photo_id.exe is a Troj/Agent-LTK (Trojan) that only effect Windows Operating System by registering itself into registry. The file PHOTO_ID.EXE was first observed on Nov 09 2009 and last seen on Nov 10 2009. It has been submitted for analysis from the following 13 geographical locations. Threat level of the photo_id.exe file is still unknown.
File name: photo_id.exe
File size: 48.1 KB (49250 bytes)
Md5: e6bbcf605abd33c8eb37b449023be822
The file PHOTO_ID.EXE was observed with the following file sizes.
- 27,746 bytes
- 60,003 bytes
- 27,747 bytes
- 47,616 bytes
- 47,360 bytes
- 47,872 bytes
- 119,808 bytes
- 127,232 bytes
Troj/Agent-LTK includes functionality to:
- Run automatically
- Create files in the <WINDOWS>\system32 folder
- Access the internet and communicate with a remote server via HTTP
Troj/Agent-LTK communicates via HTTP with the following locations:
qyf28xd841c . com
Troj/Agent-LTK copies itself to:
<User>\photo_id.exe
<System>\photo_id.exe
The following registry entry is created to run photo_id.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
photo_id
<System>\photo_id.exe
The only best option that I consider to have on every system in the world is the Outpost Firewall Pro edition because when such exe’s attacks the firewall is the only thing that completely stops all malicious activity. However you can remove photo_id.exe easily by running Regedit.exe and removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
photo_id
<System>\photo_id.exe
Secondly, boot in safe mode, disable System Restore, Restart, and then remove
photo_id.exe from C:\WINDOWS\SYSTEM32 folder
Mass.exe from the C:\ Root folder.
Reboot and All is done.
Note: Don’t enable the funky System Restore on your system it helps to stop many viruses and spywares.
Tags: Virus Removal Tips
