WINUPDATE.EXE – Trojan Downloader

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

WINUPDATE.EXE – Trojan Downloader removal

FileMD5Virus Alias
WINUPDATE.EXE ea80e31ef10b9766bd8f24b97de8e9f7 Trojan Downloader
WINUPDATE.EXE ea80e31ef10b9766bd8f24b97de8e9f7 Trojan SuspiciousFile
WINUPDATE.EXE ea80e31ef10b9766bd8f24b97de8e9f7 Trojan Generic
WINUPDATE.EXE ea80e31ef10b9766bd8f24b97de8e9f7 Trojan Siggen
WINUPDATE.EXE ea80e31ef10b9766bd8f24b97de8e9f7 Trojan Agent
WINUPDATE.EXE ea80e31ef10b9766bd8f24b97de8e9f7 Trojan ZBot

WINUPDATE.EXE size: 33792 bytes
WINUPDATE.EXE hash: EA80E31EF10B9766BD8F24B97DE8E9F7

Created files:

%Local AppData%\Google\Update\gupdate.exe
%Local AppData%\Microsoft\Windows\winupdate.exe
%Local AppData%\NVIDIA Corporation\Update\daemonupd.exe

Autostart registry keys:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\NvUpdService: %WinDir%\System32\config\Systemprofile\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe /app CBFBE7913AD734CD45487BA471251013
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Google Update: %WinDir%\System32\config\Systemprofile\Local Settings\Application Data\Google\Update\gupdate.exe /app CBFBE7913AD734CD45487BA471251013

Detected by UnHackMe:

WINUPDATE.EXE
Default location: %LOCAL APPDATA%\MICROSOFT\WINDOWS\WINUPDATE.EXE

Dropper information:
MD5: 250d3b6d04f1fa02368b7bcf5e9e6742
File size: 37663 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images