Solved! Use MSWFO32.EXE (Trojan Agent) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

MSWFO32.EXE – Trojan Agent removal

File MD5 Virus Alias
MSWFO32.EXE e2ec3733505528c0aa3d7e38ee2fcf0d Trojan Agent
MSWFO32.EXE e2ec3733505528c0aa3d7e38ee2fcf0d Trojan Small

MSWFO32.EXE size: 289709 bytes
MSWFO32.EXE hash: E2EC3733505528C0AA3D7E38EE2FCF0D

Created files:

%WinDir%\svchost.exe
%SysDir%\concp32.exe
%SysDir%\explorer.exe
%SysDir%\mswfo32.exe
%SysDir%\vcl32.exe

Autostart registry keys:

HKLM\Software\Microsoft\Active Setup\Installed Components\{E4883584-8B9A-11D5-EBA1-F78EEEEEE983}\StubPath: mswfo32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VCL: vcl32.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\VCL: vcl32.exe

Detected by UnHackMe:

MSWFO32.EXE
Default location: %SYSDIR%\MSWFO32.EXE

Dropper information:
MD5: 5c63316b3ee3c805ef141f171f18303d
File size: 260213 bytes

Leave a Reply