NBBBBBB.EXE – Worm Palevo removal

NBBBBBB.EXE size: 28679 bytes
NBBBBBB.EXE hash: 241ED23768EE1E909C565CADB7E2F767

Created files:

%Program Files%\QQNews\QQNews.exe
%WinDir%\conime\iexplorer.exe
%WinDir%\conime\SSDT01.sys
%WinDir%\Cursors\taskhost.exe
%WinDir%\iklahbgj.exe
%WinDir%\kahiekjd.exe
%WinDir%\nabloskf.exe
%WinDir%\NBBBBBB.exe
%WinDir%\nlvabhdfj.exe
%WinDir%\pkablfn.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\S\Type: 01000000
HKLM\System\CurrentControlSet\Services\S\Start: 03000000
HKLM\System\CurrentControlSet\Services\S\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\S\DisplayName: S
HKLM\System\CurrentControlSet\Services\S\ImagePath: %WinDir%\conime\SSDT01.sys
HKLM\System\CurrentControlSet\Services\Schedulo\Type: 10010000
HKLM\System\CurrentControlSet\Services\Schedulo\Start: 02000000
HKLM\System\CurrentControlSet\Services\Schedulo\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Schedulo\DisplayName: Schedulo
HKLM\System\CurrentControlSet\Services\Schedulo\ImagePath: C:\Windows\Cursors\taskhost.exe Star
HKLM\System\CurrentControlSet\Services\Schedulo\ObjectName: LocalSystem
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\QQNews: “%Program Files%\QQNews\QQNews.exe” /r 
-Software\Microsoft\Wind

Detected by UnHackMe:

NBBBBBB.EXE
Default location: %WinDir%\NBBBBBB.EXE

Dropper information:
MD5: 0bc5efed3004d1d5e1fc01aeee32a0d1
File size: 1862493 bytes