Solved! Use .EXE (Worm Vobfus) Removal Guide

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

.EXE – Worm Vobfus removal

File MD5 Virus Alias
.EXE 724f6ac07e70c802ec319d4885a0895e Worm Vobfus
.EXE 724f6ac07e70c802ec319d4885a0895e Trojan Generic
.EXE 724f6ac07e70c802ec319d4885a0895e Trojan Siggen
.EXE 724f6ac07e70c802ec319d4885a0895e Worm Pronny
.EXE 724f6ac07e70c802ec319d4885a0895e Trojan Crypt

.EXE size: 47494 bytes
.EXE hash: 724F6AC07E70C802EC319D4885A0895E

Created files:

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ .exe
C:\My Shared Documents.exe
%WinDir%\system\wincirl.com
%SysDir%\SVCH0ST.EXE
D:\Recycled.exe
\\vboxsrv\in\TEST.exe
%Common Startmenu%\Programs\Startup\ .exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\TEST.exe
%Favorites%\Links\www.test.com
%Temp%\TEST.EXE
%Startup%\ .exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\run\Microsoft Agent: %WinDir%\System32\SVCH0ST.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: Explorer.exe %WinDir%/System32/SVCH0ST.EXE
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: %WinDir%/System/wincirl.com

Detected by UnHackMe:

.EXE
Default location: C:\DOCUMENTS AND SETTINGS\DEFAULT USER\START MENU\PROGRAMS\STARTUP\ .EXE

Dropper information:
MD5: d7876030295d0c615efdabe63f97eb20
File size: 47232 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images