OFFICEUPDATE.EXE – Rootkit SpyEye

Alex NightWatcher

Rootkits No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

OFFICEUPDATE.EXE – Rootkit SpyEye removal

File	MD5	Virus Alias
OFFICEUPDATE.EXE	1a7c2682cfbf3e95cdb794746744efed	Rootkit SpyEye
OFFICEUPDATE.EXE	1a7c2682cfbf3e95cdb794746744efed	Trojan Artemis
OFFICEUPDATE.EXE	1a7c2682cfbf3e95cdb794746744efed	Trojan CI
OFFICEUPDATE.EXE	1a7c2682cfbf3e95cdb794746744efed	Trojan ZBot

OFFICEUPDATE.EXE size: 1203009 bytes
OFFICEUPDATE.EXE hash: 1A7C2682CFBF3E95CDB794746744EFED

Created files:

%Program Files Common%\MSOfficeUpdt\OfficeUpdate.exe
%TEMP%\file.exe
%TEMP%\is-JD4KK.tmp\3300.exe
%TEMP%\is-JD4KK.tmp\rog\unins000.exe

Autostart registry keys:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Javau: %TEMP%\file.exeC:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\1DFAGX: %Program Files Common%\MSOfficeUpdt\OfficeUpdate.exe

Detected by UnHackMe:

OFFICEUPDATE.EXE
Default location: %PROGRAM FILES COMMON%\MSOFFICEUPDT\OFFICEUPDATE.EXE

Dropper information:
MD5: 5a053e1e149aa349ac24306ab45011c8
File size: 9133285 bytes

Leave a Reply Cancel reply

You must be logged in to post a comment.