KSCAN.EXE – Worm Autorun

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

KSCAN.EXE – Worm Autorun removal

FileMD5Virus Alias
KSCAN.EXE be0dc4cb00a86c2a10475e38522ee817 Worm Autorun
KSCAN.EXE be0dc4cb00a86c2a10475e38522ee817 Trojan SuspiciousFile
KSCAN.EXE be0dc4cb00a86c2a10475e38522ee817 Trojan Eldorado
KSCAN.EXE be0dc4cb00a86c2a10475e38522ee817 Trojan Magania
KSCAN.EXE be0dc4cb00a86c2a10475e38522ee817 Trojan Siggen
KSCAN.EXE be0dc4cb00a86c2a10475e38522ee817 Trojan Agent

KSCAN.EXE size: 101376 bytes
KSCAN.EXE hash: BE0DC4CB00A86C2A10475E38522EE817

Created files:

%WinDir%\819E31C7\svchsot.exe
%SysDir%\kscan.exe
%TEMP%\ctfmov.exe
%TEMP%\Server.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\819E31C7: %WinDir%\819E31C7\svchsot.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run : %WinDir%\System32\kscan.exe
HKLM\System\CurrentControlSet\Services\Nationaljrq\Type: 10010000
HKLM\System\CurrentControlSet\Services\Nationaljrq\Start: 02000000
HKLM\System\CurrentControlSet\Services\Nationaljrq\DisplayName: Nationalyta Instruments Domain Service
HKLM\System\CurrentControlSet\Services\Nationaljrq\ImagePath: %WinDir%\System32\kscan.exe
HKLM\System\CurrentControlSet\Services\Nationaljrq\Description: Providesmid a domain server for NI security.

Detected by UnHackMe:

KSCAN.EXE
Default location: %SYSDIR%\KSCAN.EXE

Dropper information:
MD5: d782d59f13c6237164473fe67237d7bd
File size: 174592 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images