RWINDOWS.EXE – Trojan CoinMiner

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

RWINDOWS.EXE – Trojan CoinMiner removal

FileMD5Virus Alias
RWINDOWS.EXE a65a778ed0e1a928bb77c379bccb292f Trojan CoinMiner
RWINDOWS.EXE a65a778ed0e1a928bb77c379bccb292f Trojan Bitcoin
RWINDOWS.EXE a65a778ed0e1a928bb77c379bccb292f Trojan SuspiciousFile
RWINDOWS.EXE a65a778ed0e1a928bb77c379bccb292f Trojan Artemis
RWINDOWS.EXE a65a778ed0e1a928bb77c379bccb292f Trojan Generic
RWINDOWS.EXE a65a778ed0e1a928bb77c379bccb292f Trojan Graftor

RWINDOWS.EXE size: 1703648 bytes
RWINDOWS.EXE hash: A65A778ED0E1A928BB77C379BCCB292F

Created files:

C:\Downloads\Software_131231.exe
C:\rwindows\cgminer.exe
C:\rwindows\libcurl-4.dll
C:\rwindows\libeay32.dll
C:\rwindows\libidn-11.dll
C:\rwindows\librtmp.dll
C:\rwindows\libssh2.dll
C:\rwindows\rwindows.exe
C:\rwindows\scrypt130511.cl
C:\rwindows\ssleay32.dll
C:\rwindows\zlib1.dll
C:\temp\after.exe
C:\temp\cudaminer.exe
C:\temp\cudart32_50_35.dll
C:\temp\down.exe
C:\temp\libcurl-4.dll
C:\temp\minerd.exe
C:\temp\pthreadGC2.dll
C:\temp\pthreadVC2.dll
C:\temp\winstart_1312310410.exe
C:\temp\zlib1.dll

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\wstart: C:\temp\winstart_1312310410.exe

Detected by UnHackMe:

RWINDOWS.EXE
Default location: C:\RWINDOWS\RWINDOWS.EXE

Dropper information:
MD5: e57e9fcf8c90e8428a05206ae357b3bb
File size: 10648576 bytes

Leave a Reply