Solved! Use ZER41.EXE (Unclassified Malware) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

ZER41.EXE – Unclassified Malware removal

ZER41.EXE size: 539136 bytes
ZER41.EXE hash: 5F386124C0CD7E9A76E2018B520D877A

Created files:

%Program Files%\Mozilla Firefox\firefox.caf
%Program Files%\MSN Gaming Zone\Windows\bckgzm.exe
%Program Files%\MSN Gaming Zone\Windows\chkrzm.exe
%Program Files%\MSN Gaming Zone\Windows\hrtzzm.exe
%Program Files%\Nc3C.exe
%Program Files%\NetMeeting\conf.hyw
%Program Files%\Windows NT\dialer.dle
%SysDir%\taskmgr.exe
%SysDir%\VBoxService.exe
%SysDir%\Winkhei.exe
%TEMP%\Bwu3D.exe
%TEMP%\Cjv43.exe
%TEMP%\Gsu3E.exe
%TEMP%\Jcu42.exe
%TEMP%\Pk3F.exe
%TEMP%\Qmq44.exe
%TEMP%\Ti40.exe
%TEMP%\Zer41.exe
\\VBOXSVR\in\Pct.exe
%Common AppData%\Microsoft\Dr Watson\user.dmp

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\I8H31f2X\Type: 10010000
HKLM\System\CurrentControlSet\Services\I8H31f2X\Start: 03000000
HKLM\System\CurrentControlSet\Services\I8H31f2X\DisplayName: I8H31f2X
HKLM\System\CurrentControlSet\Services\I8H31f2X\ImagePath: \\VBOXSVR\in\Pct.exe
HKLM\System\CurrentControlSet\Services\Winkhei\Type: 10010000
HKLM\System\CurrentControlSet\Services\Winkhei\Start: 02000000
HKLM\System\CurrentControlSet\Services\Winkhei\DisplayName: Winkhei
HKLM\System\CurrentControlSet\Services\Winkhei\ImagePath: %WinDir%\System32\Winkhei.exe

Detected by UnHackMe:

ZER41.EXE
Default location: %TEMP%\ZER41.EXE

Dropper information:
MD5: d689ff358141697884465d50b61ae6b0
File size: 380928 bytes

Leave a Reply