szchost.exe - Dangerous

szchost.exe

Manual removal instructions:

Antivirus Report of szchost.exe:
szchost.exe Malware
szchost.exeDangerous
szchost.exeHigh Risk
szchost.exe
Trojan.Mercurycas.A is a Trojan horse that allows an infected computer to be used as an email relay.

When it is executed, it performs the following actions:
Drops the following files:
%System%\Szchost.exe
%System%\Szchostc.exe (A legitimate proxy utility named 3[APA3A]tiny proxy)

Adds the value: "Olive System"="%System%\Szchost.exe"
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Adds the value: "winid"=[date and time of infection]
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Mrdodf

Adds the value: "Datu"=[IP address]
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Mctest

Executes %System%\Szchostc.exe, which runs a proxy on a port number calculated from the current system time.
Connects to the IP address 205.188.156.249 on TCP port 25 to receive instructions from the attacker.
Attempts to download the file, %System%\system.ing, from a remote host that is hard-coded in the Trojan.
Gathers various pieces of system information based on the content of %System%system.ing.
This may include IP address, Computer Name, folder listings, and so on.
Submits information gathered to a PHP page at www.mercuryloungecasino.com, along with the port number on which the proxy runs.

Manual removal:
Please remove all keys that described above.

Remove szchost.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.