WINWORD2.DOC.EXE – Worm Autoit

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

WINWORD2.DOC.EXE – Worm Autoit removal

File MD5 Virus Alias
WINWORD2.DOC.EXE 6b571a2feee0a72761e0ab0bc262455d Worm Autoit
WINWORD2.DOC.EXE 6b571a2feee0a72761e0ab0bc262455d Trojan SuspiciousFile
WINWORD2.DOC.EXE 6b571a2feee0a72761e0ab0bc262455d Trojan Generic
WINWORD2.DOC.EXE 6b571a2feee0a72761e0ab0bc262455d Trojan Runner
WINWORD2.DOC.EXE 6b571a2feee0a72761e0ab0bc262455d Worm Sohanat
WINWORD2.DOC.EXE 6b571a2feee0a72761e0ab0bc262455d Worm Autorun

WINWORD2.DOC.EXE size: 261566 bytes
WINWORD2.DOC.EXE hash: 6B571A2FEEE0A72761E0AB0BC262455D

Created files:

C:\Documents and Settings\Default User\Templates\winword.doc.exe
C:\Documents and Settings\Default User\Templates\winword.nal
C:\Documents and Settings\Default User\Templates\winword2.doc.exe
%SysDir%\msvbvm50.433
%SysDir%\msvbvm60.435
%SysDir%\myajmmyozbnav.exe
%SysDir%\pckhar.exe
%SysDir%\rrfwsldglz.exe
%SysDir%\stpznifm.exe
%SysDir%\tsowzdkltpoqbeu.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dcigtygo: rrfwsldglz.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\zmxsgyir: tsowzdkltpoqbeu.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run : myajmmyozbnav.exe
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname: VirusBenci
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\NV Hostname: VirusBenci

Detected by UnHackMe:

WINWORD2.DOC.EXE
Default location: C:\DOCUMENTS AND SETTINGS\DEFAULT USER\TEMPLATES\WINWORD2.DOC.EXE

Dropper information:
MD5: 0a3b6f762dbc9b0e6de570117456554e
File size: 261550 bytes

Leave a Reply