slingshot malware

What is slingshot malware?

If your system has been penetrated by slingshot malware, you need to know that your privacy and your files could be in great danger. This is a Trojan infection that can do all kinds of malicious operations on your computer without your knowledge. According to our malware experts at, this attack mainly regards those users who have one of the Mikrotik routers made in Latvia as the authors of this Trojan can use certain exploits to compromise these routers to gain system administrator privileges on a system. This malware infection comes with a payload of five different modules, which can capture your screenshots, log your keyboards strokes, and thus steal sensitive information from you among other stuff. If it is not clear yet why we recommend that you remove slingshot malware immediately, please continue reading our article to find out more.

Where does slingshot malware come from?

As we have mentioned above, this dangerous Trojan program can be implanted on your system by these cyber criminals once they can get system administrator privileges to certain Latvian made Mikrotik routers. Of course, this is not the only way for you to be infect with such a severe threat. You can also initiate such a vicious attack by opening a spam mail and viewing its attachment. Cyber crooks often use this method to deceive unsuspecting users and playing a trick on their curiosity. Do not ever open a third-party mail that seems to regard some important or urgent issue like an unsettled invoice, unpaid fine, or problem with an online booking. If in doubt, you should contact the sender and ask for more information about this alleged matter before even opening this mail or its attachment. Imagine if you click to see the attached file and it is indeed a ransomware executable that starts up its encryption process right away and you will not even be able to delete it without possible losing all your important files.

But you can also let such dangers on board if you are not a safe surfer and use an outdated browser or drivers (Java and Flash) to browse the web. Cyber villains can set up malicious websites using Exploit Kits to drop ransomware programs as well as Trojans, and you would not even see them coming. We advise you to keep all your programs up-to-date and to avoid suspicious websites if you do not want to end up having to remove slingshot malware or other dangerous threats.

How does slingshot malware work?

Once this Trojan is activated on your system, it drops its payload. The payload consists of five different modules, each capable of dangerous operations on your system:

  • GollumApp: collects network information, steals browser passwords, implements keylogger functionality
  • SsCB: captures screenshots, steals information from clipboard and window size, title, and position
  • ffproxy: collects Firefox proxy settings and configuration details
  • NeedleWatch: injects in different files
  • Sfc2: disables Windows file protection

Hopefully, it is needless to say how much damage such a lot can cause on your system if they start operating in the background without your noticing it, which is, by the way, the main goal of a Trojan program, i.e., to lay low and stay undetected as long as possible. Apart from these malicious operations, this Trojan may also download other malware threats in the background, which makes it even more dangerous. If you do not want to lose your account passwords, login details to your online banking, and other sensitive information in addition to all other threats this Trojan can mean to your privacy, we advise you to remove slingshot malware immediately.

How do I delete slingshot malware?

You can relatively easily eliminate this Trojan by deleting and replacing the .dll files it used to initiate its malicious operations. Please follow our guide below if you want to take down this dangerous threat. However, keep in mind that this Trojan has a serious payload and may also download other infections in the background. In other words, your system will not necessarily be fully clean just by replacing these .dll files. If you are not an advanced user and cannot identify the rest of the threats yourself, you may want to use a trustworthy malware removal tool like SpyHunter to do this automatically for you. Such a powerful security program, when kept activated and updated regularly, can protect your computer from all known malicious threats as well as potentially harmful programs.

Remove slingshot malware from Windows

  1. Press Win+E to open File Explorer.
  2. Open "C:\Windows\System32\", delete "scesrv.dll", and then replace this file with the original system file.
  3. Open "C:\Windows\SysWow64\", delete "scesrv.dll", and then replace this file with the original system file. (In case of a 64-bit system!)
  4. Empty your Recycle Bin.
  5. Restart your computer. 100% FREE spyware scan and
    tested removal of slingshot malware*

Remove these slingshot malware Registry Entries:

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run servises
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify cxqmyibm
bone thunk axis copy
software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad xokvrpwg
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad rwlfsdmk
Software\Microsoft\Windows\CurrentVersion kdksc.exe
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify __c0040F39
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify ssqPhEVM
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {BB4C402F-882A-4526-8C08-51278EA437C1}
software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad tfnslopk
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify nnnkiGvV
Software\Microsoft\Internet Explorer\Explorer Bars {EB9539EB-598E-BCA7-3D4A-82F4F26E9738}
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad xrdwbfgn
Software\Microsoft\Internet Explorer\Explorer Bars {C2EC2654-52F0-3E63-9017-D0FA8FA79271}
memo site kind that
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler {B2BA40A2-74F0-42BD-F434-12345A2C8953}
Software\Microsoft\Windows\CurrentVersion kdmsh.exe
SOFTWARE\Microsoft\Internet Explorer\Toolbar {3B4EFB6A-06FD-40AC-B072-1FB7D1D456E8}
SOFTWARE\Microsoft\Internet Explorer\Toolbar {57776700-7BC8-47AC-B43E-99C24B015570}
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad fsrpknov
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler {0ba3e00d-b660-46e6-a2db-2672ee82dc98}
Online Alert Manager
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {D3CCFAF7-DF03-4E73-95EC-E5E139CC2BF2}
Long Internet Team Stupid
Software\Microsoft\Internet Explorer\Explorer Bars {FCDEE81D-95A3-AE8A-D4FB-5A9FB8E32860}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {C14E6230-757D-4246-81CE-B34E2940C722}
Software\Microsoft\Internet Explorer\Explorer Bars {9CDB6E2A-B859-45BB-8F05-AF684301AB41}
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad fdxbameg
SOFTWARE\Microsoft\Internet Explorer\Toolbar {8E21DC20-6E4E-42B3-9796-244EC9385CEF}
Software\Microsoft\Windows\CurrentVersion kdid
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run andfor
SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run xqe6lJLnN1

Leave a Comment

Enter the numbers in the box to the right *