I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.
WINCIRL.COM – Worm Vobfus removal
| File | MD5 | Virus Alias |
|---|---|---|
| WINCIRL.COM | d7876030295d0c615efdabe63f97eb20 | Worm Vobfus |
| WINCIRL.COM | d7876030295d0c615efdabe63f97eb20 | Trojan Generic |
| WINCIRL.COM | d7876030295d0c615efdabe63f97eb20 | Trojan Siggen |
| WINCIRL.COM | d7876030295d0c615efdabe63f97eb20 | Virus Sality |
| WINCIRL.COM | d7876030295d0c615efdabe63f97eb20 | Worm Pronny |
| WINCIRL.COM | d7876030295d0c615efdabe63f97eb20 | Trojan Crypt |
WINCIRL.COM size: 47232 bytes
WINCIRL.COM hash: D7876030295D0C615EFDABE63F97EB20
Created files:
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ .exe
C:\My Shared Documents.exe
%WinDir%\system\wincirl.com
%SysDir%\SVCH0ST.EXE
D:\Recycled.exe
\\vboxsrv\in\TEST.exe
%Common Startmenu%\Programs\Startup\ .exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\TEST.exe
%Favorites%\Links\www.test.com
%Temp%\TEST.EXE
%Startup%\ .exe
Autostart registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\run\Microsoft Agent: %WinDir%\System32\SVCH0ST.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: Explorer.exe %WinDir%/System32/SVCH0ST.EXE
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: %WinDir%/System/wincirl.com
Detected by UnHackMe:
WINCIRL.COM
Default location: %WinDir%\SYSTEM\WINCIRL.COM
Dropper information:
MD5: d7876030295d0c615efdabe63f97eb20
File size: 47232 bytes