Category Archives: Worm

Worm/W32.AutoRun.524892

Worm/W32.AutoRun.524892 also known as Trojan.Agent/Gen-Frauder[WinWord], Worm.Yuner!OOwCwIXRc+0, Worm/Win32.Hybris.R3751. Malware Analysis of Worm/W32.AutoRun.524892 – KUQAQTQY.EXE Created files: %WINDIR%\MYDOC.RTF %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\E0F98D70-7096-4DE5-97D5-42A5628D512F %SYSDIR%\KUQAQTQY.EXE %SYSDIR%\NBFVVLQSAWEMZ.EXE %SYSDIR%\SHGOVLNAWT.EXE Detected by UnHackMe: KUQAQTQY.EXE Default location: %SYSDIR%\KUQAQTQY.EXE Dropper hash(md5): 0007106c237e8689cc68b5111db1a174 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

WORM_DUMARU.GEN

WORM_DUMARU.GEN also known as W32/Dumaru-A, W32.Dumaru, Backdoor.Win32.Dumador. Malware Analysis of WORM_DUMARU.GEN – VXDMGR32.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\0DB42630-499B-44B6-B4D4-F0D88225028D %SYSDIR%\LOAD32.EXE %SYSDIR%\VXDMGR32.EXE %WINDIR%\DLLREG.EXE %WINDIR%\WINDRV.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\load32: 43 3A 5C 57 69 6E 64 6F 77 73 5C 73 79 73 74 65 6D 33 32 5C 6C 6F 61 64 33 32 2E 65 78 65 00…

Continue reading

I-Worm.Dumaru.A0

I-Worm.Dumaru.A0 also known as I-Worm.Dumaru.Gen, W32/Dumaru.gen.worm, Win32/Dumaru.A0. Malware Analysis of I-Worm.Dumaru.A0 – VXDMGR32.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\0DB42630-499B-44B6-B4D4-F0D88225028D %SYSDIR%\LOAD32.EXE %SYSDIR%\VXDMGR32.EXE %WINDIR%\DLLREG.EXE %WINDIR%\WINDRV.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\load32: 43 3A 5C 57 69 6E 64 6F 77 73 5C 73 79 73 74 65 6D 33 32 5C 6C 6F 61 64 33 32 2E 65 78 65 00…

Continue reading

Worm.Dumaru.Win32.16

Worm.Dumaru.Win32.16 also known as Worm:Win32/Dumaru.A, W32/Dumaru.A!tr, Backdoor.Dumador. Malware Analysis of Worm.Dumaru.Win32.16 – VXDMGR32.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\0DB42630-499B-44B6-B4D4-F0D88225028D %SYSDIR%\LOAD32.EXE %SYSDIR%\VXDMGR32.EXE %WINDIR%\DLLREG.EXE %WINDIR%\WINDRV.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\load32: 43 3A 5C 57 69 6E 64 6F 77 73 5C 73 79 73 74 65 6D 33 32 5C 6C 6F 61 64 33 32 2E 65 78 65 00…

Continue reading

Email-Worm.Win32.Dumaru.a

Email-Worm.Win32.Dumaru.a also known as Worm[Email]/Win32.Dumaru, W32/Dumaru.gen.worm, Worm.Dumaru.Win32.16. Malware Analysis of Email-Worm.Win32.Dumaru.a – VXDMGR32.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\0DB42630-499B-44B6-B4D4-F0D88225028D %SYSDIR%\LOAD32.EXE %SYSDIR%\VXDMGR32.EXE %WINDIR%\DLLREG.EXE %WINDIR%\WINDRV.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\load32: 43 3A 5C 57 69 6E 64 6F 77 73 5C 73 79 73 74 65 6D 33 32 5C 6C 6F 61 64 33 32 2E 65 78 65 00…

Continue reading

W32/Esfury.A.worm

W32/Esfury.A.worm also known as Backdoor.Nibu, W32/Risk.FDXH-3788, TR/ATRAPS.Gen. Malware Analysis of W32/Esfury.A.worm – BQJEJC.DLL Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\8407652C-E45A-4A42-AF80-5D6595EA9EA4 %SYSTEMDRIVE%\RECYCLER\ITSS.EXE %Program Files Common%\bqjejc.dll %Program Files Common%\TabIt.exe %COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\ITSS.LNK Detected by UnHackMe: BQJEJC.DLL Default location: %PROGRAM FILES COMMON%\BQJEJC.DLL Dropper hash(md5): 0105334ddb81846da2a15ec96a25b4d5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

Worm.Win32.Dumaru.A0

Worm.Win32.Dumaru.A0 also known as Generic.Win32.001e6ceb00!MD, Win32.Dumaru.A@mm. Malware Analysis of Worm.Win32.Dumaru.A0 – VXDMGR32.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\0DB42630-499B-44B6-B4D4-F0D88225028D %SYSDIR%\LOAD32.EXE %SYSDIR%\VXDMGR32.EXE %WINDIR%\DLLREG.EXE %WINDIR%\WINDRV.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\load32: 43 3A 5C 57 69 6E 64 6F 77 73 5C 73 79 73 74 65 6D 33 32 5C 6C 6F 61 64 33 32 2E 65 78 65 00 00…

Continue reading

PE:Worm.Mail.Win32.Dumaru.a!1173748754

PE:Worm.Mail.Win32.Dumaru.a!1173748754 also known as Email-Worm.Win32.Dumaru.a, Win32.Dumaru.A@mm, W32/Dumaru.QCWS-6970. Malware Analysis of PE:Worm.Mail.Win32.Dumaru.a!1173748754 – VXDMGR32.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\0DB42630-499B-44B6-B4D4-F0D88225028D %SYSDIR%\LOAD32.EXE %SYSDIR%\VXDMGR32.EXE %WINDIR%\DLLREG.EXE %WINDIR%\WINDRV.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\load32: 43 3A 5C 57 69 6E 64 6F 77 73 5C 73 79 73 74 65 6D 33 32 5C 6C 6F 61 64 33 32 2E 65 78 65 00…

Continue reading

Worm:Win32/Dumaru.A

Worm:Win32/Dumaru.A also known as Backdoor.Win32.Dumador, W32/Dumaru.gen.worm. Malware Analysis of Worm:Win32/Dumaru.A – VXDMGR32.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\0DB42630-499B-44B6-B4D4-F0D88225028D %SYSDIR%\LOAD32.EXE %SYSDIR%\VXDMGR32.EXE %WINDIR%\DLLREG.EXE %WINDIR%\WINDRV.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\load32: 43 3A 5C 57 69 6E 64 6F 77 73 5C 73 79 73 74 65 6D 33 32 5C 6C 6F 61 64 33 32 2E 65 78 65 00 00…

Continue reading

Win32/Dumaru.worm.20498

Win32/Dumaru.worm.20498 also known as Trojan.Win32.Qudamah.Gen.6, Win32.Dumaru.A@mm, Worm[Email]/Win32.Dumaru. Malware Analysis of Win32/Dumaru.worm.20498 – VXDMGR32.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\0DB42630-499B-44B6-B4D4-F0D88225028D %SYSDIR%\LOAD32.EXE %SYSDIR%\VXDMGR32.EXE %WINDIR%\DLLREG.EXE %WINDIR%\WINDRV.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\load32: 43 3A 5C 57 69 6E 64 6F 77 73 5C 73 79 73 74 65 6D 33 32 5C 6C 6F 61 64 33 32 2E 65 78 65 00…

Continue reading

Worm.Sohanad.Win32.10176

Malware Analysis of Worm.Sohanad.Win32.10176 – SSMAKER.EXE Created files: %Program Files%\SSmaker\IssProc.dll %Program Files%\SSmaker\IssProcLanguage.ini %Program Files%\SSmaker\SSmaker.exe %Program Files%\SSmaker\SSmaker.XmlSerializers.dll %Program Files%\SSmaker\unins000.dat Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{98215FF1-2A94-4F4D-9260-E5FD06B4ACC4}_is1\DisplayName: “SSmaker, nai?ea 5763” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{98215FF1-2A94-4F4D-9260-E5FD06B4ACC4}_is1\UninstallString: “”%Program Files%\SSmaker\unins000.exe”” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SSMaker: “%Program Files%\SSmaker\SSmaker.exe” Detected by UnHackMe: SSMAKER.EXE Default location: %PROGRAM FILES%\SSMAKER\SSMAKER.EXE Dropper hash(md5): 173d0845eff8ba6a0831de9ca32400f3 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with…

Continue reading

Worm.Win32.Autorun.txu

Worm.Win32.Autorun.txu also known as W32/Yahlover.worm.gen.d, Trojan.Autoit.Gen.IN, W32/Sohana-CU. Malware Analysis of Worm.Win32.Autorun.txu – BGKHXWYJCXILB.EXE Created files: %WINDIR%\MYDOC.RTF %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\6C4AA8B8-5CD5-425D-8F0B-0DC1030DE640 %SYSDIR%\BGKHXWYJCXILB.EXE %SYSDIR%\DKJANUXD.EXE %SYSDIR%\IRDRVCUGGZTJING.EXE Detected by UnHackMe: BGKHXWYJCXILB.EXE Default location: %SYSDIR%\BGKHXWYJCXILB.EXE Dropper hash(md5): 00ebfbac5bf79a0ea769bbae84c6a99f Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Worm:Win32/Bruhorn.B

Worm:Win32/Bruhorn.B also known as WORM/Brontok.W.1, Win32.Worm.VB.k, Worm/Brontok.kd. Malware Analysis of Worm:Win32/Bruhorn.B – DATA TEST.EXE Created files: %SYSTEMDRIVE%\4K51K4\NEW FOLDER.EXE %SYSTEMDRIVE%\4K51K4.EXE %SYSTEMDRIVE%\DATA TEST.EXE %SYSTEMDRIVE%\DESKTOP.INI %SYSTEMDRIVE%\PUISI.TXT Detected by UnHackMe: DATA TEST.EXE DEFAULT LOCATION: %SYSTEMDRIVE%\DATA TEST.EXE Dropper hash(md5): 05da866cdc40e2426903e2c3ba8bbcb6 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Worm/Win32.VB.R42952

Worm/Win32.VB.R42952 also known as Trojan.VB.gen, W32/Brontok.W!worm, I-Worm/Brontok.Q. Malware Analysis of Worm/Win32.VB.R42952 – DATA TEST.EXE Created files: %SYSTEMDRIVE%\4K51K4\NEW FOLDER.EXE %SYSTEMDRIVE%\4K51K4.EXE %SYSTEMDRIVE%\DATA TEST.EXE %SYSTEMDRIVE%\DESKTOP.INI %SYSTEMDRIVE%\PUISI.TXT Detected by UnHackMe: DATA TEST.EXE DEFAULT LOCATION: %SYSTEMDRIVE%\DATA TEST.EXE Dropper hash(md5): 05da866cdc40e2426903e2c3ba8bbcb6 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

WORM/Brontok.W.1

WORM/Brontok.W.1 also known as Worm[Email]/Win32.Brontok, Win32.Worm.VB.k. Malware Analysis of WORM/Brontok.W.1 – DATA TEST.EXE Created files: %SYSTEMDRIVE%\4K51K4\NEW FOLDER.EXE %SYSTEMDRIVE%\4K51K4.EXE %SYSTEMDRIVE%\DATA TEST.EXE %SYSTEMDRIVE%\DESKTOP.INI %SYSTEMDRIVE%\PUISI.TXT Detected by UnHackMe: DATA TEST.EXE DEFAULT LOCATION: %SYSTEMDRIVE%\DATA TEST.EXE Dropper hash(md5): 05da866cdc40e2426903e2c3ba8bbcb6 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Win32.Worm.VB.k

Win32.Worm.VB.k also known as Trojan ( 0040f6141 ), Trojan.Heur.E7BCF7, Email-Worm.Win32.Brontok.w. Malware Analysis of Win32.Worm.VB.k – DATA TEST.EXE Created files: %SYSTEMDRIVE%\4K51K4\NEW FOLDER.EXE %SYSTEMDRIVE%\4K51K4.EXE %SYSTEMDRIVE%\DATA TEST.EXE %SYSTEMDRIVE%\DESKTOP.INI %SYSTEMDRIVE%\PUISI.TXT Detected by UnHackMe: DATA TEST.EXE DEFAULT LOCATION: %SYSTEMDRIVE%\DATA TEST.EXE Dropper hash(md5): 05da866cdc40e2426903e2c3ba8bbcb6 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

Worm/Win32.Hybris.R3751

Worm/Win32.Hybris.R3751 also known as W32/Autorun.JFC.worm, I-Worm.Yuner.B, Worm.Hybris.PLI. Malware Analysis of Worm/Win32.Hybris.R3751 – FJXCIVVZDUKSB.EXE Created files: %SYSDIR%\FJXCIVVZDUKSB.EXE %SYSDIR%\HKSZOWZS.EXE %SYSDIR%\NQMAKYXIBN.EXE %SYSDIR%\UODYRYUAKOBCXOC.EXE %WINDIR%\MYDOC.RTF Detected by UnHackMe: FJXCIVVZDUKSB.EXE Default location: %SYSDIR%\FJXCIVVZDUKSB.EXE Dropper hash(md5): 055735e29b5b10f70534747b4728f0e0 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Worm.AutoRun.Win32.91466

Worm.AutoRun.Win32.91466 also known as Backdoor.Hupigon.AXRD, a variant of Win32/Hupigon, Mal_Otorun5. Malware Analysis of Worm.AutoRun.Win32.91466 – REJOICE101.EXE Created files: %Program Files Common%\microsoft shared\MSInfo\rejoice101.exe %SYSDIR%\_REJOICE101.EXE %SYSTEMDRIVE%\AUTORUN.INF %SYSTEMDRIVE%\REJOICE101.EXE Autostart registry keys: HKLM\System\CurrentControlSet\services\Windows service\ImagePath: “%Program Files Common%\Microsoft Shared\MSINFO\rejoice101.exe” HKLM\System\CurrentControlSet\services\Windows service\DisplayName: “Windows service” Detected by UnHackMe: REJOICE101.EXE Default location: %PROGRAM FILES COMMON%\MICROSOFT SHARED\MSINFO\REJOICE101.EXE Dropper hash(md5): ff538cc6046ad482c5c0000f595b47aa Share This: UnHackMe removes…

Continue reading

W32/AutoRun.IYE!worm

W32/AutoRun.IYE!worm also known as W32/Downloader.C.gen!Eldorado, Backdoor.Hupigon.AXRD, Mal_Otorun5. Malware Analysis of W32/AutoRun.IYE!worm – REJOICE101.EXE Created files: %Program Files Common%\microsoft shared\MSInfo\rejoice101.exe %SYSDIR%\_REJOICE101.EXE %SYSTEMDRIVE%\AUTORUN.INF %SYSTEMDRIVE%\REJOICE101.EXE Autostart registry keys: HKLM\System\CurrentControlSet\services\Windows service\ImagePath: “%Program Files Common%\Microsoft Shared\MSINFO\rejoice101.exe” HKLM\System\CurrentControlSet\services\Windows service\DisplayName: “Windows service” Detected by UnHackMe: REJOICE101.EXE Default location: %PROGRAM FILES COMMON%\MICROSOFT SHARED\MSINFO\REJOICE101.EXE Dropper hash(md5): ff538cc6046ad482c5c0000f595b47aa Share This: UnHackMe removes malware invisible for…

Continue reading

Worm.Mydoom.Win32.1363

Worm.Mydoom.Win32.1363 also known as Trojan.Generic.15554048, PUA.OutBrowse, Trojan.Win32.OutBrowse.dzmhhq. Malware Analysis of Worm.Mydoom.Win32.1363 – BEFBIGJDGB.EXE Created files: %TEMP%\BEFBIGJDGB.EXE Detected by UnHackMe: BEFBIGJDGB.EXE DEFAULT LOCATION: %TEMP%\BEFBIGJDGB.EXE Dropper hash(md5): 026fa80567435a2adac871a51141e74e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading

Worm/AutoRun

Worm/AutoRun also known as Worm.Hybris.PLI, W32/Agent.ALS!tr. Malware Analysis of Worm/AutoRun – EWMHGPJYQB.EXE Created files: %SYSDIR%\EWMHGPJYQB.EXE %SYSDIR%\JEHVFRMV.EXE %SYSDIR%\PWUGLBVWBVTOY.EXE %SYSDIR%\QQNGYETDYAOCQUE.EXE %WINDIR%\MYDOC.RTF Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\cfmuqmfv: “ewmhgpjyqb.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\hongytct: “qqngyetdyaocque.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: “pwuglbvwbvtoy.exe” Detected by UnHackMe: EWMHGPJYQB.EXE Default location: %SYSDIR%\EWMHGPJYQB.EXE Dropper hash(md5): c7be41779e998ba88ba3422ebe32d910 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

Worm/W32.AutoIt.261600

Worm/W32.AutoIt.261600 also known as Trojan.Win32.Cosmu, W32/Sohanat.GW.worm, Worm/AutoRun. Malware Analysis of Worm/W32.AutoIt.261600 – EWMHGPJYQB.EXE Created files: %SYSDIR%\EWMHGPJYQB.EXE %SYSDIR%\JEHVFRMV.EXE %SYSDIR%\PWUGLBVWBVTOY.EXE %SYSDIR%\QQNGYETDYAOCQUE.EXE %WINDIR%\MYDOC.RTF Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\cfmuqmfv: “ewmhgpjyqb.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\hongytct: “qqngyetdyaocque.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: “pwuglbvwbvtoy.exe” Detected by UnHackMe: EWMHGPJYQB.EXE Default location: %SYSDIR%\EWMHGPJYQB.EXE Dropper hash(md5): c7be41779e998ba88ba3422ebe32d910 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software.…

Continue reading

Worm/Win32.VBNA.R25526

Worm/Win32.VBNA.R25526 also known as Worm:Win32/Vobfus.AC, Worm.Win32.Autorun.159744.E[h], Gen:Variant.Barys.266. Malware Analysis of Worm/Win32.VBNA.R25526 – CDZUOT.EXE Created files: %PROFILE%\ZUJES.EXE %PROFILE%\CAOOHI.EXE %PROFILE%\CDZUOT.EXE %PROFILE%\CIWUT.EXE %PROFILE%\CIXEF.EXE Detected by UnHackMe: CDZUOT.EXE DEFAULT LOCATION: %PROFILE%\CDZUOT.EXE Dropper hash(md5): c7bdcc9af78b1c5e6e81c497ce3711a0 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

W32/Gbot.worm

W32/Gbot.worm also known as Worm.Gobot!dKZtnn3mYiA, BackDoor.Gobot.F, Backdoor:Win32/Gobot.I. Malware Analysis of W32/Gbot.worm – EKWDRZCUUG4.EXE Created files: %WINDIR%\EKWDRZCUUG4.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\P-WIN: “%WINDIR%\EKWDRZCUUG4.EXE” Detected by UnHackMe: EKWDRZCUUG4.EXE Default location: %WinDir%\EKWDRZCUUG4.EXE Dropper hash(md5): d682f969ee9d4854ec46351f155f9f20 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading

W32/Stormworm.B

W32/Stormworm.B also known as Win32:Zhelatin-ASX [Wrm], W32/Troj_Generic.GRSD, Email-Worm.Win32.Zhelatin. Malware Analysis of W32/Stormworm.B – CLEAN3B28-1A3F.SYS Created files: %SYSDIR%\CLEAN.CONFIG %SYSDIR%\CLEAN3B28-1A3F.SYS Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLEAN3B28-1A3F\IMAGEPATH: “\??\%SYSDIR%\CLEAN3B28-1A3F.SYS” HKLM\System\CurrentControlSet\services\clean3b28-1a3f\DisplayName: “clean3b28-1a3f” Detected by UnHackMe: CLEAN3B28-1A3F.SYS Default location: %SYSDIR%\CLEAN3B28-1A3F.SYS Dropper hash(md5): d692af903a4904439b5fa90f58349e00 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

WORM_ZHELATIN.DI

WORM_ZHELATIN.DI also known as Downloader-BAI.sys.gen.a, Trojan.Agent.AGHI, Backdoor.Agent.dln.n5. Malware Analysis of WORM_ZHELATIN.DI – CLEAN3B28-1A3F.SYS Created files: %SYSDIR%\CLEAN.CONFIG %SYSDIR%\CLEAN3B28-1A3F.SYS Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLEAN3B28-1A3F\IMAGEPATH: “\??\%SYSDIR%\CLEAN3B28-1A3F.SYS” HKLM\System\CurrentControlSet\services\clean3b28-1a3f\DisplayName: “clean3b28-1a3f” Detected by UnHackMe: CLEAN3B28-1A3F.SYS Default location: %SYSDIR%\CLEAN3B28-1A3F.SYS Dropper hash(md5): d692af903a4904439b5fa90f58349e00 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Worm.Gobot!dKZtnn3mYiA

Worm.Gobot!dKZtnn3mYiA also known as W32.W.Fearso.lDrx, Exploit.Ghostbot, Win.Trojan.Gobot-20. Malware Analysis of Worm.Gobot!dKZtnn3mYiA – EKWDRZCUUG4.EXE Created files: %WINDIR%\EKWDRZCUUG4.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\P-WIN: “%WINDIR%\EKWDRZCUUG4.EXE” Detected by UnHackMe: EKWDRZCUUG4.EXE Default location: %WinDir%\EKWDRZCUUG4.EXE Dropper hash(md5): d682f969ee9d4854ec46351f155f9f20 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading

Email-Worm.Win32.Zhelatin

Email-Worm.Win32.Zhelatin also known as Rootkit/Agent.HQA, Win32:Zhelatin-ASX [Wrm], Worm/Win32.Zhelatin. Malware Analysis of Email-Worm.Win32.Zhelatin – CLEAN3B28-1A3F.SYS Created files: %SYSDIR%\CLEAN.CONFIG %SYSDIR%\CLEAN3B28-1A3F.SYS Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLEAN3B28-1A3F\IMAGEPATH: “\??\%SYSDIR%\CLEAN3B28-1A3F.SYS” HKLM\System\CurrentControlSet\services\clean3b28-1a3f\DisplayName: “clean3b28-1a3f” Detected by UnHackMe: CLEAN3B28-1A3F.SYS Default location: %SYSDIR%\CLEAN3B28-1A3F.SYS Dropper hash(md5): d692af903a4904439b5fa90f58349e00 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Email-Worm.Win32.Zhelatin.pl

Email-Worm.Win32.Zhelatin.pl also known as Trojan.Agent.AGHI, WORM_ZHELATIN.DI, I-Worm.Win32.Zhelatin.129664. Malware Analysis of Email-Worm.Win32.Zhelatin.pl – CLEAN3B28-1A3F.SYS Created files: %SYSDIR%\CLEAN.CONFIG %SYSDIR%\CLEAN3B28-1A3F.SYS Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLEAN3B28-1A3F\IMAGEPATH: “\??\%SYSDIR%\CLEAN3B28-1A3F.SYS” HKLM\System\CurrentControlSet\services\clean3b28-1a3f\DisplayName: “clean3b28-1a3f” Detected by UnHackMe: CLEAN3B28-1A3F.SYS Default location: %SYSDIR%\CLEAN3B28-1A3F.SYS Dropper hash(md5): d692af903a4904439b5fa90f58349e00 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Worm/Win32.IRCBot.R29095

Worm/Win32.IRCBot.R29095 also known as BScope.Trojan.Palevo.011, Win.Trojan.Gobot-20, Trojan.Win32.Generic!SB.0. Malware Analysis of Worm/Win32.IRCBot.R29095 – EKWDRZCUUG4.EXE Created files: %WINDIR%\EKWDRZCUUG4.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\P-WIN: “%WINDIR%\EKWDRZCUUG4.EXE” Detected by UnHackMe: EKWDRZCUUG4.EXE Default location: %WinDir%\EKWDRZCUUG4.EXE Dropper hash(md5): d682f969ee9d4854ec46351f155f9f20 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera