Solved! Use 64.EXE (Worm Palevo) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

64.EXE – Worm Palevo removal

FileMD5Virus Alias
64.EXE c43aebf67560612465371ed13edab1fa Worm Palevo
64.EXE c43aebf67560612465371ed13edab1fa Trojan Generic
64.EXE c43aebf67560612465371ed13edab1fa Trojan Downloader
64.EXE c43aebf67560612465371ed13edab1fa Trojan Graftor
64.EXE c43aebf67560612465371ed13edab1fa Trojan Agent
64.EXE c43aebf67560612465371ed13edab1fa Trojan AVKill

64.EXE size: 187392 bytes
64.EXE hash: C43AEBF67560612465371ED13EDAB1FA

Created files:

%WinDir%\Help\64.exe
%WinDir%\Help\cssrss.exe
%WinDir%\Help\WStemp.vbs
%WinDir%\Temp\HostService.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\iCount\Type: 10010000
HKLM\System\CurrentControlSet\Services\iCount\Start: 02000000
HKLM\System\CurrentControlSet\Services\iCount\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\iCount\DisplayName: iCount
HKLM\System\CurrentControlSet\Services\iCount\ImagePath: %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\System\CurrentControlSet\Services\iCount\Description: ????????
HKLM\System\CurrentControlSet\Services\iCount\SBIE_Win32ExitCode: 02000000
HKLM\System\CurrentControlSet\Services\iCount\Parameters\ServiceDll: 43003A005C00570049004E0044004F00570053005C00540065006D0070005C0048006F007300740053006500720076006900630065002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\iCount\Parameters\ServiceMain: ServiceMain

Detected by UnHackMe:

64.EXE
Default location: %WinDir%\HELP\64.EXE

Dropper information:
MD5: ebf59b34fd1ab3a0eed3853a69b7c98c
File size: 340775 bytes

Leave a Reply