GWY31.EXE – Trojan SuspiciousFile

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

GWY31.EXE – Trojan SuspiciousFile removal

FileMD5Virus Alias
GWY31.EXE ce691cc84765574fe923cb5278a376c1 Trojan SuspiciousFile

GWY31.EXE size: 100352 bytes
GWY31.EXE hash: CE691CC84765574FE923CB5278A376C1

Created files:

%Program Files%\MSN Gaming Zone\Windows\bckgzm.exe
%Program Files%\MSN Gaming Zone\Windows\chkrzm.exe
%Program Files%\NetMeeting\conf.afw
%Program Files%\NetMeeting\conf.exe
%SysDir%\taskmgr.exe
%SysDir%\Winkxmp.exe
%TEMP%\Etc33.exe
%TEMP%\Ey30.exe
%TEMP%\Gwy31.exe
%TEMP%\Xn2F.exe
%TEMP%\Xrm32.exe
\\VBOXSVR\in\Gouz.txt.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Gnk0Js4\Type: 10010000
HKLM\System\CurrentControlSet\Services\Gnk0Js4\Start: 03000000
HKLM\System\CurrentControlSet\Services\Gnk0Js4\DisplayName: Gnk0Js4
HKLM\System\CurrentControlSet\Services\Gnk0Js4\ImagePath: \\VBOXSVR\in\Gouz.txt.exe
HKLM\System\CurrentControlSet\Services\Winkxmp\Type: 10010000
HKLM\System\CurrentControlSet\Services\Winkxmp\Start: 02000000
HKLM\System\CurrentControlSet\Services\Winkxmp\DisplayName: Winkxmp
HKLM\System\CurrentControlSet\Services\Winkxmp\ImagePath: %WinDir%\System32\Winkxmp.exe

Detected by UnHackMe:

GWY31.EXE
Default location: %TEMP%\GWY31.EXE

Dropper information:
MD5: ddb8a3ec1f7a8de8b502141a7af1df80
File size: 81376 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images