EXPOR.EXE – Worm Autorun

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

EXPOR.EXE – Worm Autorun removal

FileMD5Virus Alias
EXPOR.EXE 4a8cc6f40bbb9dbb03bfd7943790086e Worm Autorun
EXPOR.EXE 4a8cc6f40bbb9dbb03bfd7943790086e Trojan SuspiciousFile
EXPOR.EXE 4a8cc6f40bbb9dbb03bfd7943790086e Trojan Generic
EXPOR.EXE 4a8cc6f40bbb9dbb03bfd7943790086e Trojan Hllw
EXPOR.EXE 4a8cc6f40bbb9dbb03bfd7943790086e Trojan Downloader
EXPOR.EXE 4a8cc6f40bbb9dbb03bfd7943790086e Trojan Agent

EXPOR.EXE size: 26112 bytes
EXPOR.EXE hash: 4A8CC6F40BBB9DBB03BFD7943790086E

Created files:

%TEMP%\Expor.exe
%TEMP%\NtHid.sys

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\bits\Start: 02000000
HKLM\System\CurrentControlSet\Services\NtHid\Type: 01000000
HKLM\System\CurrentControlSet\Services\NtHid\Start: 03000000
HKLM\System\CurrentControlSet\Services\NtHid\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\NtHid\DisplayName: NtHid
HKLM\System\CurrentControlSet\Services\NtHid\ImagePath: %TEMP%\NtHid.sys

Detected by UnHackMe:

EXPOR.EXE
Default location: %TEMP%\EXPOR.EXE

Dropper information:
MD5: d71dd57926ba566da1373952d8bbfbf5
File size: 3046400 bytes

Leave a Reply