mysql.exe - Dangerous
%sysdir%\mysql.exe
Manual removal instructions:
Antivirus Report of %sysdir%\mysql.exe:
%sysdir%\mysql.exe
mysql.exe s is rootkit Trojan.Bifrose-KP.
mysql.exe s is used to hide files, processes and registry.
mysql.exe s is a user mode rootkit.
Rootrkit injects itself into iexplore.exe.
Rootkit contacts remote hacker server using HTTP session.
Related files:
%SysDir%\mysql.exe s (legitimate file)
%SysDir%\drivers\oreans32.sys (legitimate file)
%SysDir%\plugin1.dat (legitimate file)
%SysDir%\SysPr.prx (legitimate file)
oreans32.sys is created new system driver:
service name: "oreans32"
display name: "oreans32"
Added to registry:
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\(9B71D88C-C598-4935-C5D1-43AA4DB90836)\stubpath
%SysDir%\mysql.exe s
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mysql
%SysDir%\mysql.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\mysql
%SysDir%\mysql.exe
HKCU\Software\Wget\klg
HKCU\Software\Wget\plg1
HKLM\SOFTWARE\Wget\nck
| %sysdir%\mysql.exe | Malware |
| %sysdir%\mysql.exe | Dangerous |
| %sysdir%\mysql.exe | High Risk |
mysql.exe s is used to hide files, processes and registry.
mysql.exe s is a user mode rootkit.
Rootrkit injects itself into iexplore.exe.
Rootkit contacts remote hacker server using HTTP session.
Related files:
%SysDir%\mysql.exe s (legitimate file)
%SysDir%\drivers\oreans32.sys (legitimate file)
%SysDir%\plugin1.dat (legitimate file)
%SysDir%\SysPr.prx (legitimate file)
oreans32.sys is created new system driver:
service name: "oreans32"
display name: "oreans32"
Added to registry:
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\(9B71D88C-C598-4935-C5D1-43AA4DB90836)\stubpath
%SysDir%\mysql.exe s
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mysql
%SysDir%\mysql.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\mysql
%SysDir%\mysql.exe
HKCU\Software\Wget\klg
HKCU\Software\Wget\plg1
HKLM\SOFTWARE\Wget\nck
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.