I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.
MPLAYERW.EXE – Trojan Crypt removal
| File | MD5 | Virus Alias |
|---|---|---|
| MPLAYERW.EXE | d679edc5edb559a88263f53bc8a613b9 | Trojan Crypt |
| MPLAYERW.EXE | d679edc5edb559a88263f53bc8a613b9 | Trojan Generic |
| MPLAYERW.EXE | d679edc5edb559a88263f53bc8a613b9 | Trojan Xema |
| MPLAYERW.EXE | d679edc5edb559a88263f53bc8a613b9 | Trojan Comame |
| MPLAYERW.EXE | d679edc5edb559a88263f53bc8a613b9 | Trojan PAM |
| MPLAYERW.EXE | d679edc5edb559a88263f53bc8a613b9 | Trojan Agent |
MPLAYERW.EXE size: 213600 bytes
MPLAYERW.EXE hash: D679EDC5EDB559A88263F53BC8A613B9
Created files:
C:\Windows\Help\intret.cnt
C:\Windows\Syssrc32.exe
C:\Windows\System\applets.exe
C:\Windows\System\Explorer.exe
C:\Windows\System\fndfst32.exe
C:\Windows\System\mplayerw.exe
C:\Windows\System\Sysexp32.exe
%Temp%\1D87B2.dmp
Autostart registry keys:
HKLM\Software\Classes\txtfile\shell\open\command\Explore: %SystemRoot%\System32\NOTEPAD.EXE %1
HKLM\Software\Classes\txtfile\shell\open\command : C:\Windows\System\Sysexp32.exe %1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\System applets: C:\Windows\System\applets.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Syssrc32: C:\Windows\Syssrc32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\fndfst32: C:\Windows\System\fndfst32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Explorer Shell: C:\Windows\System\Explorer.exe
Detected by UnHackMe:
MPLAYERW.EXE
Default location: %WinDir%\SYSTEM\MPLAYERW.EXE
Dropper information:
MD5: 64092b65d2cd79275aa4f8354c7b99f0
File size: 184918 bytes