Trojan.Kryptik

Trojan.Kryptik Description

Type: Trojan

Trojan.Kryptik is a malicious computer infection known as a Trojan horse. Trojan.Kryptik can load at startup and recreate itself which makes it difficult to manually remove from the infected computer. Trojan.Kryptik can compromise the infected system by allowing a remote hacker to gain access without the users permission or knowledge. Trojan.Kryptik can also lead to the infection of other unknown malware parasites.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
AVG MSIL6.EHL
Fortinet MSIL/Kryptik.AQZ!tr
Ikarus Trojan.MSIL.Crypt
AhnLab-V3 Trojan/Win32.Agent
Microsoft TrojanClicker:MSIL/Ezbro.C
Antiy-AVL Trojan/MSIL.Kryptik
McAfee-GW-Edition RDN/Generic.dx!dh3
Sophos Troj/MSIL-BIN
Kaspersky Trojan.MSIL.Kryptik.bnm
Avast Win32:Kryptik-OUJ [Trj]
Symantec Trojan.Gen.2
K7AntiVirus Trojan ( 004b21881 )
CAT-QuickHeal TrojanClicker.Ezbro.r3
Sophos Mal/Cleaman-B
DrWeb Trojan.DownLoader6.20538

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Trojan.Kryptik

File System Details

Trojan.Kryptik creates the following file(s):
# File Name MD5 Detection Count
1 4207961.exe 1d095bc417db73c6bc6e4c4e7b43106f 40,829
2 conhost.exe 39ac4626bb55759fc9c376e7b33dc0a1 440
3 update.vbe 65dc1cc0c22cd1d9601bba0ebec638c8 267
4 olm.exe 02306dc6be32bcdc6d3ff742058d2ead 150
5 Chromium Updating.exe cdf251106ab7dea1ae4ce307f4e352ff 133
6 winlogon.exe b97636a52caf65b54463c541ec00310e 52
7 pb32.exe af13ce721832a1082f8e46f4e6c52002 46
8 omdbl_amhngf.dll 634a48bcdb91b78d46f9ccb6e0e685ce 45
9 svchost.exe eb970da4ed9f49636af7ce5e30a6a74a 44
10 ruuns_Sediater.dll 40822eb664f30a8e673582e0c6b6d02e 34
11 utfudmhuqiw.exe aa00a17e2650629f63afd4bc0cbb63af 30
12 nvc.exe a1bcc11cc6e4e76108b212efc8643770 29
13 KBDHEOR2.dll 691fe9536ebb6477460a9167b9836a9e 16
14 w1 7465036372898edc44faeba83d0abfd2 16
15 svcnost.exe 2e3eafab6885cbb1f857da03e8c115cd 15
16 zinwinupdate.exe 45e06bc68412917f0fac126ae4ceef46 8
17 PureUnitGui.exe 98e83a1ca6e4eb75c9ad36483c498cfc 5
18 sqlblxs_wik.dll 160ec8523d246e6dbd7ca5f11c7b95af 5
19 csrs.exe 07b8b6029b374d6d9868382f002c5ff3 4
20 shell.exe 0c9f7604ecc897a5cf7df6c2e8d0d392 4
21 win32extension.dll d785ab04c70d1fb3c86882238cb2cc03 3
22 csrss.exe 111d8b5d91c8cee13aa7e0cc03624070 2
23 IejcEnye.xnr 5fadc590216e4a92143b598b6aed210b 1
24 48a5ab98.exe 1c9493b8aaffd624c97c37834200d610 1
25 jgjudtra.exe 143bf8f1d0ea36b8a6c773a2f4c702d3 0
26 jork_0_typ_col.exe b8282ef0910b0dde52e288bd8895057a 0
27 save_0_in.exe 92b9363efc32b3cc5008b4d19a44ce4b 0
28 14.exe 417494bee98a01655f9f13d4d5efb12f 0
29 4131500ab1d4e9f620e5101e51d98587 4131500ab1d4e9f620e5101e51d98587 0
More files

Registry Details

Trojan.Kryptik creates the following registry entry or registry entries:
Directory
%ALLUSERSPROFILE%\windrivgr 19.7
%LOCALAPPDATA%\DsHcaJnIIz
File name without path
scaalqtw.exe
Regexp file mask
%ALLUSERSPROFILE%\sqldump.exe
%APPDATA%\b[NUMBERS].exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS].com.url
%APPDATA%\Origin\update.vbe
%APPDATA%\Stanfind.exe
%APPDATA%\vpn gui.exe
%LOCALAPPDATA%\Microsoft\Windows\Symbols\wvfilters.sys
%TEMP%\nvc.exe
%TEMP%\system.exe
%TEMP%\winsrvcs32.exe

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

2 Comments

  • Tobias Vollmer:

    MSIL/Kryptik.ELA Trojan(er) found C:USERS\Username\APPDATA\LOCAL\TEMP\IXP000.TMP\Launcher.exe

  • Mura:

    Yes, SpyHunter can remove the .makop ransomware, in addition to the Trojan.Kryptik that may lead to other malware threats.