Solved! Use MY SHARED DOCUMENTS.EXE (Worm Vobfus) Removal Guide

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

MY SHARED DOCUMENTS.EXE – Worm Vobfus removal

File MD5 Virus Alias
MY SHARED DOCUMENTS.EXE 724f6ac07e70c802ec319d4885a0895e Worm Vobfus
MY SHARED DOCUMENTS.EXE 724f6ac07e70c802ec319d4885a0895e Trojan Generic
MY SHARED DOCUMENTS.EXE 724f6ac07e70c802ec319d4885a0895e Trojan Siggen
MY SHARED DOCUMENTS.EXE 724f6ac07e70c802ec319d4885a0895e Worm Pronny
MY SHARED DOCUMENTS.EXE 724f6ac07e70c802ec319d4885a0895e Trojan Crypt

MY SHARED DOCUMENTS.EXE size: 47494 bytes
MY SHARED DOCUMENTS.EXE hash: 724F6AC07E70C802EC319D4885A0895E

Created files:

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ .exe
C:\My Shared Documents.exe
%WinDir%\system\wincirl.com
%SysDir%\SVCH0ST.EXE
D:\Recycled.exe
\\vboxsrv\in\TEST.exe
%Common Startmenu%\Programs\Startup\ .exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\TEST.exe
%Favorites%\Links\www.test.com
%Temp%\TEST.EXE
%Startup%\ .exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\run\Microsoft Agent: %WinDir%\System32\SVCH0ST.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: Explorer.exe %WinDir%/System32/SVCH0ST.EXE
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: %WinDir%/System/wincirl.com

Detected by UnHackMe:

MY SHARED DOCUMENTS.EXE
Default location: C:\MY SHARED DOCUMENTS.EXE

Dropper information:
MD5: d7876030295d0c615efdabe63f97eb20
File size: 47232 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images