Solved! Use SANDBOX.EXE (Virus Sality) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SANDBOX.EXE – Virus Sality removal

File MD5 Virus Alias
SANDBOX.EXE 0119e70e60e0f2c1d9fdf426e6e63440 Virus Sality
SANDBOX.EXE 0119e70e60e0f2c1d9fdf426e6e63440 Worm Vobfus
SANDBOX.EXE 0119e70e60e0f2c1d9fdf426e6e63440 Trojan Krap
SANDBOX.EXE 0119e70e60e0f2c1d9fdf426e6e63440 Worm Autorun
SANDBOX.EXE 0119e70e60e0f2c1d9fdf426e6e63440 Trojan Agent

SANDBOX.EXE size: 290816 bytes
SANDBOX.EXE hash: 0119E70E60E0F2C1D9FDF426E6E63440

Created files:

C:\C.exe
C:\Documents and Settings\Documents and Settings.exe
%Program Files%\Program Files.exe
C:\Sandbox\Sandbox.exe
C:\System Volume Information\System Volume Information.exe
%WinDir%\Help\schedl.exe
%WinDir%\WINDOWS.exe
%Common DesktopDirectory%\Desktop.exe
%Common Documents%\My Music\My Music.exe
%Common Documents%\My Pictures\My Pictures.exe
%Common Documents%\My Videos\My Videos.exe
%Common Startmenu%\Programs\Programs.exe
%Common Startmenu%\Programs\Startup\Startup.exe
%Common Startmenu%\Start Menu.exe
%Personal%\Downloads\Downloads.exe
%Personal%\My Ducuments.exe
%Personal%\My Music\My Music.exe
%Personal%\My Pictures\My Pictures.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\RUN\schedl: %WinDir%\Help\schedl.exe

Detected by UnHackMe:

SANDBOX.EXE
Default location: C:\SANDBOX\SANDBOX.EXE

Dropper information:
MD5: 0119e70e60e0f2c1d9fdf426e6e63440
File size: 290816 bytes

Leave a Reply