OFFICEUPDATE.EXE – Rootkit SpyEye

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

OFFICEUPDATE.EXE – Rootkit SpyEye removal

FileMD5Virus Alias
OFFICEUPDATE.EXE 1a7c2682cfbf3e95cdb794746744efed Rootkit SpyEye
OFFICEUPDATE.EXE 1a7c2682cfbf3e95cdb794746744efed Trojan Artemis
OFFICEUPDATE.EXE 1a7c2682cfbf3e95cdb794746744efed Trojan CI
OFFICEUPDATE.EXE 1a7c2682cfbf3e95cdb794746744efed Trojan ZBot

OFFICEUPDATE.EXE size: 1203009 bytes
OFFICEUPDATE.EXE hash: 1A7C2682CFBF3E95CDB794746744EFED

Created files:

%Program Files Common%\MSOfficeUpdt\OfficeUpdate.exe
%TEMP%\file.exe
%TEMP%\is-JD4KK.tmp\3300.exe
%TEMP%\is-JD4KK.tmp\rog\unins000.exe

Autostart registry keys:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Javau: %TEMP%\file.exeC:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\1DFAGX: %Program Files Common%\MSOfficeUpdt\OfficeUpdate.exe

Detected by UnHackMe:

OFFICEUPDATE.EXE
Default location: %PROGRAM FILES COMMON%\MSOFFICEUPDT\OFFICEUPDATE.EXE

Dropper information:
MD5: 5a053e1e149aa349ac24306ab45011c8
File size: 9133285 bytes

Leave a Reply