Solved! Use WINWORD2.DOC.EXE (Worm Autoit) Removal Guide

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

WINWORD2.DOC.EXE – Worm Autoit removal

File MD5 Virus Alias
WINWORD2.DOC.EXE 5dc8a05c37fb5426f6edd40f16692c30 Worm Autoit
WINWORD2.DOC.EXE 5dc8a05c37fb5426f6edd40f16692c30 Trojan Generic
WINWORD2.DOC.EXE 5dc8a05c37fb5426f6edd40f16692c30 Trojan Runner
WINWORD2.DOC.EXE 5dc8a05c37fb5426f6edd40f16692c30 Trojan Downloader
WINWORD2.DOC.EXE 5dc8a05c37fb5426f6edd40f16692c30 Worm Sohanat
WINWORD2.DOC.EXE 5dc8a05c37fb5426f6edd40f16692c30 Worm Autorun

WINWORD2.DOC.EXE size: 261583 bytes
WINWORD2.DOC.EXE hash: 5DC8A05C37FB5426F6EDD40F16692C30

Created files:

C:\Documents and Settings\Default User\Templates\winword.doc.exe
C:\Documents and Settings\Default User\Templates\winword.nal
C:\Documents and Settings\Default User\Templates\winword2.doc.exe
C:\Documents and Settings\Default User\Templates\winword2.nal
%SysDir%\msvbvm50.698
%SysDir%\msvbvm60.340
%SysDir%\mzuchrycbn.exe
%SysDir%\nhsirxoq.exe
%SysDir%\pckhar.exe
%SysDir%\szqewnqojqxthra.exe
%SysDir%\whpimagerphuj.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\iccbrdrb: mzuchrycbn.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\rurrekcn: szqewnqojqxthra.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run : whpimagerphuj.exe
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname: VirusBenci
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\NV Hostname: VirusBenci

Detected by UnHackMe:

WINWORD2.DOC.EXE
Default location: C:\DOCUMENTS AND SETTINGS\DEFAULT USER\TEMPLATES\WINWORD2.DOC.EXE

Dropper information:
MD5: 9043ae71cf504d04e0d0ebd3bee2e272
File size: 261550 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images