Trojan.Ekstak
Posted: September 12, 2017
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 6,754 |
|---|---|
| Threat Level: | 8/10 |
| Infected PCs: | 236,081 |
| First Seen: | September 12, 2017 |
|---|---|
| Last Seen: | March 10, 2025 |
| OS(es) Affected: | Windows |
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%ALLUSERSPROFILE%\lsid10015.exe
File name: lsid10015.exeSize: 1.11 MB (1118208 bytes)
MD5: 9dd5051b7b0eb0c0676f55057b6c05b2
Detection count: 375
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\btscservice\btscservice.exe
File name: btscservice.exeSize: 1.48 MB (1483992 bytes)
MD5: c97e6e4a1c87d6bc15d51509a5973a13
Detection count: 185
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\btscservice
Group: Malware file
Last Updated: October 3, 2018
%ALLUSERSPROFILE%\lsid25038.exe
File name: lsid25038.exeSize: 1.11 MB (1110720 bytes)
MD5: 98eb4915b82a1bdcdaaa277c18a43655
Detection count: 37
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid49472.exe
File name: lsid49472.exeSize: 1.11 MB (1110720 bytes)
MD5: 8265acba0f958ee979debb5048a9b2a3
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid40358.exe
File name: lsid40358.exeSize: 1.03 MB (1036288 bytes)
MD5: 0aca6e95c2f52ac4076e0061ae9599c7
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid11092.exe
File name: lsid11092.exeSize: 1.11 MB (1110720 bytes)
MD5: 4d427c31dec5e1e213527b6871023382
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid16037.exe
File name: lsid16037.exeSize: 1.11 MB (1118208 bytes)
MD5: ce32207dcf31bb60445d5176ec33f5f0
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid9247.exe
File name: lsid9247.exeSize: 1.1 MB (1105920 bytes)
MD5: 1d00588cd8dbc3291d7e9716defabcca
Detection count: 19
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid38160.exe
File name: lsid38160.exeSize: 1.03 MB (1036288 bytes)
MD5: 30fbe4cf3a42afff4291a72444ea6b3e
Detection count: 19
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid16569.exe
File name: lsid16569.exeSize: 1.1 MB (1105920 bytes)
MD5: 2c505bcc82683afe7afbe20b73775a6a
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid40201.exe
File name: lsid40201.exeSize: 1.03 MB (1032192 bytes)
MD5: 266b65a47e00539150c7fc976570836d
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid4273.exe
File name: lsid4273.exeSize: 1.03 MB (1032192 bytes)
MD5: 356e5289ca51fe895a94d4270d9d6aed
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid54053.exe
File name: lsid54053.exeSize: 1.03 MB (1036288 bytes)
MD5: f290786ae4435c61195ed8db5f52b115
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid30300.exe
File name: lsid30300.exeSize: 1.03 MB (1032192 bytes)
MD5: b55a58160b8c6c579492b58643fc9ad1
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid29267.exe
File name: lsid29267.exeSize: 1.03 MB (1032192 bytes)
MD5: 794dc48c78acb850fb79d311d0b2117e
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid37460.exe
File name: lsid37460.exeSize: 1.04 MB (1040384 bytes)
MD5: f6b792175a34510c8886380ea9e8453f
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid34534.exe
File name: lsid34534.exeSize: 1.03 MB (1032192 bytes)
MD5: 4aa182ef2504dddd7e9d1c8441a9c9a4
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid14324.exe
File name: lsid14324.exeSize: 1.03 MB (1036288 bytes)
MD5: 3076a7df2e2bf7becd873f04d3b9b85e
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\lsid57096.exe
File name: lsid57096.exeSize: 1.11 MB (1110720 bytes)
MD5: cd955e65265d842e292a34b7f889c04a
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: September 12, 2017
%ALLUSERSPROFILE%\Anwendungsdaten\lsid923.exe
File name: lsid923.exeSize: 1.03 MB (1032192 bytes)
MD5: 72935090baedbb804298af84ca2c97ac
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Anwendungsdaten
Group: Malware file
Last Updated: September 12, 2017
More files
Registry Modifications
The following newly produced Registry Values are:
Regexp file mask%ALLUSERSPROFILE%\Application Data\betaservice\betaservice.exe%ALLUSERSPROFILE%\Application Data\localnetservice\localnetservice.exe%ALLUSERSPROFILE%\Application Data\WinSx[RANDOM CHARACTERS].exe%ALLUSERSPROFILE%\betaservice\betaservice.exe%ALLUSERSPROFILE%\c{0,1}lsid[NUMBERS].exe%ALLUSERSPROFILE%\KeService.exe%ALLUSERSPROFILE%\localnetservice\localnetservice.exe%ALLUSERSPROFILE%\SecureIM.exe%ALLUSERSPROFILE%\vshub.exe%ALLUSERSPROFILE%\WinSx[RANDOM CHARACTERS].exeHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}dahiService
Regexp file mask%ALLUSERSPROFILE%\Application Data\betaservice\betaservice.exe%ALLUSERSPROFILE%\Application Data\localnetservice\localnetservice.exe%ALLUSERSPROFILE%\Application Data\WinSx[RANDOM CHARACTERS].exe%ALLUSERSPROFILE%\betaservice\betaservice.exe%ALLUSERSPROFILE%\c{0,1}lsid[NUMBERS].exe%ALLUSERSPROFILE%\KeService.exe%ALLUSERSPROFILE%\localnetservice\localnetservice.exe%ALLUSERSPROFILE%\SecureIM.exe%ALLUSERSPROFILE%\vshub.exe%ALLUSERSPROFILE%\WinSx[RANDOM CHARACTERS].exeHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}dahiService
Additional Information
The following directories were created:
%ALLUSERSPROFILE%\Application Data\btscService%ALLUSERSPROFILE%\Application Data\cpafService%ALLUSERSPROFILE%\Application Data\dagfservice%ALLUSERSPROFILE%\Application Data\dahcService%ALLUSERSPROFILE%\Application Data\dahhService%ALLUSERSPROFILE%\Application Data\dahiService%ALLUSERSPROFILE%\Application Data\dahjService%ALLUSERSPROFILE%\Application Data\dahkService%ALLUSERSPROFILE%\Application Data\ellfService%ALLUSERSPROFILE%\aaagService%ALLUSERSPROFILE%\btscService%ALLUSERSPROFILE%\cpafService%ALLUSERSPROFILE%\dadzService%ALLUSERSPROFILE%\daflService%ALLUSERSPROFILE%\dafwservice%ALLUSERSPROFILE%\dagcService%ALLUSERSPROFILE%\dagfservice%ALLUSERSPROFILE%\daggservice%ALLUSERSPROFILE%\daglService%ALLUSERSPROFILE%\dagoService%ALLUSERSPROFILE%\dahaService%ALLUSERSPROFILE%\dahcService%ALLUSERSPROFILE%\dahhService%ALLUSERSPROFILE%\dahiService%ALLUSERSPROFILE%\dahjService%ALLUSERSPROFILE%\dahkService%ALLUSERSPROFILE%\ellfService%PROGRAMFILES(x86)%\ViewFD%programfiles%\ViewFD
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.