OOCR.EXE – Trojan Agent

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

OOCR.EXE – Trojan Agent removal

FileMD5Virus Alias
OOCR.EXE 1d1266762a5ef16dacd1a43627a13c2f Trojan Agent
OOCR.EXE 1d1266762a5ef16dacd1a43627a13c2f Trojan Click

OOCR.EXE size: 266240 bytes
OOCR.EXE hash: 1D1266762A5EF16DACD1A43627A13C2F

Created files:

C:\CONFIG.SYS
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak
C:\Documents and Settings\Default User\SendTo\Compressed (zipped) Folder.ZFSendToTarget
C:\Documents and Settings\Default User\SendTo\Desktop (create shortcut).DeskLink
C:\Documents and Settings\Default User\SendTo\Mail Recipient.MAPIMail
C:\Documents and Settings\Default User\Templates\amipro.sam
C:\Documents and Settings\Default User\Templates\lotus.wk4
C:\Documents and Settings\Default User\Templates\powerpnt.ppt
C:\Documents and Settings\Default User\Templates\presenta.shw
C:\Documents and Settings\Default User\Templates\quattro.wb2
C:\Documents and Settings\Default User\Templates\wordpfct.wpd
C:\Documents and Settings\Default User\Templates\wordpfct.wpg
C:\pk.bin
C:\rinst.exe
C:\svchost.exe
C:\svchosthk.dll
C:\svchostwb.dll
%TEMP%\RarSFX0\OOCR.exe
%TEMP%\RarSFX0\pk.bin
%TEMP%\RarSFX0\rinst.exe
%TEMP%\RarSFX0\svchost.exe
%TEMP%\RarSFX0\svchosthk.dll
%TEMP%\RarSFX0\svchostwb.dll

Detected by UnHackMe:

OOCR.EXE
Default location: %TEMP%\RARSFX0\OOCR.EXE

Dropper information:
MD5: 83adb3952c225d45a0feeededeef7a83
File size: 331836 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images