Solved! Use WINWORD.DOC.EXE (Worm Autoit) Removal Guide

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

WINWORD.DOC.EXE – Worm Autoit removal

File MD5 Virus Alias
WINWORD.DOC.EXE 4526ce1fd746ac31c73572c6a4915d13 Worm Autoit
WINWORD.DOC.EXE 4526ce1fd746ac31c73572c6a4915d13 Trojan Generic
WINWORD.DOC.EXE 4526ce1fd746ac31c73572c6a4915d13 Worm Sohanat
WINWORD.DOC.EXE 4526ce1fd746ac31c73572c6a4915d13 Worm Autorun
WINWORD.DOC.EXE 4526ce1fd746ac31c73572c6a4915d13 Trojan Agent
WINWORD.DOC.EXE 4526ce1fd746ac31c73572c6a4915d13 Trojan AVKill

WINWORD.DOC.EXE size: 261627 bytes
WINWORD.DOC.EXE hash: 4526CE1FD746AC31C73572C6A4915D13

Created files:

C:\Documents and Settings\Default User\Templates\winword.doc.exe
%SysDir%\bgbqqlbkvkjfnms.exe
%SysDir%\iijelqvqmo.exe
%SysDir%\kbjvehlp.exe
%SysDir%\msvbvm50.483
%SysDir%\msvbvm60.587
%SysDir%\pckhar.exe
%SysDir%\zrqjkigxysjly.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nywlcmdk: iijelqvqmo.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\fokdiazn: bgbqqlbkvkjfnms.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run : zrqjkigxysjly.exe
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname: VirusBenci
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\NV Hostname: VirusBenci

Detected by UnHackMe:

WINWORD.DOC.EXE
Default location: C:\DOCUMENTS AND SETTINGS\DEFAULT USER\TEMPLATES\WINWORD.DOC.EXE

Dropper information:
MD5: 3edfacf1296ce92567454faae213417f
File size: 261612 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images