I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
NOD1.EXE – Worm Autorun removal
| File | MD5 | Virus Alias |
|---|---|---|
| NOD1.EXE | 053f9a3a2a2cf002df34200121b62804 | Worm Autorun |
| NOD1.EXE | 053f9a3a2a2cf002df34200121b62804 | Trojan Generic |
| NOD1.EXE | 053f9a3a2a2cf002df34200121b62804 | Trojan Eldorado |
| NOD1.EXE | 053f9a3a2a2cf002df34200121b62804 | Trojan Downloader |
| NOD1.EXE | 053f9a3a2a2cf002df34200121b62804 | Trojan CI |
| NOD1.EXE | 053f9a3a2a2cf002df34200121b62804 | Backdoor Hupigon |
NOD1.EXE size: 22016 bytes
NOD1.EXE hash: 053F9A3A2A2CF002DF34200121B62804
Created files:
C:\misc.sys
%SysDir%\actmov.exe
%TEMP%\Bindok.exe
%TEMP%\IXP000.TMP\nod1.exe
%TEMP%\IXP000.TMP\SDT56218.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\ReStoreSdtSvc\Type: 01000000
HKLM\System\CurrentControlSet\Services\ReStoreSdtSvc\Start: 03000000
HKLM\System\CurrentControlSet\Services\ReStoreSdtSvc\DisplayName: ReStoreSdtSvc
HKLM\System\CurrentControlSet\Services\ReStoreSdtSvc\ImagePath: C:\misc.sys
HKLM\System\CurrentControlSet\Services\Windowsactmov\Type: 10010000
HKLM\System\CurrentControlSet\Services\Windowsactmov\Start: 02000000
HKLM\System\CurrentControlSet\Services\Windowsactmov\DisplayName: Performance Logs and Ale
HKLM\System\CurrentControlSet\Services\Windowsactmov\ImagePath: %WinDir%\System32\actmov.exe
Detected by UnHackMe:
NOD1.EXE
Default location: %TEMP%\IXP000.TMP\NOD1.EXE
Dropper information:
MD5: 16216c8dbd358031dbdee98fb1960c68
File size: 1272124 bytes