Solved! Use BARBER.EXE (Worm Autorun) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

BARBER.EXE – Worm Autorun removal

FileMD5Virus Alias
BARBER.EXE 84d8f06cd46c6eb102f8c8a293621140 Worm Autorun
BARBER.EXE 84d8f06cd46c6eb102f8c8a293621140 Trojan Generic
BARBER.EXE 84d8f06cd46c6eb102f8c8a293621140 Trojan Siggen
BARBER.EXE 84d8f06cd46c6eb102f8c8a293621140 Trojan Agent

BARBER.EXE size: 50441 bytes
BARBER.EXE hash: 84D8F06CD46C6EB102F8C8A293621140

Created files:

C:\FOUND.007.exe
C:\Msvbvm60.dll
%WinDir%\AE 0124 BE.exe
%WinDir%\AppPatch\AcAdProc.dll
%WinDir%\AppPatch\AcGenral.dll
%WinDir%\AppPatch\AcLayers.dll
%WinDir%\AppPatch\AcLua.dll
%WinDir%\AppPatch\AcSpecfc.dll
%WinDir%\AppPatch\AcXtrnal.dll
%WinDir%\AppPatch\apphelp.sdb
%WinDir%\AppPatch\apph_sp.sdb
%WinDir%\AppPatch\drvmain.sdb
%WinDir%\AppPatch\msimain.sdb
%WinDir%\AppPatch\sysmain.sdb
%WinDir%\Blue Lace 16.exe
%WinDir%\Coffee Bean.exe
%WinDir%\Cursors\appstar2.exe
%WinDir%\Cursors\appstar3.exe
%WinDir%\Cursors\appstart.exe
%WinDir%\Cursors\banana.exe
%WinDir%\Cursors\barber.exe
%WinDir%\Cursors\coin.exe
%WinDir%\Cursors\Msvbvm60.dll
%WinDir%\explorer.exe
%WinDir%\explorer.scf
%WinDir%\FeatherTexture.exe
%WinDir%\Gone Fishing.exe
%WinDir%\Greenstone.exe
%WinDir%\hh.exe
%WinDir%\imsins.BAK
%WinDir%\Msvbvm60.dll
%WinDir%\NOTEPAD.EXE
%WinDir%\Prairie Wind.exe
%WinDir%\regedit.exe
%WinDir%\REGLOCS.OLD
%WinDir%\Rhododendron.exe
%WinDir%\River Sumida.exe
%WinDir%\Santa Fe Stucco.exe
%WinDir%\Soap Bubbles.exe
%SysDir%\drivers\Msvbvm60.dll
%SysDir%\drivers\winlogon.exe
%SysDir%\Msvbvm60.dlll
%WinDir%\TASKMAN.EXE
%WinDir%\twain.dll
%WinDir%\twain_32.dll
%WinDir%\twunk_16.exe
%WinDir%\twunk_32.exe
%WinDir%\vmmreg32.dll
%WinDir%\winhelp.exe
%WinDir%\winhlp32.exe
%WinDir%\winnt.exe
%WinDir%\winnt256.exe
%WinDir%\WMSysPr9.prx
%WinDir%\Zapotec.exe
%WinDir%\_default.pif
D:\FOUND.007.exe
D:\Msvbvm60.dll

Detected by UnHackMe:

BARBER.EXE
Default location: %WinDir%\CURSORS\BARBER.EXE

Dropper information:
MD5: 6a5c88f4e435a86fef4cf139952a9f95
File size: 41826 bytes

Leave a Reply