slingshot malware

What is slingshot malware?

If your system has been penetrated by slingshot malware, you need to know that your privacy and your files could be in great danger. This is a Trojan infection that can do all kinds of malicious operations on your computer without your knowledge. According to our malware experts at anti-spyware-101.com, this attack mainly regards those users who have one of the Mikrotik routers made in Latvia as the authors of this Trojan can use certain exploits to compromise these routers to gain system administrator privileges on a system. This malware infection comes with a payload of five different modules, which can capture your screenshots, log your keyboards strokes, and thus steal sensitive information from you among other stuff. If it is not clear yet why we recommend that you remove slingshot malware immediately, please continue reading our article to find out more.

Where does slingshot malware come from?

As we have mentioned above, this dangerous Trojan program can be implanted on your system by these cyber criminals once they can get system administrator privileges to certain Latvian made Mikrotik routers. Of course, this is not the only way for you to be infect with such a severe threat. You can also initiate such a vicious attack by opening a spam mail and viewing its attachment. Cyber crooks often use this method to deceive unsuspecting users and playing a trick on their curiosity. Do not ever open a third-party mail that seems to regard some important or urgent issue like an unsettled invoice, unpaid fine, or problem with an online booking. If in doubt, you should contact the sender and ask for more information about this alleged matter before even opening this mail or its attachment. Imagine if you click to see the attached file and it is indeed a ransomware executable that starts up its encryption process right away and you will not even be able to delete it without possible losing all your important files.

But you can also let such dangers on board if you are not a safe surfer and use an outdated browser or drivers (Java and Flash) to browse the web. Cyber villains can set up malicious websites using Exploit Kits to drop ransomware programs as well as Trojans, and you would not even see them coming. We advise you to keep all your programs up-to-date and to avoid suspicious websites if you do not want to end up having to remove slingshot malware or other dangerous threats.

How does slingshot malware work?

Once this Trojan is activated on your system, it drops its payload. The payload consists of five different modules, each capable of dangerous operations on your system:

  • GollumApp: collects network information, steals browser passwords, implements keylogger functionality
  • SsCB: captures screenshots, steals information from clipboard and window size, title, and position
  • ffproxy: collects Firefox proxy settings and configuration details
  • NeedleWatch: injects in different files
  • Sfc2: disables Windows file protection

Hopefully, it is needless to say how much damage such a lot can cause on your system if they start operating in the background without your noticing it, which is, by the way, the main goal of a Trojan program, i.e., to lay low and stay undetected as long as possible. Apart from these malicious operations, this Trojan may also download other malware threats in the background, which makes it even more dangerous. If you do not want to lose your account passwords, login details to your online banking, and other sensitive information in addition to all other threats this Trojan can mean to your privacy, we advise you to remove slingshot malware immediately.

How do I delete slingshot malware?

You can relatively easily eliminate this Trojan by deleting and replacing the .dll files it used to initiate its malicious operations. Please follow our guide below if you want to take down this dangerous threat. However, keep in mind that this Trojan has a serious payload and may also download other infections in the background. In other words, your system will not necessarily be fully clean just by replacing these .dll files. If you are not an advanced user and cannot identify the rest of the threats yourself, you may want to use a trustworthy malware removal tool like SpyHunter to do this automatically for you. Such a powerful security program, when kept activated and updated regularly, can protect your computer from all known malicious threats as well as potentially harmful programs.

Remove slingshot malware from Windows

  1. Press Win+E to open File Explorer.
  2. Open "C:\Windows\System32\", delete "scesrv.dll", and then replace this file with the original system file.
  3. Open "C:\Windows\SysWow64\", delete "scesrv.dll", and then replace this file with the original system file. (In case of a 64-bit system!)
  4. Empty your Recycle Bin.
  5. Restart your computer. 100% FREE spyware scan and
    tested removal of slingshot malware*

Remove these slingshot malware Registry Entries:

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run servises
\YURB.exe
Sys1.exe
lljyn_df
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify cxqmyibm
bone thunk axis copy
software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad xokvrpwg
\YUR1.exe
{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}
C:\WINDOWS\system32\kdswe.exe
\YUR2A.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad rwlfsdmk
\YUR18.exe
\YURC.exe
%windir%\System32\kdwls.exe
Software\Microsoft\Windows\CurrentVersion kdksc.exe
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE gi985993737
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify __c0040F39
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify ssqPhEVM
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {BB4C402F-882A-4526-8C08-51278EA437C1}
vmdetdhc.exe
\VIE2F.exe
{157627A6-2A10-4aa1-B97F-90B8DC6F24AC}
C:\WINDOWS\System32\kdmsh.exe
\YUR13.exe
software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad tfnslopk
\YURD.exe
\YUR4.exe
\YUR5.exe
Sys2.exe
\Win13.exe
\Win11.exe
\YUR130.exe
\YUR2C.exe
%windir%\system32\kdswe.exe
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify nnnkiGvV
\YUR131.exe
Facegame
{E4785213-3EFE-4c26-A9B4-332440E31F6F}
Software\Microsoft\Internet Explorer\Explorer Bars {EB9539EB-598E-BCA7-3D4A-82F4F26E9738}
\YUR2.exe
\Win12.exe
advap32
GetPack19
\VIE3.exe
%windir%\System32\kdmsh.exe
\YUR3.exe
\YUR12F.exe
\YUR20.exe
\YUR8.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad xrdwbfgn
cont_mxlivemedia
\YUR2D.exe
\YURF.exe
Software\Microsoft\Internet Explorer\Explorer Bars {C2EC2654-52F0-3E63-9017-D0FA8FA79271}
{09E23F2C-ED1E-43FC-9AA1-1332162A35AE}
{0389E53C-62CF-4CD6-9F4E-955A740E4385}
\YUR14.exe
{3BCF8450-D134-427E-AE9C-2A42CE8215CC}
\YUR12.exe
\YURA.exe
ROAD ITCH AMOK PING
SerialsWorld
memo site kind that
Sys3.exe
BIND SUPPORT SEEK FIRST
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler {B2BA40A2-74F0-42BD-F434-12345A2C8953}
Software\Microsoft\Windows\CurrentVersion kdmsh.exe
xydzyh
SOFTWARE\Microsoft\Internet Explorer\Toolbar {3B4EFB6A-06FD-40AC-B072-1FB7D1D456E8}
\VIE14.exe
\YUR30.exe
SOFTWARE\Microsoft\Internet Explorer\Toolbar {57776700-7BC8-47AC-B43E-99C24B015570}
Somefox
\YUR10.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad fsrpknov
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler {0ba3e00d-b660-46e6-a2db-2672ee82dc98}
F5JMWNZTHI
Online Alert Manager
cokx
\YUR6.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {D3CCFAF7-DF03-4E73-95EC-E5E139CC2BF2}
\YUR15.exe
Long Internet Team Stupid
GetPack21
FixCamera
Software\Microsoft\Internet Explorer\Explorer Bars {FCDEE81D-95A3-AE8A-D4FB-5A9FB8E32860}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {C14E6230-757D-4246-81CE-B34E2940C722}
\YUR12E.exe
Captcha5
\VIE5.exe
\VIE2.exe
\YUR9.exe
\YUR11.exe
\YUR2B.exe
Software\Microsoft\Internet Explorer\Explorer Bars {9CDB6E2A-B859-45BB-8F05-AF684301AB41}
C:\WINDOWS\System32\kdwls.exe
{4D4DB474-8435-4FA1-8D91-512C0CE1E931}
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad fdxbameg
\YURE.exe
\Win14.exe
Cognac
SOFTWARE\Microsoft\Internet Explorer\Toolbar {8E21DC20-6E4E-42B3-9796-244EC9385CEF}
Sys4.exe
penis.exe
\Win10.exe
hlpproc
Software\Microsoft\Windows\CurrentVersion kdid
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run andfor
SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run xqe6lJLnN1
515.tmp
SmartMon
ptidle
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *