We checked up the file WINDOWSUPDATERVGV1R31.CPL and found it hazardous.
The file WINDOWSUPDATERVGV1R31.CPL must be deleted from the system immediately.
Kill the process WINDOWSUPDATERVGV1R31.CPL and remove WINDOWSUPDATERVGV1R31.CPL from the Windows startup.
Malware Analysis of WINDOWSUPDATERVGV1R31.CPL
Full path on a computer: %Startup%\WindowsUpdateRVGv1r31.cpl
Detected by UnHackMe:
WINDOWSUPDATERVGV1R31.CPL
Default location: %Startup%\WindowsUpdateRVGv1r31.cpl
Removal Results: Success
Number of reboot: 1
WINDOWSUPDATERVGV1R31.CPL is known as:
Trojan.Cossta, a variant of Win32.TrojanDownloader.Banload.SIM, Downloader.Banload2.EBK, Trojan.Banload.SIM
WINDOWSUPDATERVGV1R31.CPL hash:
- MD5: 3eda486adddb9f15711949604459618c
The file tries to connect to the dangerous web site.
How to quickly detect WINDOWSUPDATERVGV1R31.CPL presence?
Files:
- %Appdata%\controle.txt
- %Appdata%\Install.cpl
- %Appdata%\Passo1N.bat
- %Startup%\WindowsUpdateRVGv1r31.cpl