Solved! Use WMGPHVODYJGVXCMC.EXE (Worm Autorun) Removal Guide

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

WMGPHVODYJGVXCMC.EXE – Worm Autorun removal

FileMD5Virus Alias
WMGPHVODYJGVXCMC.EXE 6a2ea8502fe92511e23ee5dd36e58490 Worm Autorun
WMGPHVODYJGVXCMC.EXE 6a2ea8502fe92511e23ee5dd36e58490 Trojan Generic
WMGPHVODYJGVXCMC.EXE 6a2ea8502fe92511e23ee5dd36e58490 Trojan MLW
WMGPHVODYJGVXCMC.EXE 6a2ea8502fe92511e23ee5dd36e58490 Trojan Eldorado
WMGPHVODYJGVXCMC.EXE 6a2ea8502fe92511e23ee5dd36e58490 Trojan Downloader
WMGPHVODYJGVXCMC.EXE 6a2ea8502fe92511e23ee5dd36e58490 Trojan Siggen

WMGPHVODYJGVXCMC.EXE size: 1040384 bytes
WMGPHVODYJGVXCMC.EXE hash: 6A2EA8502FE92511E23EE5DD36E58490

Created files:

%WinDir%\dupzshbrnzxnqwhyt.exe
%WinDir%\kecpldatshibhqeywjfx.exe
%WinDir%\mealfvqherqhlsewsd.exe
%WinDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\dupzshbrnzxnqwhyt.exe
%SysDir%\kecpldatshibhqeywjfx.exe
%SysDir%\mealfvqherqhlsewsd.exe
%SysDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\wmgphvodyjgvxcmc.exe
%SysDir%\xqnzulhzxlldiqdwtfa.exe
%SysDir%\zuthexvppfhbishcbpmfd.exe
%WinDir%\wmgphvodyjgvxcmc.exe
%WinDir%\xqnzulhzxlldiqdwtfa.exe
%WinDir%\zuthexvppfhbishcbpmfd.exe
%Temp%\dupzshbrnzxnqwhyt.exe
%Temp%\kecpldatshibhqeywjfx.exe
%Temp%\mealfvqherqhlsewsd.exe
%Temp%\qmmbztsnofidlwmiixvpoj.exe
%Temp%\wmgphvodyjgvxcmc.exe
%Temp%\xeppydn.exe
%Temp%\xheepzwwhro.exe
%Temp%\xqnzulhzxlldiqdwtfa.exe
%Temp%\zuthexvppfhbishcbpmfd.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mughrxip: xqnzulhzxlldiqdwtfa.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zenls: %Temp%\kecpldatshibhqeywjfx.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: kecpldatshibhqeywjfx.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\oaqvjtitkrkv: %Temp%\xqnzulhzxlldiqdwtfa.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: wmgphvodyjgvxcmc.exe .
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\rcrvirfpfld: %Temp%\xqnzulhzxlldiqdwtfa.exe .
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dmzbmtfnb: kecpldatshibhqeywjfx.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: %Temp%\xqnzulhzxlldiqdwtfa.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\wguxjrench: zuthexvppfhbishcbpmfd.exe .
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: %Temp%\zuthexvppfhbishcbpmfd.exe .

Detected by UnHackMe:

WMGPHVODYJGVXCMC.EXE
Default location: %SYSDIR%\WMGPHVODYJGVXCMC.EXE

Dropper information:
MD5: 6a2ea8502fe92511e23ee5dd36e58490
File size: 1040384 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images