XHEEPZWWHRO.EXE – Trojan Vilsel

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

XHEEPZWWHRO.EXE – Trojan Vilsel removal

FileMD5Virus Alias
XHEEPZWWHRO.EXE 07836748681d3c427dbe97f8a7061e38 Trojan Vilsel
XHEEPZWWHRO.EXE 07836748681d3c427dbe97f8a7061e38 Trojan Generic
XHEEPZWWHRO.EXE 07836748681d3c427dbe97f8a7061e38 Trojan Eldorado
XHEEPZWWHRO.EXE 07836748681d3c427dbe97f8a7061e38 Trojan PAM
XHEEPZWWHRO.EXE 07836748681d3c427dbe97f8a7061e38 Trojan Renos
XHEEPZWWHRO.EXE 07836748681d3c427dbe97f8a7061e38 Worm Autorun

XHEEPZWWHRO.EXE size: 327680 bytes
XHEEPZWWHRO.EXE hash: 07836748681D3C427DBE97F8A7061E38

Created files:

%WinDir%\dupzshbrnzxnqwhyt.exe
%WinDir%\kecpldatshibhqeywjfx.exe
%WinDir%\mealfvqherqhlsewsd.exe
%WinDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\dupzshbrnzxnqwhyt.exe
%SysDir%\kecpldatshibhqeywjfx.exe
%SysDir%\mealfvqherqhlsewsd.exe
%SysDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\wmgphvodyjgvxcmc.exe
%SysDir%\xqnzulhzxlldiqdwtfa.exe
%SysDir%\zuthexvppfhbishcbpmfd.exe
%TEMP%\dupzshbrnzxnqwhyt.exe
%TEMP%\kecpldatshibhqeywjfx.exe
%TEMP%\mealfvqherqhlsewsd.exe
%TEMP%\qmmbztsnofidlwmiixvpoj.exe
%TEMP%\wmgphvodyjgvxcmc.exe
%TEMP%\xeppydn.exe
%TEMP%\xheepzwwhro.exe
%TEMP%\xqnzulhzxlldiqdwtfa.exe
%TEMP%\zuthexvppfhbishcbpmfd.exe
%WinDir%\wmgphvodyjgvxcmc.exe
%WinDir%\xqnzulhzxlldiqdwtfa.exe
%WinDir%\zuthexvppfhbishcbpmfd.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mughrxip: dupzshbrnzxnqwhyt.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zenls: %TEMP%\zuthexvppfhbishcbpmfd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: zuthexvppfhbishcbpmfd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\oaqvjtitkrkv: %TEMP%\mealfvqherqhlsewsd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: kecpldatshibhqeywjfx.exe .
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\rcrvirfpfld: %TEMP%\mealfvqherqhlsewsd.exe .
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dmzbmtfnb: dupzshbrnzxnqwhyt.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: %TEMP%\kecpldatshibhqeywjfx.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\wguxjrench: xqnzulhzxlldiqdwtfa.exe .
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: %TEMP%\mealfvqherqhlsewsd.exe .

Detected by UnHackMe:

XHEEPZWWHRO.EXE
Default location: %TEMP%\XHEEPZWWHRO.EXE

Dropper information:
MD5: 4431e7f9026124af0d61737d8466ad43
File size: 479232 bytes

Leave a Reply