Suspicious.MH690 Description

The presence of Suspicious.MH690 on your computer may indicate that specific files are a potential or unknown computer threat. Suspicious.MH690 may have keylogger characteristics and steal victims’ confidential details. Suspicious.MH690 may also give remote attackers access to a compromised machine, allowing for the additional download of malware. Should you detect Suspicious.MH690 on your computer, use a legitimate security program to verify its legitimacy.

Type: Trojans

Aliases: Keylog-Perfect.dldr (McAfee)
, not-a-virus:Monitor.Win32.Perflogger.cb (Kaspersky Lab)
, Mal/Generic-A (Sophos)
, TrojanDownloader:Win32/Agent.FZ (Microsoft).

Automatic Detection of Suspicious.MH690

Suspicious.MH690 Technical Report

As new Suspicious.MH690 details are reported by our customers and findings from our Threat Research Center, we will update this section.

Suspicious.MH690’s Country of Origin:

• China

Suspicious.MH690 has typically the following processes in memory:

• %AppData%\cftmon.exe
• %AppData%\file.exe
• %AppData%\lsas.exe
• %AppData%\microsoft\lsass.exe
• %AppData%\ptssvc.exe
• %AppData%\services.exe
• %AppData%\taskeng.exe
• %CommonAppData%\11511564\11511564.exe
• %CommonAppData%\11615154\11615154.exe
• %CommonAppData%\11944534\11944534.exe
• %CommonAppData%\12152184\12152184.exe
• %CommonPrograms%\startup\iexplorer.exe
• %CommonPrograms%\startup\svchost.exe
• %FontsDir%\conime.exe
• %FontsDir%\smss.exe
• %LocalSettings%\tempservices.exe
• %ProgramFiles%\bifrost\icop.exe
• %ProgramFiles%\common files\svchost.exe
• %ProgramFiles%\common files\xsafe.exe
• %ProgramFiles%\flash_8.exe
• %ProgramFiles%\ipuser\topic.exe
• %ProgramFiles%\microsft wind\123.exe
• %ProgramFiles%\miniie\miniie_update.exe
• %ProgramFiles%\qvod.exe
• %ProgramFiles%\rlpack\rlpack.exe
• %ProgramFiles%\stoppuhr\stoppuhr.exe
• %ProgramFiles%\systam.exe
• %ProgramFiles%\webalta\webaltaupdaterservice.exe
• %ProgramFiles%\windows nt\services.exe
• %ProgramFiles%\winrar\winrde.exe
• %ProgramFiles%\xp activation crack\xpcrack.exe
• %Programs%\startup\winupdate.exe
• %System%\1.exe
• %AppData%\bifrost\server.exe
• %AppData%\event.exe
• %AppData%\inetinfo.exe
• %AppData%\microsoft\csrss.exe
• %AppData%\microsoft\winlog.exe
• %AppData%\service.exe
• %AppData%\svchost.exe
• %AppData%\winspools.exe
• %CommonAppData%\11615004\11615004.exe
• %CommonAppData%\11658434\11658434.exe
• %CommonAppData%\11962034\11962034.exe
• %CommonAppData%\2deb8\sm064.exe
• %CommonPrograms%\startup\mtr.exe
• %FontsDir%\alg.exe
• %FontsDir%\note.exe
• %FontsDir%\unwise_.exe
• %ProgramFiles%\avira\avira.exe
• %ProgramFiles%\common files\safesys.exe
• %ProgramFiles%\common files\system\ieupdates.exe
• %ProgramFiles%\eset\egui.exe
• %ProgramFiles%\hgzserver\svch0st.exe
• %ProgramFiles%\messenger\server.exe
• %ProgramFiles%\microsoft common\wuauclt.exe
• %ProgramFiles%\personal guard 2009\personalguard.exe
• %ProgramFiles%\r_server\slsvc.exe
• %ProgramFiles%\sss.exe
• %ProgramFiles%\sys123\lol.exe
• %ProgramFiles%\ts-2009\scan.exe
• %ProgramFiles%\windefender\windef.exe
• %ProgramFiles%\winrar\update.exe
• %ProgramFiles%\wndooz\no.exe
• %Programs%\startup\userinit.exe
• %System%\090520-8-2.exe
• %AppData%\accey.exe
• %AppData%\csrss.exe
• %AppData%\iexpress\bin\iexpressr.exe
• %AppData%\lsass.exe
• %AppData%\microsoft\smss.exe
• %AppData%\s03-7323-geynawt-2623-tgaw\winlogon.exe
• %AppData%\smss.exe
• %AppData%\winlogon.exe
• %CommonAppData%\11614374\11614374.exe
• %CommonAppData%\11616094\11616094.exe
• %CommonAppData%\11959844\11959844.exe
• %CommonAppData%\12173904\12173904.exe
• %CommonPrograms%\startup\jvm0.exe
• %CommonPrograms%\startup\sys_aupdate.exe
• %FontsDir%\lsass.exe
• %FontsDir%\timpiatform.exe
• %ProgramFiles%\aggress\doorway generator\aggressdoorgen.exe
• %ProgramFiles%\bifrost\server.exe
• %ProgramFiles%\common files\sysanti.exe
• %ProgramFiles%\downfile\coopenad.exe
• %ProgramFiles%\gene6 ftp server\g6ftptray.exe
• %ProgramFiles%\java\jre1.6.0_06\bin\javas.exe
• %ProgramFiles%\microsoft common\svchost.exe
• %ProgramFiles%\mx one\updater.exe
• %ProgramFiles%\r\rr.exe
• %ProgramFiles%\smart protector\smartprotector.exe
• %ProgramFiles%\suda\coopenad.exe
• %ProgramFiles%\system32\system32.exe
• %ProgramFiles%\websrvx\websrvx.exe
• %ProgramFiles%\winfiles\explorer.exe
• %ProgramFiles%\winrar\winzip.exe
• %Programs%\startup\smss.exe
• %System%\_os.exe
• %System%\1\1.exe

Important Article Disclaimer