I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
WINVNC.EXE – Adware RemoteAdmin removal
File | MD5 | Virus Alias |
---|---|---|
WINVNC.EXE | ac5e6b891a09d5a41ea7f72a5df0a905 | Adware RemoteAdmin |
WINVNC.EXE | ac5e6b891a09d5a41ea7f72a5df0a905 | Adware WinVNC |
WINVNC.EXE size: 2015968 bytes
WINVNC.EXE hash: AC5E6B891A09D5A41EA7F72A5DF0A905
Created files:
%WinDir%\HMZ\authadmin.dll
%WinDir%\HMZ\authSSP.dll
%WinDir%\HMZ\check_install.exe
%WinDir%\HMZ\driver\driver\mv2.dll
%WinDir%\HMZ\driver\driver\mv2.sys
%WinDir%\HMZ\driver\setupdrv.exe
%WinDir%\HMZ\ldapauth.dll
%WinDir%\HMZ\ldapauth9x.dll
%WinDir%\HMZ\ldapauthnt4.dll
%WinDir%\HMZ\logging.dll
%WinDir%\HMZ\logmessages.dll
%WinDir%\HMZ\MSLogonACL.exe
%WinDir%\HMZ\MSRC4Plugin_for_sc.dsm
%WinDir%\HMZ\SCHook.dll
%WinDir%\HMZ\SecureVNCPlugin.dsm
%WinDir%\HMZ\setcad.exe
%WinDir%\HMZ\setpasswd.exe
%WinDir%\HMZ\unins000.msg
%WinDir%\HMZ\uvnc_settings.exe
%WinDir%\HMZ\vnchooks.dll
%WinDir%\HMZ\winvnc.exe
%WinDir%\HMZ\workgrpdomnt4.dll
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\/windows/hmz/die\Type: 10000000
HKLM\System\CurrentControlSet\Services\/windows/hmz/die\Start: 02000000
HKLM\System\CurrentControlSet\Services\/windows/hmz/die\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\/windows/hmz/die\DisplayName: /windows/hmz/die
HKLM\System\CurrentControlSet\Services\/windows/hmz/die\ImagePath: “%WinDir%\HMZ\winvnc.exe” -service
HKLM\System\CurrentControlSet\Services\/windows/hmz/die\Description: Provides secure remote desktop sharing
Detected by UnHackMe:
WINVNC.EXE
Default location: %WinDir%\HMZ\WINVNC.EXE
Dropper information:
MD5: 62b0a04c4fe9bf3ea2bbe155e9534510
File size: 1492351 bytes