Solved! Use SVCH0ST.EXE (Worm Vobfus) Removal Guide

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SVCH0ST.EXE – Worm Vobfus removal

File MD5 Virus Alias
SVCH0ST.EXE d7876030295d0c615efdabe63f97eb20 Worm Vobfus
SVCH0ST.EXE d7876030295d0c615efdabe63f97eb20 Trojan Generic
SVCH0ST.EXE d7876030295d0c615efdabe63f97eb20 Trojan Siggen
SVCH0ST.EXE d7876030295d0c615efdabe63f97eb20 Virus Sality
SVCH0ST.EXE d7876030295d0c615efdabe63f97eb20 Worm Pronny
SVCH0ST.EXE d7876030295d0c615efdabe63f97eb20 Trojan Crypt

SVCH0ST.EXE size: 47232 bytes
SVCH0ST.EXE hash: D7876030295D0C615EFDABE63F97EB20

Created files:

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ .exe
C:\My Shared Documents.exe
%WinDir%\system\wincirl.com
%SysDir%\SVCH0ST.EXE
D:\Recycled.exe
\\vboxsrv\in\TEST.exe
%Common Startmenu%\Programs\Startup\ .exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\TEST.exe
%Favorites%\Links\www.test.com
%Temp%\TEST.EXE
%Startup%\ .exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\run\Microsoft Agent: %WinDir%\System32\SVCH0ST.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: Explorer.exe %WinDir%/System32/SVCH0ST.EXE
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: %WinDir%/System/wincirl.com

Detected by UnHackMe:

SVCH0ST.EXE
Default location: %SYSDIR%\SVCH0ST.EXE

Dropper information:
MD5: d7876030295d0c615efdabe63f97eb20
File size: 47232 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images