WINUPDATE.EXE – Trojan Artemis

Alex NightWatcher

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

WINUPDATE.EXE – Trojan Artemis removal

File	MD5	Virus Alias
WINUPDATE.EXE	e79ca49f23b2cb455e426ca9dffbee97	Trojan Artemis
WINUPDATE.EXE	e79ca49f23b2cb455e426ca9dffbee97	Trojan SuspiciousFile
WINUPDATE.EXE	e79ca49f23b2cb455e426ca9dffbee97	Trojan Generic
WINUPDATE.EXE	e79ca49f23b2cb455e426ca9dffbee97	Trojan Downloader

WINUPDATE.EXE size: 33792 bytes
WINUPDATE.EXE hash: E79CA49F23B2CB455E426CA9DFFBEE97

Created files:

%UserProfile%\Local Settings\Application Data\Google\Update\gupdate.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\winupdate.exe
%UserProfile%\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe

Autostart registry keys:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\NvUpdService: %Local AppData%\NVIDIA Corporation\Update\daemonupd.exe /app D3E959B40E5A16A975A8B5098FC2A8FB
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Google Update: %Local AppData%\Google\Update\gupdate.exe /app D3E959B40E5A16A975A8B5098FC2A8FB

Detected by UnHackMe:

WINUPDATE.EXE
Default location: %LOCAL APPDATA%\MICROSOFT\WINDOWS\WINUPDATE.EXE

Dropper information:
MD5: 9d47c659ff7e982e099c339568d9f806
File size: 37686 bytes

Leave a Reply Cancel reply

You must be logged in to post a comment.