ZAPOTEC.EXE – Worm Autorun removal

ZAPOTEC.EXE size: 51303 bytes
ZAPOTEC.EXE hash: 15E43066F164F870FE92DE2EB239E309

Created files:

C:\FOUND.007.exe
C:\Msvbvm60.dll
%WinDir%\AE 0124 BE.exe
%WinDir%\AppPatch\AcAdProc.dll
%WinDir%\AppPatch\AcGenral.dll
%WinDir%\AppPatch\AcLayers.dll
%WinDir%\AppPatch\AcLua.dll
%WinDir%\AppPatch\AcSpecfc.dll
%WinDir%\AppPatch\AcXtrnal.dll
%WinDir%\AppPatch\apphelp.sdb
%WinDir%\AppPatch\apph_sp.sdb
%WinDir%\AppPatch\drvmain.sdb
%WinDir%\AppPatch\msimain.sdb
%WinDir%\AppPatch\sysmain.sdb
%WinDir%\Blue Lace 16.exe
%WinDir%\Coffee Bean.exe
%WinDir%\Cursors\appstar2.exe
%WinDir%\Cursors\appstar3.exe
%WinDir%\Cursors\appstart.exe
%WinDir%\Cursors\banana.exe
%WinDir%\Cursors\barber.exe
%WinDir%\Cursors\coin.exe
%WinDir%\Cursors\Msvbvm60.dll
%WinDir%\explorer.exe
%WinDir%\explorer.scf
%WinDir%\FeatherTexture.exe
%WinDir%\Gone Fishing.exe
%WinDir%\Greenstone.exe
%WinDir%\hh.exe
%WinDir%\imsins.BAK
%WinDir%\Msvbvm60.dll
%WinDir%\NOTEPAD.EXE
%WinDir%\Prairie Wind.exe
%WinDir%\regedit.exe
%WinDir%\REGLOCS.OLD
%WinDir%\Rhododendron.exe
%WinDir%\River Sumida.exe
%WinDir%\Santa Fe Stucco.exe
%WinDir%\Soap Bubbles.exe
%SysDir%\drivers\Msvbvm60.dll
%SysDir%\drivers\winlogon.exe
%SysDir%\Msvbvm60.dlll
%WinDir%\TASKMAN.EXE
%WinDir%\twain.dll
%WinDir%\twain_32.dll
%WinDir%\twunk_16.exe
%WinDir%\twunk_32.exe
%WinDir%\vmmreg32.dll
%WinDir%\winhelp.exe
%WinDir%\winhlp32.exe
%WinDir%\winnt.exe
%WinDir%\winnt256.exe
%WinDir%\WMSysPr9.prx
%WinDir%\Zapotec.exe
%WinDir%\_default.pif
D:\FOUND.007.exe
D:\Msvbvm60.dll

Detected by UnHackMe:

ZAPOTEC.EXE
Default location: %WinDir%\ZAPOTEC.EXE

Dropper information:
MD5: 6a5c88f4e435a86fef4cf139952a9f95
File size: 41826 bytes