DELLPLG.EXE – Worm AMN

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

DELLPLG.EXE – Worm AMN removal

File MD5 Virus Alias
DELLPLG.EXE 30f3680e007d924960fd65524de36601 Worm AMN

DELLPLG.EXE size: 731136 bytes
DELLPLG.EXE hash: 30F3680E007D924960FD65524DE36601

Created files:

C:\cleanup.exe
%SysDir%\dellplg.exe
%SysDir%\drivers\wrrwrl.sys
C:\zip.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Cleanup: C:\cleanup.exe
HKLM\System\CurrentControlSet\Services\kwgbzoa\ImagePath: 730079007300740065006D00330032005C0064007200690076006500720073005C00770072007200770072006C002E007300790073000000
HKLM\System\CurrentControlSet\Services\kwgbzoa\Type: 01000000
HKLM\System\CurrentControlSet\Services\kwgbzoa\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\kwgbzoa\kmeos: \??\%Program Files%\atzlnzup.txt
HKLM\System\CurrentControlSet\Services\kwgbzoa\sgbqb: %WinDir%
HKLM\System\CurrentControlSet\Services\kwgbzoa\fzifv: 60F50200
HKLM\System\CurrentControlSet\Services\kwgbzoa\Group: hwiycfo
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lansuport: “293E245045FDD797EB02FED2F948DF13.EXE” -no

Detected by UnHackMe:

DELLPLG.EXE
Default location: %SYSDIR%\DELLPLG.EXE

Dropper information:
MD5: 293e245045fdd797eb02fed2f948df13
File size: 958976 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images