
139doriyubi.dll49152 bytes
140xipr.exe184848 bytes
141topapope.dll80384 bytes
142sysrc32.exe12288 bytes
143itufijorece.dll207360 bytesMD5: 3334de88ae7ce7034ff0b075ec923599
144ibitolet.dll189952 bytesMD5: 233dc9f067988cb5a89f47f62276fc3f
145lewiyidi.dll49664 bytes
146SerialsWorld.exe1075712 bytes
147dijanumo.dll133120 bytes
148barijatu.dll50176 bytes
149sgpron.dll62464 bytesMD5: 261b36cee988614c50f1d17100409f3d
150vybi.exe115200 bytesMD5: dbdf452705cb7e45fee3063e1e12f99b
151fezahoyu.dll81920 bytes
152zarebeba.dll50688 bytes
153robejaku.dll88064 bytes
154bdaplgini.dll84992 bytesMD5: deacbaa2ddf8597cdf1985e2950034d6
155digiwet.dll17920 bytes
156logomafe.dll88576 bytes
157zyex.exe132608 bytesMD5: 1879ac641af2e71f26905cb048a07857
158poqii.exe147445 bytesMD5: 9372599a17d10580496c99fb50c62fdf
159yowujeje.dll48640 bytes
160hepigalo.exe
161%ProgramFiles%\bpph??????????
162icaqx.exe124414 bytesMD5: 36547fb1efeb3d949032ab5bf8040c76
163sumonibe.dll49152 bytes
164kafunepi.dll80384 bytes
165%ProgramFiles%\whc?????????
166AcroIEHelpe022.dll216400 bytesMD5: 417958dc10a28999d539ca25fb35f884
167mokehohi.dll69120 bytes
168sogidona.dll89088 bytes
169evizavohiyesupa.dll186880 bytesMD5: 93e22d9b2653be354a9214a8d1915d47
170wisysvi.dll67072 bytesMD5: cd5ecd06b63492fbcb6509dc20442631
171bufezeza.dll80384 bytes
172hovebipu.dll48640 bytes
173%ProgramFiles%
174luyehije.dll87552 bytes
175UnLoad.exe37888 bytesMD5: 437f7b6ff7982015788b28d66f49ba2a
176dwm.exe318464 bytesMD5: b9ec59d036d43e1302083ef3e48b1311
177kifupiza.dll50176 bytes
178zezowawi.dll106496 bytes
179mivalivo.dll49664 bytes
180togojaze.dll50176 bytes
181%UserProfile%\Application Data\phc?????????
182nobajanu.dll81408 bytes
183bupuyafo.dll89088 bytes
184morugawe.dll107520 bytes
185uqojanecatevih.dll182784 bytesMD5: 8a9effc288c73c50e8ccbd76f29f4f8f
186qycu.exe133632 bytesMD5: 4f78005695709f8a9b48ec2598301d7d
187eloheseweriquyi.dll182272 bytesMD5: 351a14711242221e54e0a1920a82f4de
188sonuleme.dll88064 bytes
189idojapimogudoray.dll185344 bytesMD5: 6b08c208052f9e5cc2190d6801ac1b9e
190cajiw.exe557056 bytesMD5: 6222d185dbfd393c9208e3e19cd3eee1
191wisegava.dll50688 bytes
192pascmgp.exe438272 bytesMD5: e18777a913aa00cdf543c89bd3e271cb
193ufimixefenoy.dll257536 bytesMD5: b9407a6531a93d27f4a970f3b849ee9e
194VCL.dll335064 bytesMD5: 85e369896d7049fa73dff2064a9df4db
195akihovojamaz.dll180224 bytesMD5: 859e7381425e73ec2d908216567448e4
196wirepots.exe8704 bytesMD5: 4c1fd02d449c708d7708deb17f9dc6c5
197%ProgramFiles%\lphc?????????
198livukafa.dll49664 bytes
199ijucahalevet.dll181760 bytesMD5: a4687240401c1d4ef8e1bead595cbca3
200eruzurow.dll180224 bytesMD5: 63178a01d821357152f686e70909bf3e
201junefare.dll50688 bytes
202palowaru.dll48640 bytes
203%UserProfile%\pphc?????????
204tipifipo.dll109056 bytes
205relereni.dll87552 bytes
206zorihali.dll109281 bytes
207nutowuko.dll71680 bytes
208%SystemRoot%\System32\rhc?????????
209refobaju.dll50688 bytes
210%ProgramFiles%\phc?????????
211%SystemRoot%\System32\643f??????????
212nupotuku.dll48640 bytes
213yikuhawa.dll49152 bytes
214bisevona.dll78848 bytes
215mejiyolo.dll88064 bytes
216%UserProfile%\whc?????????
217futewege.dll49152 bytes
218jahasike.dll48128 bytes
219MySelf.exe571392 bytesMD5: 6e01f914fa6edf1df717b293d2265d68
220zemupalu.dll89600 bytes
221yopalimi.dll106496 bytes
222dmutil32.dll198656 bytes
223cmdial3.dll122368 bytes
224ofriasc.dll79360 bytesMD5: 158568bd1c1926d357b66f18397c4c11
225uqiwaceh.dll187392 bytesMD5: d7c17417a83ab2c658cb5c025f8f2500
226udihozazohec.dll197632 bytesMD5: 8e4bd6bf49fa29c52b564f0c3255cfed
227wehebopa.dll50176 bytes
228dodohovo.dll107520 bytes
229uyefesujoxumu.dll182784 bytesMD5: f42cc970e73eaee3d6419c9be9ced491
230%ProgramFiles%\thc?????????
231jelayube.dll72861 bytes
232nevoputo.dll89600 bytes
233xydzyh.exe45056 bytes
234rdolib.dll30720 bytes
235kylo.exe116736 bytesMD5: 9393917d6f87dadf94d2ccaead23f380
236%TEMP%
237dizubure.dll66560 bytes
238pehuraba.dll88064 bytes
239vcnews.exe2784256 bytesMD5: c8009d121e537630ee9d97578c4249e8
240juriyuyi.dll50688 bytes
241oderobifamaves.dll181248 bytesMD5: bcb38a3af170849ed800813980c098c5
242dx8vb32.dll139264 bytes
243winmyy32.dll39424 bytes
244lopibeki.dll70144 bytes
245vupesasu.dll64512 bytesMD5: b5b5cc712268472c9e92b81f54a385c4
246dibawumi.dll89600 bytes
247aim remote.exe683520 bytes
248muyinepa.dll80896 bytes
249mafuyiha.dll106496 bytes
250%UserProfile%\bpph??????????
251juhalobo.dll109056 bytes
252%UserProfile%
253idumowapupiy.dll183296 bytesMD5: 039e2ad7866d29aa5751b3810fd015fc
254vopereso.dll49152 bytes
255zs880000[1].exe108032 bytes
256aboheraj.dll187904 bytesMD5: f9412fbd4707eca38cb794f439af6294
257potibubi.dll50176 bytes
2581361163109.exe991232 bytesMD5: 9fcf0e8c39b00227ba76a1bdaee25480
259%UserProfile%\Application Data\643f??????????
260reqi.exe116224 bytesMD5: fb482abc534c45584bfab8e7c621b2e6
261nuviyapi.dll49152 bytes
262Lxh.exe169472 bytesMD5: 9f4ab3be9eaba698dc0e0f7c73a95558
263kulo.exe118850 bytesMD5: 8a37ecc0344edbdcff843f01e4db160a
264baka6.exe144384 bytesMD5: c95ecdad9b7dabf9eb81b4cf50a1aa59
265lebenesa.dll78848 bytes
266uvumaxeqa.dll186368 bytesMD5: 1d2f7578eeee5cd17d39e57dd6de31b0
267%ProgramFiles%\pphc?????????
268delidubu.dll89600 bytes
269sujibiwi.dll50176 bytes
270penis.exe90112 bytes
271iqugumamu.dll183296 bytesMD5: 3a18d024f36469eed2cc3ef1e6648725
272omshtup.dll74752 bytesMD5: 5c4a9189143898c880c685baefe0949f
273srenum.sys36480 bytes
274afitegef.dll181248 bytesMD5: 561281ee46cf4df81d610382a80ec6aa
275oqifubeqixi.dll188416 bytesMD5: 611049af410f7421a4aa95dfaff83a06
276oyuwopoze.dll183296 bytesMD5: d49dfd4cf9dd4128c42423d2809f24dd
277%UserProfile%\Application Data
278uqogumamumuse.dll183808 bytesMD5: f9dbaec1d7f298488edd7340029f808d
279%SystemRoot%\System32\blphc?????????
280oviyukebicitaq.dll189952 bytesMD5: 26e0901133821a1a844fdf9f376a2220
281%UserProfile%\Application Data\lphc?????????
282rexsvc32.exe1735854 bytesMD5: 5b0a5c74d78559d8a7367c9719cd40e5
283miduyevu.dll89600 bytes
284bovekafu.dll89600 bytes
285%ProgramFiles%\blphc?????????
286%ProgramFiles%\643f??????????
287fechme.exe32768 bytes
288vabofoka.dll48128 bytes
289%UserProfile%\Application Data\rhc?????????
290csrcs.exe20480 bytesMD5: fb52692745918a67cbd7e9cc26982627
291ajuquqoqepoqu.dll179200 bytesMD5: 101c7b1219b42021916ee9f7b7836b23
292bawawaza.dll78848 bytes
293%UserProfile%\Application Data\blphc?????????
294vubabuku.dll48128 bytes
295nl6.exe1453056 bytes
296nahatona.dll106496 bytes
297svcchosst.exe101376 bytes
298irulusasiyuwam.dll178176 bytesMD5: 066db90be6f45540e15d1d928ab7f21d
299nl3.exe1891840 bytes
300fwtrtuqtssd.exe262144 bytesMD5: f3992fde36ff8e1ebb24d1e0f3cb95ea

Registry Modifications:

The following Registry Keys were created:

  • \YURD.exe
  • {0389E53C-62CF-4CD6-9F4E-955A740E4385}
  • \YUR2B.exe
  • SOFTWARE\Microsoft\Internet Explorer\Toolbar {8E21DC20-6E4E-42B3-9796-244EC9385CEF}
  • {E4785213-3EFE-4c26-A9B4-332440E31F6F}
  • SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run xqe6lJLnN1
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify cxqmyibm
  • Facegame
  • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run servises
  • Sys1.exe
  • \YUR131.exe
  • Software\Microsoft\Windows\CurrentVersion kdksc.exe
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler {0ba3e00d-b660-46e6-a2db-2672ee82dc98}
  • advap32
  • \YUR9.exe
  • Software\Microsoft\Internet Explorer\Explorer Bars {EB9539EB-598E-BCA7-3D4A-82F4F26E9738}
  • %windir%\system32\kdswe.exe
  • Captcha5
  • 515.tmp
  • GetPack21
  • \YURA.exe
  • \YURE.exe
  • C:\WINDOWS\System32\kdmsh.exe
  • \YUR2D.exe
  • {3BCF8450-D134-427E-AE9C-2A42CE8215CC}
  • memo site kind that
  • \YUR1.exe
  • FixCamera
  • \YURF.exe
  • Somefox
  • Cognac
  • \YUR30.exe
  • SerialsWorld
  • \YUR3.exe
  • {09E23F2C-ED1E-43FC-9AA1-1332162A35AE}
  • SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad fsrpknov
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify __c0040F39
  • \YUR2.exe
  • \VIE2.exe
  • %windir%\System32\kdmsh.exe
  • \YUR4.exe
  • ptidle
  • bone thunk axis copy
  • Software\Microsoft\Internet Explorer\Explorer Bars {FCDEE81D-95A3-AE8A-D4FB-5A9FB8E32860}
  • Software\Microsoft\Windows\CurrentVersion kdid
  • {78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {D3CCFAF7-DF03-4E73-95EC-E5E139CC2BF2}
  • \YUR2A.exe
  • \YURB.exe
  • penis.exe
  • {4D4DB474-8435-4FA1-8D91-512C0CE1E931}
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {C14E6230-757D-4246-81CE-B34E2940C722}
  • SmartMon
  • \Win11.exe
  • Sys2.exe
  • \YUR11.exe
  • \VIE5.exe
  • cont_mxlivemedia
  • {157627A6-2A10-4aa1-B97F-90B8DC6F24AC}
  • hlpproc
  • \YUR8.exe
  • Long Internet Team Stupid
  • \VIE3.exe
  • SOFTWARE\Microsoft\Internet Explorer\Toolbar {57776700-7BC8-47AC-B43E-99C24B015570}
  • \YUR2C.exe
  • \YUR12E.exe
  • BIND SUPPORT SEEK FIRST
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler {B2BA40A2-74F0-42BD-F434-12345A2C8953}
  • \YUR5.exe
  • software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad xokvrpwg
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify ssqPhEVM
  • SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad rwlfsdmk
  • SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad fdxbameg
  • Online Alert Manager
  • \YURC.exe
  • \YUR12F.exe
  • Software\Microsoft\Windows\CurrentVersion kdmsh.exe
  • GetPack19
  • vmdetdhc.exe
  • SOFTWARE\Microsoft\Internet Explorer\Toolbar {3B4EFB6A-06FD-40AC-B072-1FB7D1D456E8}
  • cokx
  • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run andfor
  • \YUR13.exe
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify nnnkiGvV
  • xydzyh
  • \VIE2F.exe
  • \Win12.exe
  • \Win10.exe
  • ROAD ITCH AMOK PING
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {BB4C402F-882A-4526-8C08-51278EA437C1}
  • \YUR18.exe
  • C:\WINDOWS\system32\kdswe.exe
  • Sys3.exe
  • software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad tfnslopk
  • \VIE14.exe
  • \YUR12.exe
  • SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE gi985993737
  • Software\Microsoft\Internet Explorer\Explorer Bars {9CDB6E2A-B859-45BB-8F05-AF684301AB41}
  • \YUR10.exe
  • F5JMWNZTHI
  • Sys4.exe
  • SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad xrdwbfgn
  • %windir%\System32\kdwls.exe
  • \Win14.exe
  • C:\WINDOWS\System32\kdwls.exe
  • \YUR20.exe
  • lljyn_df
  • Software\Microsoft\Internet Explorer\Explorer Bars {C2EC2654-52F0-3E63-9017-D0FA8FA79271}
  • \YUR130.exe
  • \Win13.exe
  • \YUR15.exe
  • \YUR14.exe
  • \YUR6.exe

Comments are closed.