WATERMARK.EXE – Trojan ZBot

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

WATERMARK.EXE – Trojan ZBot removal

File MD5 Virus Alias
WATERMARK.EXE 018cef5b991846cc36670d0a505b3dd8 Trojan ZBot
WATERMARK.EXE 018cef5b991846cc36670d0a505b3dd8 Trojan Generic
WATERMARK.EXE 018cef5b991846cc36670d0a505b3dd8 Trojan Eldorado
WATERMARK.EXE 018cef5b991846cc36670d0a505b3dd8 Trojan Panda
WATERMARK.EXE 018cef5b991846cc36670d0a505b3dd8 Worm AMN
WATERMARK.EXE 018cef5b991846cc36670d0a505b3dd8 Worm Autorun

WATERMARK.EXE size: 201645 bytes
WATERMARK.EXE hash: 018CEF5B991846CC36670D0A505B3DD8

Created files:

%Program Files%\Microsoft\WaterMark.exe
%Common AppData%\Apple Computer\Installer Cache\Safari 5.34.52.7\SetupAdmin.exe
%UserProfile%\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
%UserProfile%\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avformat-53.dll
%UserProfile%\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avutil-51.dll
%UserProfile%\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\chrome.dll

Autostart registry keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: c:\windows\System32\userinit.exe,,c:\program files\Microsoft\watermark.exe

Detected by UnHackMe:

WATERMARK.EXE
Default location: %PROGRAM FILES%\MICROSOFT\WATERMARK.EXE

Dropper information:
MD5: 018cef5b991846cc36670d0a505b3dd8
File size: 201645 bytes

Leave a Reply