Trojan.Perseus Removal Report

Table of Contents

SpyHunter Detects & Remove Trojan.Perseus

File System Details

Trojan.Perseus may create the following file(s):

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	lxgqbvcm.sjo.exe	363a75eeee98feac931e39b89d3bff87	1,418
Name: lxgqbvcm.sjo.exe MD5: 363a75eeee98feac931e39b89d3bff87 Size: 1.52 MB (1522176 bytes) Detections: 1,418 Type: Executable File Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\CRMSvc\lxgqbvcm.sjo.exe Group: Malware file Last Updated: January 2, 2023
2.	crmsvc.exe	5fc86a10fc6e7c6b317efc10ed2b3fe8	913
Name: crmsvc.exe MD5: 5fc86a10fc6e7c6b317efc10ed2b3fe8 Size: 1.52 MB (1529344 bytes) Detections: 913 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\crmsvc Group: Malware file Last Updated: November 6, 2020
3.	manger folder.exe	58bca84038530b20cf6e0d0b56637b54	873
Name: manger folder.exe MD5: 58bca84038530b20cf6e0d0b56637b54 Size: 251.9 KB (251904 bytes) Detections: 873 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\local\manger folder.exe Group: Malware file Last Updated: April 23, 2025
4.	wwxuw4a5.oew.exe	522632e65cb3f68810f39d09644675d7	580
Name: wwxuw4a5.oew.exe MD5: 522632e65cb3f68810f39d09644675d7 Size: 1.46 MB (1469440 bytes) Detections: 580 Type: Executable File Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\CRMSvc\wwxuw4a5.oew.exe Group: Malware file Last Updated: March 17, 2021
5.	izrciwok.g2t.exe	cac89452037aacb74c58b47733f81a14	566
Name: izrciwok.g2t.exe MD5: cac89452037aacb74c58b47733f81a14 Size: 1.51 MB (1514496 bytes) Detections: 566 Type: Executable File Path: C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\CRMSvc\izrciwok.g2t.exe Group: Malware file Last Updated: December 29, 2023
6.	windows screen manager.exe	84f3660d31acb866ad341f284d7c137e	461
Name: windows screen manager.exe MD5: 84f3660d31acb866ad341f284d7c137e Size: 565.24 KB (565248 bytes) Detections: 461 Type: Executable File Path: D:\Windowsvista copia hd\Disco Local\Users\<username>\AppData\Roaming\w7pVp\windows screen manager.exe Group: Malware file Last Updated: March 29, 2025
7.	uef24npp.tzg.exe	3fb83a058707e020b344b49e170252a0	458
Name: uef24npp.tzg.exe MD5: 3fb83a058707e020b344b49e170252a0 Size: 1.51 MB (1517056 bytes) Detections: 458 Type: Executable File Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\CRMSvc\uef24npp.tzg.exe Group: Malware file Last Updated: October 19, 2021
8.	ulvh0omb.3u4.exe	a8e25dfbb26362002a7c1d617c0ad493	397
Name: ulvh0omb.3u4.exe MD5: a8e25dfbb26362002a7c1d617c0ad493 Size: 1.52 MB (1527808 bytes) Detections: 397 Type: Executable File Path: C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\CRMSvc\ulvh0omb.3u4.exe Group: Malware file Last Updated: February 25, 2021
9.	CRMSvc.VIR	cfe92f9bd2ce592620d03198f49fc340	193
Name: CRMSvc.VIR MD5: cfe92f9bd2ce592620d03198f49fc340 Size: 616.44 KB (616448 bytes) Detections: 193 Path: C:\Users\<username>\AppData\Roaming\CRMSvc\CRMSvc.VIR Group: Malware file Last Updated: December 3, 2021
10.	Theobald.dll	2a1123e37db3d5ff102e725fa4339d5c	116
Name: Theobald.dll MD5: 2a1123e37db3d5ff102e725fa4339d5c Size: 80.38 KB (80384 bytes) Detections: 116 Type: Dynamic link library Path: C:\ProgramData\Theobald.dll Group: Malware file Last Updated: April 10, 2022
11.	f43253jc.y5d.exe	388562f5fa4fb78db6aad6162bbf4cc3	111
Name: f43253jc.y5d.exe MD5: 388562f5fa4fb78db6aad6162bbf4cc3 Size: 1.52 MB (1529344 bytes) Detections: 111 Type: Executable File Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\CRMSvc\f43253jc.y5d.exe Group: Malware file Last Updated: November 19, 2021
12.	IRe.exe	b834d34946fc843e891af0e67733f051	44
Name: IRe.exe MD5: b834d34946fc843e891af0e67733f051 Size: 6.64 MB (6642176 bytes) Detections: 44 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: July 20, 2017
13.	desktop.ini.exe	dbc235d703a79e14228e9330406e8fd2	24
Name: desktop.ini.exe MD5: dbc235d703a79e14228e9330406e8fd2 Size: 207.87 KB (207872 bytes) Detections: 24 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe Group: Malware file Last Updated: November 17, 2022
14.	RegEdit.exe	30e2495e46113160763cea03b6802c60	5
Name: RegEdit.exe MD5: 30e2495e46113160763cea03b6802c60 Size: 23.55 KB (23552 bytes) Detections: 5 Type: Executable File Path: %APPDATA%\WinRAR Group: Malware file Last Updated: September 27, 2016
15.	helpar.exe	180d47d031d38b6e39fa507030bbfbc4	3
Name: helpar.exe MD5: 180d47d031d38b6e39fa507030bbfbc4 Size: 1.39 MB (1395712 bytes) Detections: 3 Type: Executable File Path: %APPDATA%\Windows Group: Malware file Last Updated: November 18, 2016
16.	moll.exe	0609d86d20274aec5f0aeb7cb44399d3	1
Name: moll.exe MD5: 0609d86d20274aec5f0aeb7cb44399d3 Size: 235 KB (235008 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\Microsoft\Video Group: Malware file Last Updated: March 11, 2016
17.	file.exe	1d5731cbee22dbad79ae45ea378ffef9	0
Name: file.exe MD5: 1d5731cbee22dbad79ae45ea378ffef9 Size: 2.36 MB (2362368 bytes) Detections: 0 Type: Executable File Group: Malware file

More files

Registry Details

Trojan.Perseus may create the following registry entry or registry entries:

Regexp file mask

%ALLUSERSPROFILE%\Theobald.dll

%APPDATA%\Google Chrome.exe

%APPDATA%\proxifier\proxy.exe

%LOCALAPPDATA%\Invisible[RANDOM CHARACTERS].exe

%LOCALAPPDATA%\manger folder.exe

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\CRMSvc

SYSTEM\ControlSet001\services\CRMSvc

SYSTEM\ControlSet001\services\eventlog\Application\CRMSvc

SYSTEM\ControlSet002\services\CRMSvc

SYSTEM\ControlSet002\services\eventlog\Application\CRMSvc

SYSTEM\CurrentControlSet\services\CRMSvc

SYSTEM\CurrentControlSet\services\eventlog\Application\CRMSvc

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

{D105DFE2-8DF6-4BA0-ABF1-392716658963}

Directories

Trojan.Perseus may create the following directory or directories:

%ALLUSERSPROFILE%\catalog update

%APPDATA%\CRMSvc

%APPDATA%\Microsoft\Windows\DsvHelper

%WINDIR%\SysWow64\config\systemprofile\AppData\Roaming\CRMSvc

%WINDIR%\System32\config\systemprofile\AppData\Roaming\CRMSvc

Ranking:	6,890
Threat Level:	80 % (High)
Infected Computers:	184,759

First Seen:	January 25, 2016
Last Seen:	April 18, 2025
OS(es) Affected:	Windows

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Perseus

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Trojan.Perseus

File System Details

Registry Details

Directories

Submit Comment

Trending

BPFDoor Controller

Isabella-traffic.com

Unclaimed Prize Email Scam

Most Viewed

Discord Is Stuck on Gray Screen

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen