Trojan.Fynloski

Fynloski is a trojan usually installs without your knowledge vith the download of freeware. In fact some sites use the method of repackaging. This is an operation that is to redo the module software installation by adding download options. These options allow to add other software as for example toolbars browser, or potentially unwanted software. The addition of these new programs can decrease the performance of the system but also slow or redirect internet surfing.
Identified : 08/22/2013.

– It belongs to a family of Trojan.
– A polluteware is a software that pollutes storage and/or the Base of registers.
– Vendor : PUP.Optional

– It installs as a process launched at startup of the system (RP),
– It settled in the Base of registers to be launched each time with the system (O4).
– It creates to many registry keys ‘Software’
– It creates additional folders (O43),
– It moved to the Windows prefetcher folder (O45).
– It creates a registry StartupReg key (O53),
– It creates multiple files users (O61),

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: Modified[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: Modified[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: Modified
O4 – HKCU\..\Run: [winupdater] . (.Microsoft Corporation – Visual Basic Command Line Compiler.) — C:\Windupdt\winupdate.exe
O4 – HKCU\..\Run: [Winupdater] . (.Microsoft Corporation – Visual Basic Command Line Compiler.) — C:\Users\Coolman\AppData\Roaming\WinUpdater\sife.exe
O4 – HKCU\..\Run: [winupdater] . (.Beepa Pty Ltd.) — C:\Windows\SysWOW64\Windupdt\winupdate.exe
O4 – HKLM\..\Run: [msnmsg] . (.Beepa Pty Ltd.) — C:\Windows\SysWOW64\Windupdt\winupdate.exe
HKCU\Software\DC3_FEXEC
O43 – CFD: 07/10/2012 – 17:28:35 – [1,116] —-D C:\Users\Coolman\AppData\Roaming\WinUpdater
O53 – SMSR:HKLM\…\startupreg\winupdater [Key] . (.Beepa Pty Ltd.) — C:\Windupdt\winupdate.exe
O61 – LFC:Last File Created 07/10/2012 – 17:26:36 —A- C:\Users\baptiste\AppData\Roaming\WinUpdater\ainfaezf [774] [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:winupdater[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:MicroUpdate[HKCU\Software\DC3_FEXEC] C:\Users\Coolman\AppData\Roaming\WinUpdater
C:\Users\Coolman\AppData\Roaming\WinUpdate.exe
C:\Program Files\Windupdt
C:\Windows\system32\Windupdt
C:\Program Files\Windupdt\winup.exe
C:\Windupdt\winupdate.exe

TROJ_SCAR.RJ [Trend Micro] Malware.Trace [MBAM] Malware.Generic [MBAM] Backdoor:Win32/Fynloski.A [Microsoft] Trojan.Win32.Spy [Ikarus] Backdoor.Krademok
Backdoor.Win32.Curioso
Backdoor.Fynloski
Trojan.Win32.Cdur

– Remove software in Windows Configuration Panel,

– Remove with ZHPcleaner

– Diagnose with ZHPDiag

<img class="alignnone size-full wp-image-825" src="https://www.nicolascoolman.com/wp-content/uploads/2015/10/0_Zhpdiag.png" alt="0_Zhpdiag" width="304" height="57" />