W32/Trojan.FEBD-8784

Trojan No Comments

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

W32/Trojan.FEBD-8784 also known as backdoor.win32.simda.a, W32/Injector.CYIA!tr, Trojan ( 004ef1341 ).

Malware Analysis of W32/Trojan.FEBD-8784 – WINDOVVSCONFIG.EXE

Created files:

%TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON
%APPDATA%\WINDCONF\WINDCONF
%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE

Autostart registry keys:

HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{DD64DA1A-BDBE-E3DF-A3B2-B9C2FE54FBEA}\STUBPATH: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE”
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE”
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE”
HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{DD64DA1A-BDBE-E3DF-A3B2-B9C2FE54FBEA}\STUBPATH: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE”
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE”

Detected by UnHackMe:

WINDOVVSCONFIG.EXE
DEFAULT LOCATION: %APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE

Dropper hash(md5): 59842ed853665df5a7af9e3eae50bd9c

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

1
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

Tatva WordPress theme by IdeaBox

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera