WINWORD.DOC.EXE – Worm Autoit

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

WINWORD.DOC.EXE – Worm Autoit removal

FileMD5Virus Alias
WINWORD.DOC.EXE 2e9cc286499c5e13184e3993edc8283a Worm Autoit
WINWORD.DOC.EXE 2e9cc286499c5e13184e3993edc8283a Trojan SuspiciousFile
WINWORD.DOC.EXE 2e9cc286499c5e13184e3993edc8283a Trojan Generic
WINWORD.DOC.EXE 2e9cc286499c5e13184e3993edc8283a Trojan Runner
WINWORD.DOC.EXE 2e9cc286499c5e13184e3993edc8283a Worm Sohanat
WINWORD.DOC.EXE 2e9cc286499c5e13184e3993edc8283a Worm Autorun

WINWORD.DOC.EXE size: 261582 bytes
WINWORD.DOC.EXE hash: 2E9CC286499C5E13184E3993EDC8283A

Created files:

C:\Documents and Settings\Default User\Templates\winword.doc.exe
C:\Documents and Settings\Default User\Templates\winword.nal
C:\Documents and Settings\Default User\Templates\winword2.doc.exe
%SysDir%\msvbvm50.433
%SysDir%\msvbvm60.435
%SysDir%\myajmmyozbnav.exe
%SysDir%\pckhar.exe
%SysDir%\rrfwsldglz.exe
%SysDir%\stpznifm.exe
%SysDir%\tsowzdkltpoqbeu.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dcigtygo: rrfwsldglz.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\zmxsgyir: tsowzdkltpoqbeu.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run : myajmmyozbnav.exe
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname: VirusBenci
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\NV Hostname: VirusBenci

Detected by UnHackMe:

WINWORD.DOC.EXE
Default location: C:\DOCUMENTS AND SETTINGS\DEFAULT USER\TEMPLATES\WINWORD.DOC.EXE

Dropper information:
MD5: 0a3b6f762dbc9b0e6de570117456554e
File size: 261550 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images