Trojan.Tooso
Trojan.Tooso is a malicious Trojan infection that interrupts the operation of security programs by terminating processes, blocking services, deleting registry entries and system files. Trojan.Tooso adds its startup registry entry so that it could run every time Windows starts. Trojan.Tooso also downloads malicious files and blocks security software from running. You should remove Trojan.Tooso with a dependable anti-malware program.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%System%\winshost.exe
File name: %System%\winshost.exeFile type: Executable File
Mime Type: unknown/exe
%System%\wiwshost.exe
File name: %System%\wiwshost.exeFile type: Executable File
Mime Type: unknown/exe
%System%\hldrrr.exe
File name: %System%\hldrrr.exeFile type: Executable File
Mime Type: unknown/exe
%Windir%\exefld
File name: %Windir%\exefld%Documents and Settings\%All Users\Application Data\[RANDOM CHARACTERS].exe
File name: %Documents and Settings\%All Users\Application Data\[RANDOM CHARACTERS].exeFile type: Executable File
Mime Type: unknown/exe
"%Temp%\[RANDOM CHARACTERS].dll
File name: "%Temp%\[RANDOM CHARACTERS].dllFile type: Dynamic link library
Mime Type: unknown/dll
Registry Modifications
The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Value:"hldrrr" = "%System%\hldrrr.exe"HKEY_CURRENT_USER\Software\FirstRRRun\FirstRR1232Run = 0x00000001
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Value:"hldrrr" = "%System%\hldrrr.exe"HKEY_CURRENT_USER\Software\FirstRRRun\FirstRR1232Run = 0x00000001
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.