Solved! Use WINWORD.DOC.EXE (Worm Autoit) Removal Guide

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

WINWORD.DOC.EXE – Worm Autoit removal

FileMD5Virus Alias
WINWORD.DOC.EXE cbdbb41a099de97e133863b1d5751d3d Worm Autoit
WINWORD.DOC.EXE cbdbb41a099de97e133863b1d5751d3d Backdoor Bredolab
WINWORD.DOC.EXE cbdbb41a099de97e133863b1d5751d3d Trojan Generic
WINWORD.DOC.EXE cbdbb41a099de97e133863b1d5751d3d Trojan Runner
WINWORD.DOC.EXE cbdbb41a099de97e133863b1d5751d3d Trojan Downloader
WINWORD.DOC.EXE cbdbb41a099de97e133863b1d5751d3d Worm Sohanat

WINWORD.DOC.EXE size: 261731 bytes
WINWORD.DOC.EXE hash: CBDBB41A099DE97E133863B1D5751D3D

Created files:

C:\Documents and Settings\Default User\Templates\winword.doc.exe
C:\Documents and Settings\Default User\Templates\winword.nal
C:\Documents and Settings\Default User\Templates\winword2.doc.exe
C:\Documents and Settings\Default User\Templates\winword2.nal
%SysDir%\driizbmv.exe
%SysDir%\msvbvm50.900
%SysDir%\msvbvm60.491
%SysDir%\ooywllhtot.exe
%SysDir%\pckhar.exe
%SysDir%\xqfmljohaznwr.exe
%SysDir%\xuldvjgzzlifkbd.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\luxewpxk: ooywllhtot.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\fjzpqtkf: xuldvjgzzlifkbd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run : xqfmljohaznwr.exe
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname: VirusBenci
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\NV Hostname: VirusBenci

Detected by UnHackMe:

WINWORD.DOC.EXE
Default location: C:\DOCUMENTS AND SETTINGS\DEFAULT USER\TEMPLATES\WINWORD.DOC.EXE

Dropper information:
MD5: 18bee1f435828d5aa5d8f6f7ce81d84e
File size: 261699 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images