We checked some samples of MMQCMG.EXE and detected the file MMQCMG.EXE as threat.
Remove the MMQCMG.EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of MMQCMG.EXE
Full path on a computer: %SysDir%\mmqcmg.exe
Detected by UnHackMe:
MMQCMG.EXE
Default location: %SysDir%\mmqcmg.exe
Removal Results: Success
Number of reboot: 1
MMQCMG.EXE is known as:
Trojan.ServStart, Trojan.ServStart.bt, Trojan.Agent.cfjmyd, Nitol.A, Win.Trojan.Scarh, Trojan.Agent.zytc, Trojan.Agent.30720.CU, TrojWare.TrojanDownloader.Small.CO, DDoS.Rincux.362, Trojan.Scar.ab (v), Trj.Downloader.MDW, Trojan.MicroFake, Troj.Undef.(kcloud), DDoS.Nitol.A, Trojan.Agent.Gen-MSFake, Trojan.Mircofake, a variant of Win32.ServStart.BT, Trojan.Nitol.4937, W32.MicroFake.NQ.tr
MMQCMG.EXE hash:
- MD5: 8e7f7a4a794c6fbede17fb658bd1a0f6
How to quickly detect MMQCMG.EXE presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\6688\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
- HKLM\System\CurrentControlSet\Services\6688\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\6688\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\6688\ErrorControl: 0×00000000
- HKLM\System\CurrentControlSet\Services\6688\ImagePath: “%SysDir%\mmqcmg.exe”
- HKLM\System\CurrentControlSet\Services\6688\DisplayName: “9988″
- HKLM\System\CurrentControlSet\Services\6688\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\6688\Description: “7788″
Files:- %Temp%\SOFTWARE.LOG
- %SysDir%\mmqcmg.exe