WINDEFENDER.EXE – Worm Ainslot removal

File	MD5	Virus Alias
WINDEFENDER.EXE	34d6bf8f60f7d49b016174cb38905f1a	Worm Ainslot
WINDEFENDER.EXE	34d6bf8f60f7d49b016174cb38905f1a	Backdoor Blackshades
WINDEFENDER.EXE	34d6bf8f60f7d49b016174cb38905f1a	Backdoor Maximus
WINDEFENDER.EXE	34d6bf8f60f7d49b016174cb38905f1a	Trojan Agent
WINDEFENDER.EXE	34d6bf8f60f7d49b016174cb38905f1a	Trojan Swisyn
WINDEFENDER.EXE	34d6bf8f60f7d49b016174cb38905f1a	Trojan FakeAV

WINDEFENDER.EXE size: 466944 bytes
WINDEFENDER.EXE hash: 34D6BF8F60F7D49B016174CB38905F1A

Created files:

%AppData%\Windows\Sluts
%AppData%\Windows\WinDefender.exe

Autostart registry keys:

HKLM\Software\Microsoft\Active Setup\Installed Components\{D3FE15AD-77B9-AB4D-BBFF-ACBB9A36CBAD}\StubPath: %WinDir%\System32\config\Systemprofile\Application Data\Windows\WinDefender.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\WinDefender: %WinDir%\System32\config\Systemprofile\Application Data\Windows\WinDefender.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WinDefender: %WinDir%\System32\config\Systemprofile\Application Data\Windows\WinDefender.exe
HKCU\Software\Microsoft\Active Setup\Installed Components\{D3FE15AD-77B9-AB4D-BBFF-ACBB9A36CBAD}\StubPath: %WinDir%\System32\config\Systemprofile\Application Data\Windows\WinDefender.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WinDefender: %WinDir%\System32\config\Systemprofile\Application Data\Windows\WinDefender.exe

Detected by UnHackMe:

WINDEFENDER.EXE
Default location: %APPDATA%\WINDOWS\WINDEFENDER.EXE

Dropper information:
MD5: 34d6bf8f60f7d49b016174cb38905f1a
File size: 466944 bytes

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

WINDEFENDER.EXE – Worm Ainslot removal

Created files:

Autostart registry keys:

Detected by UnHackMe:

Leave a Reply Cancel reply