Trojan.Andromeda

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	1,487
Threat Level:	80 % (High)
Infected Computers:	70,806

First Seen:	January 16, 2013
Last Seen:	December 11, 2025
OS(es) Affected:	Windows

Table of Contents

SpyHunter Detects & Remove Trojan.Andromeda

File System Details

Trojan.Andromeda may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	temp2924814056.exe	12224b26a4621d48c5b14b3ef59d677e	252
Name: temp2924814056.exe MD5: 12224b26a4621d48c5b14b3ef59d677e Size: 1.08 MB (1089897 bytes) Detections: 252 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: June 7, 2017
2.	temp325040394.exe	7df8d128456318415b6da7babdda2da9	111
Name: temp325040394.exe MD5: 7df8d128456318415b6da7babdda2da9 Size: 1.08 MB (1085423 bytes) Detections: 111 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: May 18, 2020
3.	ccpneudb.scr	b034f422ca749d7f437dadd6793150a9	60
Name: ccpneudb.scr MD5: b034f422ca749d7f437dadd6793150a9 Size: 118.93 KB (118935 bytes) Detections: 60 Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
4.	temp2530652380.exe	cdab5e84205d8780e3f3937deba00aee	42
Name: temp2530652380.exe MD5: cdab5e84205d8780e3f3937deba00aee Size: 1.48 MB (1485824 bytes) Detections: 42 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: June 7, 2017
5.	temp2368817904.exe	7b82352cab21783225a2e4adc10372e5	32
Name: temp2368817904.exe MD5: 7b82352cab21783225a2e4adc10372e5 Size: 1.08 MB (1089836 bytes) Detections: 32 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: June 7, 2017
6.	msusia.exe	58813340f64d8fb3d2c9eb979a7c1789	28
Name: msusia.exe MD5: 58813340f64d8fb3d2c9eb979a7c1789 Size: 311.29 KB (311296 bytes) Detections: 28 Type: Executable File Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
7.	ccswdb.exe	ec62d054a4c985a1692026e0ae03f9c4	27
Name: ccswdb.exe MD5: ec62d054a4c985a1692026e0ae03f9c4 Size: 123.46 KB (123463 bytes) Detections: 27 Type: Executable File Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
8.	temp4070005724.exe	a7e2fee0619d516415cc8d168bb87815	26
Name: temp4070005724.exe MD5: a7e2fee0619d516415cc8d168bb87815 Size: 1.08 MB (1089434 bytes) Detections: 26 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: June 7, 2017
9.	ccyyhqvc.com	6b8127ac97a215ef0d33ca414b32c098	25
Name: ccyyhqvc.com MD5: 6b8127ac97a215ef0d33ca414b32c098 Size: 135.18 KB (135189 bytes) Detections: 25 Type: Command, executable file Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
10.	temp1523121008.exe	597d39e4e83a1b9c73fdf13669bfd060	24
Name: temp1523121008.exe MD5: 597d39e4e83a1b9c73fdf13669bfd060 Size: 1.09 MB (1098315 bytes) Detections: 24 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: June 7, 2017
11.	ccraukcas.exe	a7a578066f965cd2690e379feefe3008	23
Name: ccraukcas.exe MD5: a7a578066f965cd2690e379feefe3008 Size: 112.37 KB (112372 bytes) Detections: 23 Type: Executable File Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
12.	Roaming/cppredistx86.exe	51ebf4ba41cf212b8b204014170f7a74	21
Name: Roaming/cppredistx86.exe MD5: 51ebf4ba41cf212b8b204014170f7a74 Size: 365.28 KB (365288 bytes) Detections: 21 Type: Executable File Path: C:\Users\<username>\AppData\Roaming/cppredistx86.exe Group: Malware file Last Updated: January 30, 2023
13.	ccinoy.exe	4e4248ffb4f0fe25ecc4c5311f656828	18
Name: ccinoy.exe MD5: 4e4248ffb4f0fe25ecc4c5311f656828 Size: 112.88 KB (112887 bytes) Detections: 18 Type: Executable File Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
14.	msuwybt.com	0b459f0b0d947595b4a671dddf815b66	18
Name: msuwybt.com MD5: 0b459f0b0d947595b4a671dddf815b66 Size: 30.4 MB (30408704 bytes) Detections: 18 Type: Command, executable file Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
15.	temp2592084110.exe	eb2b8e97e1afbd9bcd91c781fd30fafe	18
Name: temp2592084110.exe MD5: eb2b8e97e1afbd9bcd91c781fd30fafe Size: 1.08 MB (1088686 bytes) Detections: 18 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: June 7, 2017
16.	cchayar.bat	3d57c8d21282f2788eb3db832bebdc1a	16
Name: cchayar.bat MD5: 3d57c8d21282f2788eb3db832bebdc1a Size: 131.05 KB (131051 bytes) Detections: 16 Type: Batch file Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
17.	ccrzouca.bat	18e8dd34e2ed80572cdc78e327c24d29	16
Name: ccrzouca.bat MD5: 18e8dd34e2ed80572cdc78e327c24d29 Size: 99.06 KB (99060 bytes) Detections: 16 Type: Batch file Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
18.	cctmzwavu.pif	bc2bb280235e1ded6deed08ea4dac91a	14
Name: cctmzwavu.pif MD5: bc2bb280235e1ded6deed08ea4dac91a Size: 155.29 KB (155296 bytes) Detections: 14 Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
19.	ccyilayi.pif	c0362c9322ebbdf88cb91385d2f6a821	12
Name: ccyilayi.pif MD5: c0362c9322ebbdf88cb91385d2f6a821 Size: 104.43 KB (104430 bytes) Detections: 12 Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
20.	temp1893493066.exe	0bdb2ba4619467fd6c2a6f80423de1a8	12
Name: temp1893493066.exe MD5: 0bdb2ba4619467fd6c2a6f80423de1a8 Size: 1.08 MB (1085887 bytes) Detections: 12 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: June 7, 2017
21.	ccyauaq.bat	51debec08573433e2555f0062d12f9cc	7
Name: ccyauaq.bat MD5: 51debec08573433e2555f0062d12f9cc Size: 198.65 KB (198656 bytes) Detections: 7 Type: Batch file Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
22.	ccoqixp.bat	ff137df1eaa514ff5dea3555a78c7dc0	6
Name: ccoqixp.bat MD5: ff137df1eaa514ff5dea3555a78c7dc0 Size: 190.85 KB (190856 bytes) Detections: 6 Type: Batch file Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
23.	buddypress.exe	ca806b09ee4f1eb5cf0846a556fbb1f3	4
Name: buddypress.exe MD5: ca806b09ee4f1eb5cf0846a556fbb1f3 Size: 196.6 KB (196608 bytes) Detections: 4 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Buddy_witness Group: Malware file Last Updated: March 27, 2018
24.	Roaming/Microsoft/Skype.exe	536e46d1fcfeb3469c5b2e2bda475e95	4
Name: Roaming/Microsoft/Skype.exe MD5: 536e46d1fcfeb3469c5b2e2bda475e95 Size: 846.33 KB (846336 bytes) Detections: 4 Type: Executable File Path: C:\Users\<username>\AppData Group: Malware file Last Updated: July 5, 2019
25.	Roaming/microsoft/windows/usernet.exe	fb8da7a72c10ba72fbdc2c1acc93f7fd	3
Name: Roaming/microsoft/windows/usernet.exe MD5: fb8da7a72c10ba72fbdc2c1acc93f7fd Size: 372.73 KB (372736 bytes) Detections: 3 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming/microsoft/windows/usernet.exe Group: Malware file Last Updated: June 26, 2020
26.	roaming/microsoft/network/connections/hostsvcdl.exe	7e165b5bf1e57c2129ab093b95e1aaa7	2
Name: roaming/microsoft/network/connections/hostsvcdl.exe MD5: 7e165b5bf1e57c2129ab093b95e1aaa7 Size: 1.15 MB (1158144 bytes) Detections: 2 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata Group: Malware file Last Updated: July 5, 2019
27.	file.exe	16f553bf68aca4b0bfb8bcf9ab1929d7	1
Name: file.exe MD5: 16f553bf68aca4b0bfb8bcf9ab1929d7 Size: 173.02 KB (173024 bytes) Detections: 1 Type: Executable File Group: Malware file Last Updated: October 24, 2025

More files

Registry Details

Trojan.Andromeda may create the following registry entry or registry entries:

Regexp file mask

%APPDATA%\Microsoft\Skype.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\filename.vbs

%LOCALAPPDATA%\teamviever_tr.exe

%temp%\temp[NUMBERS].exe

%Windir%\Skypee\skypee.exe

%WINDIR%\System32\Tasks\alFSVWJB

%WINDIR%\Tasks\alFSVWJB.job

HKEY..\..\..\..{RegistryKeys}

Software\alFSVWJB

Software\Microsoft\Windows\CurrentVersion\Run\action_extend

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\buddy-telephone

Directories

Trojan.Andromeda may create the following directory or directories:

%APPDATA%\Buddy_witness

%APPDATA%\alFSVWJB

%LOCALAPPDATA%\Action-tend

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Andromeda

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Trojan.Andromeda

File System Details

Registry Details

Directories

Submit Comment

Trending

Install Daddy Browser Champion Split Test

Trojan.Rugmi.FK

Backdoor.Bifrose.O

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen