I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
RESIMLI.EXE – Backdoor Poison removal
| File | MD5 | Virus Alias |
|---|---|---|
| RESIMLI.EXE | eb1a2c8202d829d9ef0e1a21c76a8f11 | Backdoor Poison |
| RESIMLI.EXE | eb1a2c8202d829d9ef0e1a21c76a8f11 | Suspicious File |
| RESIMLI.EXE | eb1a2c8202d829d9ef0e1a21c76a8f11 | Trojan Generic |
| RESIMLI.EXE | eb1a2c8202d829d9ef0e1a21c76a8f11 | Trojan Downloader |
| RESIMLI.EXE | eb1a2c8202d829d9ef0e1a21c76a8f11 | Trojan Midgare |
| RESIMLI.EXE | eb1a2c8202d829d9ef0e1a21c76a8f11 | Trojan Agent |
RESIMLI.EXE size: 596862 bytes
RESIMLI.EXE hash: EB1A2C8202D829D9EF0E1A21C76A8F11
Created files:
%SysDir%\server.exe
%TEMP%\IXP000.TMP\resimli.exe
Autostart registry keys:
HKLM\Software\Microsoft\ACTIVE SETUP\INSTALLED COMPONENTS\{01D1CE6B-8E7E-3E4B-7C8E-16E4E634D0D6}\StubPath: %WinDir%\System32\win.com 2
HKLM\Software\Microsoft\Windows\CurrentVersion\RUN\win.com: %WinDir%\System32\win.com
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\*win.com: %WinDir%\System32\win.com
HKCU\Software\Microsoft\Windows\CurrentVersion\RUN\win.com: %WinDir%\System32\win.com
HKCU\Software\Microsoft\Windows\CurrentVersion\RUNONCE\*win.com: %WinDir%\System32\win.com
Detected by UnHackMe:
RESIMLI.EXE
Default location: %TEMP%\IXP000.TMP\RESIMLI.EXE
Dropper information:
MD5: 1a0413390a363fedcadbace9fb3db65d
File size: 600064 bytes