I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
VD2.EXE – Virus Madang removal
| File | MD5 | Virus Alias |
|---|---|---|
| VD2.EXE | eb31c19802fc0519e5f7438f202618ad | Virus Madang |
| VD2.EXE | eb31c19802fc0519e5f7438f202618ad | Trojan XPACK |
| VD2.EXE | eb31c19802fc0519e5f7438f202618ad | Trojan Generic |
VD2.EXE size: 10240 bytes
VD2.EXE hash: EB31C19802FC0519E5F7438F202618AD
Created files:
%Program Files%\Mozilla Firefox\firefox.xzg
%Program Files%\MSN Gaming Zone\Windows\bckgzm.exe
%Program Files%\MSN Gaming Zone\Windows\chkrzm.exe
%Program Files%\NetMeeting\conf.bew
%Program Files%\Vd2.exe
%Program Files%\Windows NT\dialer.ogm
%SysDir%\taskmgr.exe
%SysDir%\VBoxService.exe
%SysDir%\Winkber.exe
%TEMP%\Aph7.exe
%TEMP%\Cis3.exe
%TEMP%\Fcg5.exe
%TEMP%\Jnm4.exe
%TEMP%\Qzm9.exe
%TEMP%\Znf6.exe
%TEMP%\Ztr8.exe
\\VBOXSVR\in\Mdx.txt.exe
%Common AppData%\Microsoft\Dr Watson\user.dmp
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\T17894\Type: 10010000
HKLM\System\CurrentControlSet\Services\T17894\Start: 03000000
HKLM\System\CurrentControlSet\Services\T17894\DisplayName: T17894
HKLM\System\CurrentControlSet\Services\T17894\ImagePath: \\VBOXSVR\in\Mdx.txt.exe
HKLM\System\CurrentControlSet\Services\Winkber\Type: 10010000
HKLM\System\CurrentControlSet\Services\Winkber\Start: 02000000
HKLM\System\CurrentControlSet\Services\Winkber\DisplayName: Winkber
HKLM\System\CurrentControlSet\Services\Winkber\ImagePath: %WinDir%\System32\Winkber.exe
Detected by UnHackMe:
VD2.EXE
Default location: %PROGRAM FILES%\VD2.EXE
Dropper information:
MD5: d795150c8f7bcd7adc537ac3fc890204
File size: 90269 bytes