OCVBB.EXE – Trojan DNSChanger

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

OCVBB.EXE – Trojan DNSChanger removal

FileMD5Virus Alias
OCVBB.EXE 14b3963b6c5d96671ce16743719367e9 Trojan DNSChanger
OCVBB.EXE 14b3963b6c5d96671ce16743719367e9 Trojan Eldorado
OCVBB.EXE 14b3963b6c5d96671ce16743719367e9 Trojan Downloader
OCVBB.EXE 14b3963b6c5d96671ce16743719367e9 Trojan Crypt

OCVBB.EXE size: 34863 bytes
OCVBB.EXE hash: 14B3963B6C5D96671CE16743719367E9

Created files:

%SysDir%\kernel32.exe
%SysDir%\ocvbb.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer: 85.255.116.67 85.255.112.71
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\NameServer: 85.255.116.67 85.255.112.71
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5CAF79F3-7B39-4653-9DDB-483419D23C12}\NameServer: 85.255.116.67,85.255.112.71
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5CAF79F3-7B39-4653-9DDB-483419D23C12}\DhcpNameServer: 85.255.116.67,85.255.112.71
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A4AF5AD9-358D-4F1B-920C-0AF544486F26}\NameServer: 85.255.116.67,85.255.112.71
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A4AF5AD9-358D-4F1B-920C-0AF544486F26}\DhcpNameServer: 85.255.116.67,85.255.112.71

Detected by UnHackMe:

OCVBB.EXE
Default location: %SYSDIR%\OCVBB.EXE

Dropper information:
MD5: 14b3963b6c5d96671ce16743719367e9
File size: 34863 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images