Solved! Use VBOXCERTUTIL.EXE (Virus Sality) Removal Guide

Virus No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

VBOXCERTUTIL.EXE – Virus Sality removal

File MD5 Virus Alias
VBOXCERTUTIL.EXE 18f8a13fdcc9f573a1d56f85dbf82842 Virus Sality
VBOXCERTUTIL.EXE 18f8a13fdcc9f573a1d56f85dbf82842 Trojan Downloader
VBOXCERTUTIL.EXE 18f8a13fdcc9f573a1d56f85dbf82842 Worm Tanatos

VBOXCERTUTIL.EXE size: 1373416 bytes
VBOXCERTUTIL.EXE hash: 18F8A13FDCC9F573A1D56F85DBF82842

Created files:

C:\2aa339
%WinDir%\dc.exe
%WinDir%\Help\Other.exe
%WinDir%\inf\Other.exe
%WinDir%\SVIQ.EXE
%WinDir%\system\Fun.exe
%SysDir%\config\Win.exe
%SysDir%\WinSit.exe
D:\2aa74b
D:\cert\VBoxCertUtil.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: Explorer.exe %WinDir%\System32\WinSit.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dc2k5: %WinDir%\SVIQ.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Fun: %WinDir%\System\Fun.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dc: %WinDir%\dc.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: %WinDir%\inf\Other.exe

Detected by UnHackMe:

VBOXCERTUTIL.EXE
Default location: D:\CERT\VBOXCERTUTIL.EXE

Dropper information:
MD5: 697eaedbe1bce295a00af689363b9293
File size: 151552 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images