The file ATNXWA4.EXE is a computer worm.
The worm ATNXWA4.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the ATNXWA4.EXE problem as soon as possible!
Delete the file ATNXWA4.EXE from all infected computers in your network.
Set up your network firewall against ATNXWA4.EXE intervention.
Malware Analysis of ATNXWA4.EXE
Full path on a computer: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814\atnxwa4.exe
Detected by UnHackMe:
ATNXWA4.EXE
Default location: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814\atnxwa4.exe
Removal Results: Success
Number of reboot: 1
ATNXWA4.EXE is known as:
Worm.Net-Kolab, Trojan.Agent.Gen-Dropper, TrojWare.Injector.BGJ, BackDoor.Gurl.2, Trojan.Agent.aaxv (v), TR.Lethic.B.100, Troj.Agent-AAXV, Backdoor.Azbreg.bqi, Worm[Net].Kolab, Troj.Undef.(kcloud), Trojan.Lethic.B, W32.Trojan.WLUI-7811, Trojan.HmBlocker, BScope.Backdoor.IRCBot.2122, Win32.Lethic.AA, Trojan.Ircbrute, W32.Injector.AEJX.tr, Trj.Zbot.M
ATNXWA4.EXE hash:
- MD5: daf89a52db48a6c178556fa54d82335a
Registry:- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814\atnxwa4.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\antaw4r4: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814\atnxwa4.exe”
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814\atnxwa4.exe”
Folders:- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814
Files:- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814\atnxwa4.exe
- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814\Desktop.ini