Solved! Use CIMWCO.EXE (Rootkit TDSS) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

CIMWCO.EXE – Rootkit TDSS removal

File MD5 Virus Alias
CIMWCO.EXE 00aa301a9e7c9b4ddb877634840acfd0 Rootkit TDSS
CIMWCO.EXE 00aa301a9e7c9b4ddb877634840acfd0 Trojan SuspiciousFile
CIMWCO.EXE 00aa301a9e7c9b4ddb877634840acfd0 Trojan Generic
CIMWCO.EXE 00aa301a9e7c9b4ddb877634840acfd0 Trojan Downloader
CIMWCO.EXE 00aa301a9e7c9b4ddb877634840acfd0 Trojan Graftor

CIMWCO.EXE size: 73330 bytes
CIMWCO.EXE hash: 00AA301A9E7C9B4DDB877634840ACFD0

Created files:

%WinDir%\cimwco.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Jklmno Qrstuvwx Abc\Type: 10010000
HKLM\System\CurrentControlSet\Services\Jklmno Qrstuvwx Abc\Start: 02000000
HKLM\System\CurrentControlSet\Services\Jklmno Qrstuvwx Abc\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Jklmno Qrstuvwx Abc\DisplayName: Jklmno Qrstuvwx Abcdefgh Jklm
HKLM\System\CurrentControlSet\Services\Jklmno Qrstuvwx Abc\ImagePath: %WinDir%\cimwco.exe
HKLM\System\CurrentControlSet\Services\Jklmno Qrstuvwx Abc\Description: Jklmnopq Stuvwxyab Defghij Lmnopqrs Uvw

Detected by UnHackMe:

CIMWCO.EXE
Default location: %WinDir%\CIMWCO.EXE

Dropper information:
MD5: 00aa301a9e7c9b4ddb877634840acfd0
File size: 73330 bytes

Leave a Reply