Win32/Lethic.AA

By SpideyMan in Trojans

Translate To:

Win32/Lethic.AA is a deceptive Trojan horse. Win32/Lethic.AA can load into memory when Windows is booted making it very difficult to manually remove. Win32/Lethic.AA can lead to the installation of other malware without the computer user's knowledge or consent. Performance of a computer and its network can be greatly reduced from the installation of the Win32/Lethic.AA Trojan. Win32/Lethic.AA can be very difficult to manually remove due to its ability to load into memory once Windows is booted.

File System Details

Win32/Lethic.AA may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%RECYCLER%\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
Name: %RECYCLER%\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe Type: Executable File

Registry Details

Win32/Lethic.AA may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "psysnew" = "%RECYCLER%\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe"

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "shell" = "%RECYCLER%\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" = "%RECYCLER%\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Win32/Lethic.AA

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen