REGSVR.EXE – Virus Sality

Virus No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

REGSVR.EXE – Virus Sality removal

File MD5 Virus Alias
REGSVR.EXE ceaf4d9e1f408299144e75d7f29c1810 Virus Sality
REGSVR.EXE ceaf4d9e1f408299144e75d7f29c1810 Trojan SuspiciousFile
REGSVR.EXE ceaf4d9e1f408299144e75d7f29c1810 Worm Autoit
REGSVR.EXE ceaf4d9e1f408299144e75d7f29c1810 Worm Autorun
REGSVR.EXE ceaf4d9e1f408299144e75d7f29c1810 Trojan Siggen
REGSVR.EXE ceaf4d9e1f408299144e75d7f29c1810 Trojan Crypt

REGSVR.EXE size: 997537 bytes
REGSVR.EXE hash: CEAF4D9E1F408299144E75D7F29C1810

Created files:

C:\1716b9
%WinDir%\regsvr.exe
%SysDir%\28463\svchost.001
%SysDir%\28463\svchost.exe
%SysDir%\regsvr.exe
%SysDir%\svchost .exe
D:\171ac1
D:\cert\VBoxCertUtil.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\svchost Agent: %WinDir%\System32\28463\svchost.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe regsvr.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Msn Messsenger: %WinDir%\System32\regsvr.exe

Detected by UnHackMe:

REGSVR.EXE
Default location: %WinDir%\REGSVR.EXE

Dropper information:
MD5: ceaf4d9e1f408299144e75d7f29c1810
File size: 997537 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images