TrojanDownloader:Win32/Kolilks.B
TrojanDownloader:Win32/Kolilks.B is designed to communicate with a remote server in order to download and install malware onto a victim's computer. TrojanDownloader:Win32/Kolilks.B may access a victim's system via unsolicited e-mails or browser security holes. TrojanDownloader:Win32/Kolilks.B may also affect the operation your system as it allows harmful programs to manipulate your system and steal your private information. It is recommended to remove TrojanDownloader:Win32/Kolilks.B if detected.
File System Details
TrojanDownloader:Win32/Kolilks.B may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | c:\G3KRMCTQ3ETS.EXE | |
| 2. | %Windir%\uxdrqmlpfpxnfyc.dll | |
| 3. | %ProgramFiles%\FN8WU\OOGF0EI4UO.scr | |
| 4. | c:\g3krmctq3ets.exe.lnk | |
| 5. | %ProgramFiles%\FN8WU\KV1KBT.scr | |
| 6. | %Windir%\UXDRQMLPFPXNFYC.txt |
Registry Details
TrojanDownloader:Win32/Kolilks.B may create the following registry entry or registry entries:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEE55088-9CE9-3758-6B4F-4CA2CBD892E1}\TypeLib]
(Default) = "%Windir%\uxdrqmlpfpxnfyc.dll"
(Default) = "xunlei Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Thunder.xunlei.1]
(Default) = "Thunder.xunlei"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEE55088-9CE9-3758-6B4F-4CA2CBD892E1}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEE55088-9CE9-3758-6B4F-4CA2CBD892E1}]
(Default) = "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEE55088-9CE9-3758-6B4F-4CA2CBD892E1}\VersionIndependentProgID]
(Default) = "{97EFC6B7-C73A-423E-8458-82C589CA7E3B}"
ThreadingModel = "Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{11D9AE74-3FC1-41D6-911B-F5F503BBD8FE}\ProxyStubClsid]
