Solved! Use TEST.EXE (Worm Vobfus) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

TEST.EXE – Worm Vobfus removal

FileMD5Virus Alias
TEST.EXE 8b474678cc1604b6651b97cdcf5b0430 Worm Vobfus
TEST.EXE 8b474678cc1604b6651b97cdcf5b0430 Trojan Generic
TEST.EXE 8b474678cc1604b6651b97cdcf5b0430 Trojan Hllw
TEST.EXE 8b474678cc1604b6651b97cdcf5b0430 Backdoor Maximus
TEST.EXE 8b474678cc1604b6651b97cdcf5b0430 Trojan Agent
TEST.EXE 8b474678cc1604b6651b97cdcf5b0430 Trojan Crypt

TEST.EXE size: 25806 bytes
TEST.EXE hash: 8B474678CC1604B6651B97CDCF5B0430

Created files:

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Office Tools.exe
C:\TEST.exe
%SysDir%\SVCH0ST.EXE
D:\TEST.exe
%Common Startmenu%\Programs\Startup\Office Tools.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\TEST.pif
%Temp%\TEST.EXE
%Startup%\Office Tools.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\run\Microsoft Agent: %WinDir%\System32\SVCH0ST.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: Explorer.exe %WinDir%/System32/SVCH0ST.EXE

Detected by UnHackMe:

TEST.EXE
Default location: D:\TEST.EXE

Dropper information:
MD5: d837a3506b400017c4532e1e49380d89
File size: 32389 bytes

Leave a Reply