Solved! Use C.EXE (Virus Sality) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

C.EXE – Virus Sality removal

File MD5 Virus Alias
C.EXE 0119e70e60e0f2c1d9fdf426e6e63440 Virus Sality
C.EXE 0119e70e60e0f2c1d9fdf426e6e63440 Worm Vobfus
C.EXE 0119e70e60e0f2c1d9fdf426e6e63440 Trojan Krap
C.EXE 0119e70e60e0f2c1d9fdf426e6e63440 Worm Autorun
C.EXE 0119e70e60e0f2c1d9fdf426e6e63440 Trojan Agent

C.EXE size: 290816 bytes
C.EXE hash: 0119E70E60E0F2C1D9FDF426E6E63440

Created files:

C:\C.exe
C:\Documents and Settings\Documents and Settings.exe
%Program Files%\Program Files.exe
C:\Sandbox\Sandbox.exe
C:\System Volume Information\System Volume Information.exe
%WinDir%\Help\schedl.exe
%WinDir%\WINDOWS.exe
%Common DesktopDirectory%\Desktop.exe
%Common Documents%\My Music\My Music.exe
%Common Documents%\My Pictures\My Pictures.exe
%Common Documents%\My Videos\My Videos.exe
%Common Startmenu%\Programs\Programs.exe
%Common Startmenu%\Programs\Startup\Startup.exe
%Common Startmenu%\Start Menu.exe
%Personal%\Downloads\Downloads.exe
%Personal%\My Ducuments.exe
%Personal%\My Music\My Music.exe
%Personal%\My Pictures\My Pictures.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\RUN\schedl: %WinDir%\Help\schedl.exe

Detected by UnHackMe:

C.EXE
Default location: C:\C.EXE

Dropper information:
MD5: 0119e70e60e0f2c1d9fdf426e6e63440
File size: 290816 bytes

Leave a Reply