Trojan.Kryptik

Trojan.Kryptik Description

Trojan.Kryptik is a malicious computer infection known as a Trojan horse. Trojan.Kryptik can load at startup and recreate itself which makes it difficult to manually remove from the infected computer. Trojan.Kryptik can compromise the infected system by allowing a remote hacker to gain access without the users permission or knowledge. Trojan.Kryptik can also lead to the infection of other unknown malware parasites.

Aliases: Win32/Trojan.a57, MSIL6.EHL [AVG], MSIL/Kryptik.AQZ!tr [Fortinet], Trojan.MSIL.Crypt [Ikarus], a variant of MSIL/Kryptik.AQZ, Trojan.MSIL.Kryptik, Trojan/Win32.Agent [AhnLab-V3], Trojan.Agent/Gen-Clicker, TrojanClicker:MSIL/Ezbro.C [Microsoft], Trojan/MSIL.Kryptik [Antiy-AVL], TR/Click.274944, W32/Trojan.WGWX-3667, Gen:Variant.Zusy.118400 (B), RDN/Generic.dx!dh3 [McAfee-GW-Edition] and Trojan.Kryptik.Win32.629945.

Technical Information

File System Details

Trojan.Kryptik creates the following file(s):
# File Name Size MD5 Detection Count
1 %SystemDrive%\Documents and Settings\Sure L.HOME\Start Menu\Programs\Startup\conhost.exe 274,944 39ac4626bb55759fc9c376e7b33dc0a1 440
2 %USERPROFILE%\Local Settings\Application Data\asam.exe 59,648 489341694d0f2ac41ebb0d34aa4fb605 313
3 %APPDATA%\Origin\update.vbe 60,105 65dc1cc0c22cd1d9601bba0ebec638c8 267
4 %SYSTEMDRIVE%\Users\ONEE\AppData\Roaming\olm.exe\olm.exe 358,400 02306dc6be32bcdc6d3ff742058d2ead 150
5 %APPDATA%\Microsoft\Internet Explorer\pb32.exe 215,552 af13ce721832a1082f8e46f4e6c52002 46
6 %PROGRAMFILES%svchost.exe 40,960 eb970da4ed9f49636af7ce5e30a6a74a 44
7 %USERPROFILE%\Local Settings\Application Data\gprxatijf\utfudmhuqiw.exe 245,760 aa00a17e2650629f63afd4bc0cbb63af 30
8 %SYSTEMDRIVE%\Users\Marco\AppData\Local\Temp\nvc.exe\nvc.exe 752,640 a1bcc11cc6e4e76108b212efc8643770 29
9 %LOCALAPPDATA%KBDHEOR2.dll 77,312 691fe9536ebb6477460a9167b9836a9e 16
10 %TEMP%w1 4,156,416 7465036372898edc44faeba83d0abfd2 16
11 %APPDATA%\download2\svcnost.exe 65,546 2e3eafab6885cbb1f857da03e8c115cd 15
12 %APPDATA%\ScreenShot\SSMaker.exe 1,710,224 09c7af5299aac722d67d02b48fb6d040 11
13 %APPDATA%zinwinupdate.exe 229,376 45e06bc68412917f0fac126ae4ceef46 8
14 C:\ProgramData\PureUnitGui.exe 1,147,392 98e83a1ca6e4eb75c9ad36483c498cfc 5
15 %WINDIR%csrs.exe 137,316 07b8b6029b374d6d9868382f002c5ff3 4
16 %APPDATA%\Microsoft\Windows\shell.exe 114,176 0c9f7604ecc897a5cf7df6c2e8d0d392 4
17 %ALLUSERSPROFILE%\CeregReset.exe\CeregReset.exe 919,552 cc002c0c89ef9548ffd579624de0499a 4
18 %WINDIR%\system32\win32extension.dll 367,616 d785ab04c70d1fb3c86882238cb2cc03 3
19 %USERPROFILE%csrss.exe 107,520 111d8b5d91c8cee13aa7e0cc03624070 2
20 %ALLUSERSPROFILE%\RuqoHugxa\IejcEnye.xnr 301,056 5fadc590216e4a92143b598b6aed210b 1
21 %SystemDrive%\48a5ab98\48a5ab98.exe 253,952 1c9493b8aaffd624c97c37834200d610 1
22 explorer.exe:userini.exe 40,448 7c301559c40cd8d7735051eb45f9efcb 0
23 957da981.exe 30,208 ff88965d40447a80b0f3bbec81dcbc54 0
24 3D.tmp 183,296 bb84f70d9c25c85cb55b6d6ea8d496fd 0
25 24.tmp 173,056 f38ec718878f66dcb01648f4a8837ace 0
26 jgjudtra.exe 39,936 143bf8f1d0ea36b8a6c773a2f4c702d3 0
27 %TEMP%jork_0_typ_col.exe 223,720 b8282ef0910b0dde52e288bd8895057a 0
28 %TEMP%save_0_in.exe 223,736 92b9363efc32b3cc5008b4d19a44ce4b 0
29 14.exe 135,168 417494bee98a01655f9f13d4d5efb12f 0
30 4131500ab1d4e9f620e5101e51d98587 453,956 4131500ab1d4e9f620e5101e51d98587 0
More files

Registry Details

Trojan.Kryptik creates the following registry entry or registry entries:
File name without path
scaalqtw.exe
Regexp file mask
%ALLUSERSPROFILE%\sqldump.exe
%APPDATA%\b[NUMBERS].exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS].com.url
%APPDATA%\Origin\update.vbe
%APPDATA%\Stanfind.exe
%APPDATA%\vpn gui.exe
%LOCALAPPDATA%\Microsoft\Windows\Symbols\wvfilters.sys
%TEMP%\nvc.exe
%TEMP%\system.exe
%TEMP%\winsrvcs32.exe
Directory
%ALLUSERSPROFILE%\windrivgr 19.7
%LOCALAPPDATA%\DsHcaJnIIz

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment

  • Tobias Vollmer:

    MSIL/Kryptik.ELA Trojan(er) found C:USERS\Username\APPDATA\LOCAL\TEMP\IXP000.TMP\Launcher.exe

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.