Home Malware Programs Malware HackTool.Win32.Crypt.nq

HackTool.Win32.Crypt.nq

Posted: May 11, 2011

HackTool.Win32.Crypt.nq is a malignant computer infection which is cleverly concealed to behave like legitimate spyware removal tool. HackTool.Win32.Crypt.nq is able to occupy all user keystrokes, such as personal information, like login number, password, credit card details, etc. HackTool.Win32.Crypt.nq may cause unauthorized access to personal data and hard drive information with a serious possibility of irretrievable data loss and unstable computer performance. Remove HackTool.Win32.Crypt.nq before it damages your computer system.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %ProgramFiles%\internet explorer\iexplore.exe
    2 %ProgramFiles%\internet explorer\random.exe
    3 %System%\svchost.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Coffin Of EvilHKEY_CURRENT_USER\Software\SpyNetHKEY_LOCAL_MACHINE\SOFTWARE\Coffin Of EvilHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3G4L2686-J4L1-X5MV-12RE-JFH5V38F5030}[HKEY_CURRENT_USER\Software\Coffin Of Evil] FirstExecution = "10/05/2011 -- 17:38" FileName = "Dlzcs1JtFiFdifAOxfQDRfRiNilV2Goc10ZLLwr31wLX"[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] memo = "%System%\memo\memo.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3G4L2686-J4L1-X5MV-12RE-JFH5V38F5030}] StubPath = "%System%\memo\memo.exe Restart"HKEY..\..\..\..{RegistryKeys}HKCU = "tBWJGA"HKLM = "tBWJMoJ"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] memeo = "%System%\memo\memo.exe"
Loading...