I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
BALL.EXE – Worm Palevo removal
| File | MD5 | Virus Alias |
|---|---|---|
| BALL.EXE | ee458be8ef1950c232cec0c301468522 | Worm Palevo |
| BALL.EXE | ee458be8ef1950c232cec0c301468522 | Trojan, Suspicious File |
| BALL.EXE | ee458be8ef1950c232cec0c301468522 | Trojan Generic |
| BALL.EXE | ee458be8ef1950c232cec0c301468522 | Trojan Eldorado |
| BALL.EXE | ee458be8ef1950c232cec0c301468522 | Trojan Magania |
| BALL.EXE | ee458be8ef1950c232cec0c301468522 | Trojan Siggen |
BALL.EXE size: 315922 bytes
BALL.EXE hash: EE458BE8EF1950C232CEC0C301468522
Created files:
%WinDir%\Ball.exe
%WinDir%\temp\zk.exe
%Common Startmenu%\Programs\Startup\Ball.exe
%Temp%\IXP000.TMP\server.exe
Autostart registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0: rundll32.exe %WinDir%\System32\advpack.dll,DelNodeRunDLL32 “%Temp%\IXP000.TMP\”
HKLM\System\CurrentControlSet\Services\Ball\20111030213825\Group: MY VIp
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Ball: %WinDir%\Ball.exe
Detected by UnHackMe:
BALL.EXE
Default location: %WinDir%\BALL.EXE
Dropper information:
MD5: 64ada0f66869ffbf863ddd7355ab4375
File size: 216576 bytes