Solved! Use WINCIRL.COM (Backdoor Maximus) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

WINCIRL.COM – Backdoor Maximus removal

File MD5 Virus Alias
WINCIRL.COM 514519e465f309f99bd455f7d0826485 Backdoor Maximus
WINCIRL.COM 514519e465f309f99bd455f7d0826485 Trojan VBTrojan
WINCIRL.COM 514519e465f309f99bd455f7d0826485 Trojan Generic
WINCIRL.COM 514519e465f309f99bd455f7d0826485 Trojan Agent
WINCIRL.COM 514519e465f309f99bd455f7d0826485 Worm Pronny

WINCIRL.COM size: 138771 bytes
WINCIRL.COM hash: 514519E465F309F99BD455F7D0826485

Created files:

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ .exe
%WinDir%\system\wincirl.com
%SysDir%\SVCH0ST.EXE
%Common Startmenu%\Programs\Startup\ .exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\TEST.exe
%Favorites%\Links\www.test.com
%Startup%\ .exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: Explorer.exe %WinDir%/System32/SVCH0ST.EXE
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: %WinDir%/System/wincirl.com

Detected by UnHackMe:

WINCIRL.COM
Default location: %WinDir%\SYSTEM\WINCIRL.COM

Dropper information:
MD5: 514519e465f309f99bd455f7d0826485
File size: 138771 bytes

Leave a Reply