Solved! Use OFFICE TOOLS.EXE (Worm Vobfus) Removal Guide

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

OFFICE TOOLS.EXE – Worm Vobfus removal

FileMD5Virus Alias
OFFICE TOOLS.EXE 8b474678cc1604b6651b97cdcf5b0430 Worm Vobfus
OFFICE TOOLS.EXE 8b474678cc1604b6651b97cdcf5b0430 Trojan Generic
OFFICE TOOLS.EXE 8b474678cc1604b6651b97cdcf5b0430 Trojan Hllw
OFFICE TOOLS.EXE 8b474678cc1604b6651b97cdcf5b0430 Backdoor Maximus
OFFICE TOOLS.EXE 8b474678cc1604b6651b97cdcf5b0430 Trojan Agent
OFFICE TOOLS.EXE 8b474678cc1604b6651b97cdcf5b0430 Trojan Crypt

OFFICE TOOLS.EXE size: 25806 bytes
OFFICE TOOLS.EXE hash: 8B474678CC1604B6651B97CDCF5B0430

Created files:

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Office Tools.exe
C:\TEST.exe
%SysDir%\SVCH0ST.EXE
D:\TEST.exe
%Common Startmenu%\Programs\Startup\Office Tools.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\TEST.pif
%Temp%\TEST.EXE
%Startup%\Office Tools.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\run\Microsoft Agent: %WinDir%\System32\SVCH0ST.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: Explorer.exe %WinDir%/System32/SVCH0ST.EXE

Detected by UnHackMe:

OFFICE TOOLS.EXE
Default location: C:\DOCUMENTS AND SETTINGS\DEFAULT USER\START MENU\PROGRAMS\STARTUP\OFFICE TOOLS.EXE

Dropper information:
MD5: d837a3506b400017c4532e1e49380d89
File size: 32389 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images