Worm Autorun – dupzshbrnzxnqwhyt.exe – 0632ec57518dd9262f38ffbb6eb4d711

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Worm Autorun
Also known as: Trojan Eldorado, Trojan Generic
SHA256: 693e6cc52c955f44bfc23c7c9194c1bc26ac23e933a8348c4b4b927d3744a12f
SHA1: 6fdf203c976d6571b5131cf8c6bc96fb820dfa42
MD5: 0632ec57518dd9262f38ffbb6eb4d711
File size: 507904 bytes

Created files:

%WinDir%\dupzshbrnzxnqwhyt.exe – Worm Autorun
%WinDir%\kecpldatshibhqeywjfx.exe – Worm Autorun
%WinDir%\mealfvqherqhlsewsd.exe – Worm Autorun
%WinDir%\qmmbztsnofidlwmiixvpoj.exe – Worm Autorun
%SysDir%\dupzshbrnzxnqwhyt.exe – Worm Autorun
%SysDir%\kecpldatshibhqeywjfx.exe – Worm Autorun
%SysDir%\mealfvqherqhlsewsd.exe – Worm Autorun
%SysDir%\qmmbztsnofidlwmiixvpoj.exe – Worm Autorun
%SysDir%\wmgphvodyjgvxcmc.exe – Worm Autorun
%SysDir%\xqnzulhzxlldiqdwtfa.exe – Worm Autorun
%SysDir%\zuthexvppfhbishcbpmfd.exe – Worm Autorun
%WinDir%\wmgphvodyjgvxcmc.exe – Worm Autorun
%WinDir%\xqnzulhzxlldiqdwtfa.exe – Worm Autorun
%WinDir%\zuthexvppfhbishcbpmfd.exe – Worm Autorun
%Temp%\dupzshbrnzxnqwhyt.exe – Worm Autorun
%Temp%\kecpldatshibhqeywjfx.exe – Worm Autorun
%Temp%\mealfvqherqhlsewsd.exe – Worm Autorun
%Temp%\qmmbztsnofidlwmiixvpoj.exe – Worm Autorun
%Temp%\wmgphvodyjgvxcmc.exe – Worm Autorun
%Temp%\xheepzwwhro.exe – Worm Autorun
%Temp%\xqnzulhzxlldiqdwtfa.exe – Worm Autorun
%Temp%\zuthexvppfhbishcbpmfd.exe – Worm Autorun

Worm Autorun created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mughrxip: mealfvqherqhlsewsd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zenls: %Temp%\mealfvqherqhlsewsd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: zuthexvppfhbishcbpmfd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\oaqvjtitkrkv: %Temp%\dupzshbrnzxnqwhyt.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: xqnzulhzxlldiqdwtfa.exe .
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\rcrvirfpfld: %Temp%\wmgphvodyjgvxcmc.exe .
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dmzbmtfnb: xqnzulhzxlldiqdwtfa.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: %Temp%\mealfvqherqhlsewsd.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\wguxjrench: mealfvqherqhlsewsd.exe .
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: %Temp%\dupzshbrnzxnqwhyt.exe .

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images