I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
WINUPDATE.EXE – Worm Ngrbot removal
File | MD5 | Virus Alias |
---|---|---|
WINUPDATE.EXE | 39e8d7e57cf5fe1ef5cc5c74a7c851f1 | Worm Ngrbot |
WINUPDATE.EXE | 39e8d7e57cf5fe1ef5cc5c74a7c851f1 | Trojan Ransom |
WINUPDATE.EXE | 39e8d7e57cf5fe1ef5cc5c74a7c851f1 | Trojan SuspiciousFile |
WINUPDATE.EXE | 39e8d7e57cf5fe1ef5cc5c74a7c851f1 | Backdoor RBot |
WINUPDATE.EXE | 39e8d7e57cf5fe1ef5cc5c74a7c851f1 | Trojan ZBot |
WINUPDATE.EXE size: 150016 bytes
WINUPDATE.EXE hash: 39E8D7E57CF5FE1EF5CC5C74A7C851F1
Created files:
%Local AppData%\Google\Update\gupdate.exe
%Local AppData%\Microsoft\Windows\winupdate.exe
%Local AppData%\NVIDIA Corporation\Update\daemonupd.exe
Autostart registry keys:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\NvUpdService: %WinDir%\System32\config\Systemprofile\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe /app EA1CCE5CEC7B0B6AF6E1EC03F76D1AC0
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Google Update: %WinDir%\System32\config\Systemprofile\Local Settings\Application Data\Google\Update\gupdate.exe /app EA1CCE5CEC7B0B6AF6E1EC03F76D1AC0
Detected by UnHackMe:
WINUPDATE.EXE
Default location: %LOCAL APPDATA%\MICROSOFT\WINDOWS\WINUPDATE.EXE
Dropper information:
MD5: 88196b7800b3050f550966f6e9b6e8f0
File size: 106695 bytes