VBOXCERTUTIL.EXE – Virus Sality

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

VBOXCERTUTIL.EXE – Virus Sality removal

FileMD5Virus Alias
VBOXCERTUTIL.EXE 4c30f031488f58e88c88320835c06199 Virus Sality
VBOXCERTUTIL.EXE 4c30f031488f58e88c88320835c06199 Worm Tanatos

VBOXCERTUTIL.EXE size: 1355040 bytes
VBOXCERTUTIL.EXE hash: 4C30F031488F58E88C88320835C06199

Created files:

C:\1716b9
%WinDir%\regsvr.exe
%SysDir%\28463\svchost.001
%SysDir%\28463\svchost.exe
%SysDir%\regsvr.exe
%SysDir%\svchost .exe
D:\171ac1
D:\cert\VBoxCertUtil.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\svchost Agent: %WinDir%\System32\28463\svchost.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe regsvr.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Msn Messsenger: %WinDir%\System32\regsvr.exe

Detected by UnHackMe:

VBOXCERTUTIL.EXE
Default location: D:\CERT\VBOXCERTUTIL.EXE

Dropper information:
MD5: ceaf4d9e1f408299144e75d7f29c1810
File size: 997537 bytes

Leave a Reply