I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
GWY31.EXE – Trojan SuspiciousFile removal
| File | MD5 | Virus Alias |
|---|---|---|
| GWY31.EXE | ce691cc84765574fe923cb5278a376c1 | Trojan SuspiciousFile |
GWY31.EXE size: 100352 bytes
GWY31.EXE hash: CE691CC84765574FE923CB5278A376C1
Created files:
%Program Files%\MSN Gaming Zone\Windows\bckgzm.exe
%Program Files%\MSN Gaming Zone\Windows\chkrzm.exe
%Program Files%\NetMeeting\conf.afw
%Program Files%\NetMeeting\conf.exe
%SysDir%\taskmgr.exe
%SysDir%\Winkxmp.exe
%TEMP%\Etc33.exe
%TEMP%\Ey30.exe
%TEMP%\Gwy31.exe
%TEMP%\Xn2F.exe
%TEMP%\Xrm32.exe
\\VBOXSVR\in\Gouz.txt.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\Gnk0Js4\Type: 10010000
HKLM\System\CurrentControlSet\Services\Gnk0Js4\Start: 03000000
HKLM\System\CurrentControlSet\Services\Gnk0Js4\DisplayName: Gnk0Js4
HKLM\System\CurrentControlSet\Services\Gnk0Js4\ImagePath: \\VBOXSVR\in\Gouz.txt.exe
HKLM\System\CurrentControlSet\Services\Winkxmp\Type: 10010000
HKLM\System\CurrentControlSet\Services\Winkxmp\Start: 02000000
HKLM\System\CurrentControlSet\Services\Winkxmp\DisplayName: Winkxmp
HKLM\System\CurrentControlSet\Services\Winkxmp\ImagePath: %WinDir%\System32\Winkxmp.exe
Detected by UnHackMe:
GWY31.EXE
Default location: %TEMP%\GWY31.EXE
Dropper information:
MD5: ddb8a3ec1f7a8de8b502141a7af1df80
File size: 81376 bytes