I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
WMGPHVODYJGVXCMC.EXE – Worm Autorun removal
| File | MD5 | Virus Alias |
|---|---|---|
| WMGPHVODYJGVXCMC.EXE | 6a2ea8502fe92511e23ee5dd36e58490 | Worm Autorun |
| WMGPHVODYJGVXCMC.EXE | 6a2ea8502fe92511e23ee5dd36e58490 | Trojan Generic |
| WMGPHVODYJGVXCMC.EXE | 6a2ea8502fe92511e23ee5dd36e58490 | Trojan MLW |
| WMGPHVODYJGVXCMC.EXE | 6a2ea8502fe92511e23ee5dd36e58490 | Trojan Eldorado |
| WMGPHVODYJGVXCMC.EXE | 6a2ea8502fe92511e23ee5dd36e58490 | Trojan Downloader |
| WMGPHVODYJGVXCMC.EXE | 6a2ea8502fe92511e23ee5dd36e58490 | Trojan Siggen |
WMGPHVODYJGVXCMC.EXE size: 1040384 bytes
WMGPHVODYJGVXCMC.EXE hash: 6A2EA8502FE92511E23EE5DD36E58490
Created files:
%WinDir%\dupzshbrnzxnqwhyt.exe
%WinDir%\kecpldatshibhqeywjfx.exe
%WinDir%\mealfvqherqhlsewsd.exe
%WinDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\dupzshbrnzxnqwhyt.exe
%SysDir%\kecpldatshibhqeywjfx.exe
%SysDir%\mealfvqherqhlsewsd.exe
%SysDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\wmgphvodyjgvxcmc.exe
%SysDir%\xqnzulhzxlldiqdwtfa.exe
%SysDir%\zuthexvppfhbishcbpmfd.exe
%WinDir%\wmgphvodyjgvxcmc.exe
%WinDir%\xqnzulhzxlldiqdwtfa.exe
%WinDir%\zuthexvppfhbishcbpmfd.exe
%Temp%\dupzshbrnzxnqwhyt.exe
%Temp%\kecpldatshibhqeywjfx.exe
%Temp%\mealfvqherqhlsewsd.exe
%Temp%\qmmbztsnofidlwmiixvpoj.exe
%Temp%\wmgphvodyjgvxcmc.exe
%Temp%\xeppydn.exe
%Temp%\xheepzwwhro.exe
%Temp%\xqnzulhzxlldiqdwtfa.exe
%Temp%\zuthexvppfhbishcbpmfd.exe
Autostart registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mughrxip: xqnzulhzxlldiqdwtfa.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zenls: %Temp%\kecpldatshibhqeywjfx.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: kecpldatshibhqeywjfx.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\oaqvjtitkrkv: %Temp%\xqnzulhzxlldiqdwtfa.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: wmgphvodyjgvxcmc.exe .
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\rcrvirfpfld: %Temp%\xqnzulhzxlldiqdwtfa.exe .
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dmzbmtfnb: kecpldatshibhqeywjfx.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: %Temp%\xqnzulhzxlldiqdwtfa.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\wguxjrench: zuthexvppfhbishcbpmfd.exe .
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: %Temp%\zuthexvppfhbishcbpmfd.exe .
Detected by UnHackMe:
WMGPHVODYJGVXCMC.EXE
Default location: %SYSDIR%\WMGPHVODYJGVXCMC.EXE
Dropper information:
MD5: 6a2ea8502fe92511e23ee5dd36e58490
File size: 1040384 bytes