Trojan-PWS.Magania.BDU
Trojan-PWS.Magania.BDU is a dangerous parasite that is able to monitor activity via online gaming. Trojan-PWS.Magania.BDU may record keystrokes and then allow a remote attacker to obtain the information compromising personal data. Trojan-PWS.Magania.BDU has proven to be difficult to manually remove.
File System Modifications
- The following files were created in the system:
# File Name 1 %CommonAppData%\t\a2193.dat 2 %CommonAppData%\t\b2193.dat 3 %CommonAppData%\t\k2193.dat 4 %CommonAppData%\t\p2193.dat 5 %ProgramFiles%\Common Files\System\admin.obj 6 %ProgramFiles%\Common Files\System\q06.exe 7 %ProgramFiles%\Common Files\System\q08.exe 8 %ProgramFiles%\Common Files\System\q19.exe 9 %ProgramFiles%\Common Files\System\q22.exe 10 %ProgramFiles%\Common Files\System\q27.exe 11 %ProgramFiles%\Common Files\System\q29.exe 12 %ProgramFiles%\Common Files\System\q30.exe 13 %ProgramFiles%\MSN\MsnInstaller\ws2help.dll 14 %ProgramFiles%\WinPcap\ws2help.dll 15 %System%\7i79.exe 16 %System%\f7rb.dll 17 %Temp%\102944259.log 18 %Temp%\hfkz\b.dll 19 %Temp%\hfkz\s.exe 20 %Temp%\usrinit_t.exe 21 %Windir%\92b7.flv 22 %Windir%\e7df.exe 23 %Windir%\Temp\Temporary Internet Files\Content.IE5\BL7ELAW5\bl[1].y 24 %Windir%\Temp\Temporary Internet Files\Content.IE5\SN0SQ0GZ\ut_NO[1].y
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09FDF8F4-0F9E-4C84-9F0C-21A1143815E3}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09FDF8F4-0F9E-4C84-9F0C-21A1143815E3}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1163E531-B58E-4BB9-B877-0906A0A22AEC}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1163E531-B58E-4BB9-B877-0906A0A22AEC}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1163E531-B58E-4BB9-B877-0906A0A22AEC}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1163E531-B58E-4BB9-B877-0906A0A22AEC}\ProgrammableHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1163E531-B58E-4BB9-B877-0906A0A22AEC}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1163E531-B58E-4BB9-B877-0906A0A22AEC}\VersionIndependentProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{335A9BAE-19FA-42F2-AFD2-20C3275EF392}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{335A9BAE-19FA-42F2-AFD2-20C3275EF392}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51716C09-6B08-4CCF-B526-718E912C0573}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51716C09-6B08-4CCF-B526-718E912C0573}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{526EB425-7F56-4773-8D70-B8E45AA8E2B6}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{526EB425-7F56-4773-8D70-B8E45AA8E2B6}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6049BC02-7EDA-4C41-B4AB-D5398607C39E}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6049BC02-7EDA-4C41-B4AB-D5398607C39E}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612A87C6-33C3-4CCF-9F65-55FFC9C83860}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612A87C6-33C3-4CCF-9F65-55FFC9C83860}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF2C085-5A0D-2A53-9CF3-BE8915E97E8F}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF2C085-5A0D-2A53-9CF3-BE8915E97E8F}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF2C085-5A0D-2A53-9CF3-BE8915E97E8F}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DA2FEC-F68F-4DC7-9A45-9174AC044427}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DA2FEC-F68F-4DC7-9A45-9174AC044427}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81EB905C-EDF8-4033-80BF-E0F4F46733DF}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81EB905C-EDF8-4033-80BF-E0F4F46733DF}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{827E2FB4-1047-43DE-848D-E12BB0C97AAB}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{827E2FB4-1047-43DE-848D-E12BB0C97AAB}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6D4583-0FA1-41B2-BAAA-63352E6333CA}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6D4583-0FA1-41B2-BAAA-63352E6333CA}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABBE3042-6E0B-4f3c-BA6E-553FE55093E7}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABBE3042-6E0B-4f3c-BA6E-553FE55093E7}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABBE3042-6E0B-4f3c-BA6E-553FE55093E7}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABBE3042-6E0B-4f3c-BA6E-553FE55093E7}\ProgrammableHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABBE3042-6E0B-4f3c-BA6E-553FE55093E7}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABBE3042-6E0B-4f3c-BA6E-553FE55093E7}\VersionIndependentProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B59F0A61-EF3E-4A2B-9E3A-4A84EDDF2308}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B59F0A61-EF3E-4A2B-9E3A-4A84EDDF2308}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9D0F4D7-C809-4C27-9CB4-63201DFB3D05}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9D0F4D7-C809-4C27-9CB4-63201DFB3D05}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C07B914B-C164-42D2-9838-1422C3F70D99}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C07B914B-C164-42D2-9838-1422C3F70D99}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4BD9D5C-04CA-45E6-8539-98B07D99B6BC}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4BD9D5C-04CA-45E6-8539-98B07D99B6BC}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D36A1DF7-6582-4160-B925-59A34E39FE30}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D36A1DF7-6582-4160-B925-59A34E39FE30}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F181F067-7046-4DCB-993F-200990736305}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F181F067-7046-4DCB-993F-200990736305}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHpr.InvokeHKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHpr.Invoke.1HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHpr.Invoke.1\CLSIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHpr.Invoke\CLSIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHpr.Invoke\CurVerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\IETimbar.CRNPHKEY_LOCAL_MACHINE\SOFTWARE\Classes\IETimbar.CRNP.1HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IETimbar.CRNP.1\CLSIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\IETimbar.CRNP\CLSIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\IETimbar.CRNP\CurVerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E7F36B2-E909-4C3F-8A47-A3F70D840720}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E7F36B2-E909-4C3F-8A47-A3F70D840720}\ProxyStubClsidHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E7F36B2-E909-4C3F-8A47-A3F70D840720}\ProxyStubClsid32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E7F36B2-E909-4C3F-8A47-A3F70D840720}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8911142-1524-46C8-91A5-64ECC9A2E581}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8911142-1524-46C8-91A5-64ECC9A2E581}\ProxyStubClsidHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8911142-1524-46C8-91A5-64ECC9A2E581}\ProxyStubClsid32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8911142-1524-46C8-91A5-64ECC9A2E581}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DC95FDF7-6B69-46F9-8F67-61F2A1D9030E}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DC95FDF7-6B69-46F9-8F67-61F2A1D9030E}\ProxyStubClsidHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DC95FDF7-6B69-46F9-8F67-61F2A1D9030E}\ProxyStubClsid32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DC95FDF7-6B69-46F9-8F67-61F2A1D9030E}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F8FEE399-8F40-40D8-8D99-A4D99E8DA71C}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F8FEE399-8F40-40D8-8D99-A4D99E8DA71C}\1.0HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F8FEE399-8F40-40D8-8D99-A4D99E8DA71C}\1.0\0HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F8FEE399-8F40-40D8-8D99-A4D99E8DA71C}\1.0\0\win32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F8FEE399-8F40-40D8-8D99-A4D99E8DA71C}\1.0\FLAGSHKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F8FEE399-8F40-40D8-8D99-A4D99E8DA71C}\1.0\HELPDIRHKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF5795DC-245C-42C3-A882-7C0AAB708619}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF5795DC-245C-42C3-A882-7C0AAB708619}\1.0HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF5795DC-245C-42C3-A882-7C0AAB708619}\1.0\0HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF5795DC-245C-42C3-A882-7C0AAB708619}\1.0\0\win32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF5795DC-245C-42C3-A882-7C0AAB708619}\1.0\FLAGSHKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF5795DC-245C-42C3-A882-7C0AAB708619}\1.0\HELPDIRHKEY_LOCAL_MACHINE\SOFTWARE\Classes\kzekfmuigt.XepestebisnedHKEY_LOCAL_MACHINE\SOFTWARE\Classes\kzekfmuigt.Xepestebisned\ClsidHKEY_LOCAL_MACHINE\SOFTWARE\IETimbarHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1163E531-B58E-4BB9-B877-0906A0A22AEC}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FF2C085-5A0D-2A53-9CF3-BE8915E97E8F}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABBE3042-6E0B-4f3c-BA6E-553FE55093E7}HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CTFMOVSHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CTFMOVS\0000HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JBXLIRNKHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JBXLIRNK\0000HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NATIONAL2.0HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NATIONAL2.0\0000HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWSMSGHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWSMSG\0000HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ctfmovs
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.