Fake Antivirus Winwebsec – 20803e.sys – 522bbef4d4ff36105c94db057ae9f44e

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

Fake Antivirus Winwebsec
Also known as: Trojan ZBot, Trojan FakeAV
SHA256: ef5dbe128ea65c7ec02d4122a2f18529bc6401d7d550d11ff09197def375b5c2
SHA1: 36d2b93adb43a7e458651f32c7650cc5ae6e93b7
MD5: 522bbef4d4ff36105c94db057ae9f44e
File size: 508040 bytes

Created files:

%SysDir%\drivers\20803e.sys – Fake Antivirus Winwebsec
%Local AppData%\d4e5baa17eb356e.exe – Fake Antivirus Winwebsec

Fake Antivirus Winwebsec created autostart registry keys:

HKLM\System\CurrentControlSet\Services\20803e\Type: 01000000
HKLM\System\CurrentControlSet\Services\20803e\Start: 01000000
HKLM\System\CurrentControlSet\Services\20803e\DisplayName: d4e5baa17eb356e.exe
HKLM\System\CurrentControlSet\Services\20803e\ImagePath: %WinDir%\System32\drivers\20803e.sys
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\d4e5baa17eb356e.exe: %Local AppData%\d4e5baa17eb356e.exe

Leave a Reply