Quantcast
Channel: How to Remove Malware
Viewing all articles
Browse latest Browse all 38585

MMAILS2.EXE is Worm Dorkbot

$
0
0

The file MMAILS2.EXE is a computer worm.
The worm MMAILS2.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the MMAILS2.EXE problem as soon as possible!
Delete the file MMAILS2.EXE from all infected computers in your network.
Set up your network firewall against MMAILS2.EXE intervention.

Malware Analysis of MMAILS2.EXE
Full path on a computer: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe

Detected by UnHackMe:

MMAILS2.EXE
Default location: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe

Removal Results: Success
Number of reboot: 1

MMAILS2.EXE is known as:

Worm.Dorkbot, TrojWare.Kryptik.AFZP, TR.Barys.2588.JH.1, W32.SillyFDC-HN, Worm.Dorkbot.A, Trojan.Agent.42496.CB, Worm.Kolab, Trojan.Krypt.13205, W32.Zbot.CGZF.tr

MMAILS2.EXE hash:

  • MD5: 24a483c962091218ca872a52b7f3af91
The file tries to connect to the dangerous web site.
How to quickly detect MMAILS2.EXE presence?
Registry:
  • HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\emails5: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe”
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe”
Folders:
  • C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069
Files:
  • C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\Desktop.ini
  • C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe


Viewing all articles
Browse latest Browse all 38585

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>