XEPPYDN.EXE – Worm Autorun

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

XEPPYDN.EXE – Worm Autorun removal

FileMD5Virus Alias
XEPPYDN.EXE b38a0151fe71fff6117fcc97f8ecd1a1 Worm Autorun
XEPPYDN.EXE b38a0151fe71fff6117fcc97f8ecd1a1 Trojan Unknown.Suspicious.File
XEPPYDN.EXE b38a0151fe71fff6117fcc97f8ecd1a1 Trojan Eldorado
XEPPYDN.EXE b38a0151fe71fff6117fcc97f8ecd1a1 Trojan Vilsel
XEPPYDN.EXE b38a0151fe71fff6117fcc97f8ecd1a1 Trojan Renos
XEPPYDN.EXE b38a0151fe71fff6117fcc97f8ecd1a1 Trojan Agent

XEPPYDN.EXE size: 737280 bytes
XEPPYDN.EXE hash: B38A0151FE71FFF6117FCC97F8ECD1A1

Created files:

%WinDir%\dupzshbrnzxnqwhyt.exe
%WinDir%\kecpldatshibhqeywjfx.exe
%WinDir%\mealfvqherqhlsewsd.exe
%WinDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\dupzshbrnzxnqwhyt.exe
%SysDir%\kecpldatshibhqeywjfx.exe
%SysDir%\mealfvqherqhlsewsd.exe
%SysDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\wmgphvodyjgvxcmc.exe
%SysDir%\xqnzulhzxlldiqdwtfa.exe
%SysDir%\zuthexvppfhbishcbpmfd.exe
%TEMP%\dupzshbrnzxnqwhyt.exe
%TEMP%\kecpldatshibhqeywjfx.exe
%TEMP%\mealfvqherqhlsewsd.exe
%TEMP%\qmmbztsnofidlwmiixvpoj.exe
%TEMP%\wmgphvodyjgvxcmc.exe
%TEMP%\xeppydn.exe
%TEMP%\xheepzwwhro.exe
%TEMP%\xqnzulhzxlldiqdwtfa.exe
%TEMP%\zuthexvppfhbishcbpmfd.exe
%WinDir%\wmgphvodyjgvxcmc.exe
%WinDir%\xqnzulhzxlldiqdwtfa.exe
%WinDir%\zuthexvppfhbishcbpmfd.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mughrxip: dupzshbrnzxnqwhyt.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zenls: %TEMP%\zuthexvppfhbishcbpmfd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: zuthexvppfhbishcbpmfd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\oaqvjtitkrkv: %TEMP%\mealfvqherqhlsewsd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: kecpldatshibhqeywjfx.exe .
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\rcrvirfpfld: %TEMP%\mealfvqherqhlsewsd.exe .
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dmzbmtfnb: dupzshbrnzxnqwhyt.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: %TEMP%\kecpldatshibhqeywjfx.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\wguxjrench: xqnzulhzxlldiqdwtfa.exe .
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: %TEMP%\mealfvqherqhlsewsd.exe .

Detected by UnHackMe:

XEPPYDN.EXE
Default location: %TEMP%\XEPPYDN.EXE

Dropper information:
MD5: 4431e7f9026124af0d61737d8466ad43
File size: 479232 bytes

Leave a Reply