Suspect-AB!B8591568163C
The Suspect-AB!B8591568163C Trojan is known to disable security programs such as Windows Update that are required for the safe use of your computer. In addition to harming your security, Suspect-AB!B8591568163C may also alter system executables, corrupt files and information present on your system, create pop-ups errors and open an IRC backdoor for remote attackers. Since these problems are likely to be more problematic to fix when the infection is allowed to sit around for protracted periods of time, deleting Suspect-AB!B8591568163C is definitely something that needs to happen right off the bat whenever you suspect Suspect-AB!B8591568163C to be lurking on your hard drive.
An Infection with Diverse Designs of Assault
It can be difficult to figure out all the damage Suspect-AB!B8591568163C is capable of doing simply because Suspect-AB!B8591568163C's capable of quite a lot! Any system that is infected by Suspect-AB!B8591568163C will suffer some or possibly even all of the following harm:
- Topping the list of probable attacks is the disabling of important security programs. Your firewall is likely to be changed for the worse, and your anti-malware scanners will be shut down. Even programs central to Windows like Windows Update are very likely to be blocked when Suspect-AB!B8591568163C is on the system.
- As a Trojan, Suspect-AB!B8591568163C may also download and run files without your consent. Files dropped by Suspect-AB!B8591568163C and similar infections are predominantly malware that can hurt your system even more than it's already endured so far.
- Some reports indicate that Suspect-AB!B8591568163C can also create pop-ups messages. You should be careful not to mistake messages derived from Suspect-AB!B8591568163C or another Trojan for actual system alerts from your operating system or security programs.
- Suspect-AB!B8591568163C may be able to spread through local networks if the proper security precautions aren't taken.
- The presence of Suspect-AB!B8591568163C has also been cited in instances of systems suffering from backdoor vulnerabilities; Suspect-AB!B8591568163C may contact hackers through IRC without permission of the system's user.
- Suspect-AB!B8591568163C and infections related to it have been confirmed to produce outbound traffic. This indicates the ability for the Trojan to send information on your computer to anonymous third parties, and can include information like passwords and identity credentials.
- Suspect-AB!B8591568163C will change your registry without permission. This is done for the sole purpose of letting Suspect-AB!B8591568163C run without you knowing about it whenever you boot up your computer in the usual fashion.
- Perhaps most dangerously of all, Suspect-AB!B8591568163C has been indicated to modify system .exe files without permission. This may be done to overwrite these files with its own body, or simply to corrupt the files and disable your operating system. Serious damage can result, and you may end up requiring a full system restore or repair.
Raising Your Defenses Before It's Too Late
To fight Suspect-AB!B8591568163C before it does irreparable harm to your system, it's strongly encouraged for you to have an up to date anti-malware program operational. Rebooting into Safe Mode will usually allow you to run these programs without the infection shutting them down, but in some cases, stronger measures may be required.
Under no circumstances should you just live with Suspect-AB!B8591568163C on your machine! Even cursory inspection of this Trojan's capabilities reveals that it's able to inflict immense damage to your system. Delete Suspect-AB!B8591568163C quickly, and you will most likely avoid suffering any harm that can't be repaired.
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\kfrf.exe, %Temp%\ fb_spam_ab4.exe 2 %AppData%\klybl.exe, %Windir%\Temp\ res_ab4.exe 3 %AppData%\wnx.exe, %Temp%\ res_ab4.exe 4 %AppData%\ydmb.exe, %Windir%\Temp\ fb_spam_ab4.exe 5 %AppData%\zorrb.exe, %Windir%\Temp\ main.exe 6 %FontsDir%\services.exe, %Windir%\svc2.exe 7 %Temp%\ main.exe, %Temp%\14.tmp 8 %Temp%\34byl.exe, %Windir%\Temp\34byl.exe 9 %Temp%\5xb4y8f33.bat, %Temp%\9cho4.log 10 %Temp%\egbscxmj.exe, %Temp%\leslfovk.bat 11 %Temp%\o6jv.exe, %Windir%\Temp\o6jv.exe 12 %Temp%\swu2eotu.exe, %Windir%\Temp\o56ou3m0.exe 13 %Windir%\Tasks\fbagent.job, %Windir%\Temp\1.jpg 14 %Windir%\Temp\16.tmp, %Windir%\Temp\2.jpg 15 %Windir%\Temp\3totenmx0.exe, %Windir%\Temp\5.tmp 16 %Windir%\Temp\4.tmp, %Temp%\15.tmp 17 %Windir%\Temp\9.tmp, %Windir%\Temp\9cho4.log 18 %Windir%\Temp\gsaalega.exe, %System%\nwcwks.dll 19 %Windir%\Temp\index.html, %Windir%\Temp\tyjss3572.exe 20 %Windir%\Temp\xvjpdivbuy.bat 21 c:\2.txt, %Windir%\Temp\13.tmp
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Alexa InternetHKEY_LOCAL_MACHINE\SOFTWARE\facebookHKEY_LOCAL_MACHINE\SOFTWARE\twitter HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWCWORKSTATION HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWCWORKSTATION\0000HKEY_USERS\.DEFAULT\Software\Microsoft\IEAKHKEY_USERS\.DEFAULT\Software\Microsoft\Internet Connection WizardHKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\New Windows HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\ToolbarHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\StatsHKEY_USERS\.DEFAULT\Software\systemsHKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWCWORKSTATION\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstationHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWCWORKSTATIONHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Parameters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\SecurityHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWCWORKSTATION\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWCWORKSTATION\0000\ControlHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation\ParametersHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation\EnumHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExplorerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tbsolute
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.