EXPOR.EXE – Worm Autorun

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

EXPOR.EXE – Worm Autorun removal

FileMD5Virus Alias
EXPOR.EXE 4a8cc6f40bbb9dbb03bfd7943790086e Worm Autorun
EXPOR.EXE 4a8cc6f40bbb9dbb03bfd7943790086e Trojan SuspiciousFile
EXPOR.EXE 4a8cc6f40bbb9dbb03bfd7943790086e Trojan Generic
EXPOR.EXE 4a8cc6f40bbb9dbb03bfd7943790086e Trojan Hllw
EXPOR.EXE 4a8cc6f40bbb9dbb03bfd7943790086e Trojan Downloader
EXPOR.EXE 4a8cc6f40bbb9dbb03bfd7943790086e Trojan Agent

EXPOR.EXE size: 26112 bytes
EXPOR.EXE hash: 4A8CC6F40BBB9DBB03BFD7943790086E

Created files:

%TEMP%\011416.exe
%TEMP%\Expor.exe
%TEMP%\NtHid.sys

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\bits\Start: 02000000
HKLM\System\CurrentControlSet\Services\NtHid\Type: 01000000
HKLM\System\CurrentControlSet\Services\NtHid\Start: 03000000
HKLM\System\CurrentControlSet\Services\NtHid\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\NtHid\DisplayName: NtHid
HKLM\System\CurrentControlSet\Services\NtHid\ImagePath: %TEMP%\NtHid.sys

Detected by UnHackMe:

EXPOR.EXE
Default location: %TEMP%\EXPOR.EXE

Dropper information:
MD5: 49c5343a0cd8c6a22337cb18a58966d9
File size: 7383552 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images