Solved! Use FLW8.EXE (Virus Madang) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

FLW8.EXE – Virus Madang removal

FileMD5Virus Alias
FLW8.EXE eb31c19802fc0519e5f7438f202618ad Virus Madang
FLW8.EXE eb31c19802fc0519e5f7438f202618ad Trojan XPACK
FLW8.EXE eb31c19802fc0519e5f7438f202618ad Trojan Generic

FLW8.EXE size: 10240 bytes
FLW8.EXE hash: EB31C19802FC0519E5F7438F202618AD

Created files:

%Program Files%\Flw8.exe
%Program Files%\Mozilla Firefox\firefox.qni
%Program Files%\MSN Gaming Zone\Windows\bckgzm.exe
%Program Files%\MSN Gaming Zone\Windows\chkrzm.exe
%Program Files%\MSN Gaming Zone\Windows\hrtzzm.exe
%Program Files%\NetMeeting\conf.bgo
%Program Files%\Windows NT\dialer.tnb
%SysDir%\taskmgr.exe
%SysDir%\VBoxService.exe
%SysDir%\Winkej.exe
%TEMP%\AfjB.exe
%TEMP%\AmvE.exe
%TEMP%\Eaj11.exe
%TEMP%\GeC.exe
%TEMP%\JahF.exe
%TEMP%\JuvD.exe
%TEMP%\Kzb9.exe
%TEMP%\Rye10.exe
%TEMP%\ZvvA.exe
%Common AppData%\Microsoft\Dr Watson\user.dmp

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Winkej\Type: 10010000
HKLM\System\CurrentControlSet\Services\Winkej\Start: 02000000
HKLM\System\CurrentControlSet\Services\Winkej\DisplayName: Winkej
HKLM\System\CurrentControlSet\Services\Winkej\ImagePath: %WinDir%\System32\Winkej.exe

Detected by UnHackMe:

FLW8.EXE
Default location: %PROGRAM FILES%\FLW8.EXE

Dropper information:
MD5: c5d3846655fd50b514b62a9b631bf0d0
File size: 380928 bytes

Leave a Reply