WINUPDATE.EXE – Trojan Artemis

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

WINUPDATE.EXE – Trojan Artemis removal

FileMD5Virus Alias
WINUPDATE.EXE af70220e32d1fc00141f407780b63263 Trojan Artemis
WINUPDATE.EXE af70220e32d1fc00141f407780b63263 Trojan BadReputation
WINUPDATE.EXE af70220e32d1fc00141f407780b63263 Trojan SuspiciousFile
WINUPDATE.EXE af70220e32d1fc00141f407780b63263 Trojan Generic
WINUPDATE.EXE af70220e32d1fc00141f407780b63263 Trojan Downloader
WINUPDATE.EXE af70220e32d1fc00141f407780b63263 Trojan Siggen

WINUPDATE.EXE size: 33792 bytes
WINUPDATE.EXE hash: AF70220E32D1FC00141F407780B63263

Created files:

%UserProfile%\Local Settings\Application Data\Google\Update\gupdate.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\winupdate.exe
%UserProfile%\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe

Autostart registry keys:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\NvUpdService: %Local AppData%\NVIDIA Corporation\Update\daemonupd.exe /app D18F5B0A90AE14FF9D3573E4CCC31978
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Google Update: %Local AppData%\Google\Update\gupdate.exe /app D18F5B0A90AE14FF9D3573E4CCC31978

Detected by UnHackMe:

WINUPDATE.EXE
Default location: %LOCAL APPDATA%\MICROSOFT\WINDOWS\WINUPDATE.EXE

Dropper information:
MD5: c402701cfa843c5664a665089454608b
File size: 37646 bytes

Leave a Reply