Solved! Use SYSTEM VOLUME INFORMATION.EXE (Virus Sality) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SYSTEM VOLUME INFORMATION.EXE – Virus Sality removal

File MD5 Virus Alias
SYSTEM VOLUME INFORMATION.EXE 0119e70e60e0f2c1d9fdf426e6e63440 Virus Sality
SYSTEM VOLUME INFORMATION.EXE 0119e70e60e0f2c1d9fdf426e6e63440 Worm Vobfus
SYSTEM VOLUME INFORMATION.EXE 0119e70e60e0f2c1d9fdf426e6e63440 Trojan Krap
SYSTEM VOLUME INFORMATION.EXE 0119e70e60e0f2c1d9fdf426e6e63440 Worm Autorun
SYSTEM VOLUME INFORMATION.EXE 0119e70e60e0f2c1d9fdf426e6e63440 Trojan Agent

SYSTEM VOLUME INFORMATION.EXE size: 290816 bytes
SYSTEM VOLUME INFORMATION.EXE hash: 0119E70E60E0F2C1D9FDF426E6E63440

Created files:

C:\C.exe
C:\Documents and Settings\Documents and Settings.exe
%Program Files%\Program Files.exe
C:\Sandbox\Sandbox.exe
C:\System Volume Information\System Volume Information.exe
%WinDir%\Help\schedl.exe
%WinDir%\WINDOWS.exe
%Common DesktopDirectory%\Desktop.exe
%Common Documents%\My Music\My Music.exe
%Common Documents%\My Pictures\My Pictures.exe
%Common Documents%\My Videos\My Videos.exe
%Common Startmenu%\Programs\Programs.exe
%Common Startmenu%\Programs\Startup\Startup.exe
%Common Startmenu%\Start Menu.exe
%Personal%\Downloads\Downloads.exe
%Personal%\My Ducuments.exe
%Personal%\My Music\My Music.exe
%Personal%\My Pictures\My Pictures.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\RUN\schedl: %WinDir%\Help\schedl.exe

Detected by UnHackMe:

SYSTEM VOLUME INFORMATION.EXE
Default location: C:\SYSTEM VOLUME INFORMATION\SYSTEM VOLUME INFORMATION.EXE

Dropper information:
MD5: 0119e70e60e0f2c1d9fdf426e6e63440
File size: 290816 bytes

Leave a Reply