We checked up the file DRIVE.EXE and found it hazardous.
The file DRIVE.EXE must be deleted from the system immediately.
Kill the process DRIVE.EXE and remove DRIVE.EXE from the Windows startup.
Malware Analysis of DRIVE.EXE
Full path on a computer: %WinDir%\Web\drive.exe
Detected by UnHackMe:
DRIVE.EXE
Default location: %WinDir%\Web\drive.exe
Removal Results: Success
Number of reboot: 1
DRIVE.EXE is known as:
Trojan.Multi
DRIVE.EXE hash:
- MD5: 7a4615d21acfdfcc258b3ce1bf6b8d93
How to quickly detect DRIVE.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Driver: “%WinDir%\Web\driver.exe”
Folders:- %Temp%\1.tmp
Files:- %Temp%\1.tmp\drive.exe
- %Temp%\1.tmp\driver.exe
- %Temp%\1.tmp\Elevate.exe
- %Temp%\1.tmp\Elevate.pdb
- %Temp%\1.tmp\libcurl.dll
- %Temp%\1.tmp\minerd.exe
- %Temp%\1.tmp\pthreadGC2.dll
- %Temp%\1.tmp\start.bat
- %Temp%\1.tmp\zlib1.dll
- %Common Startmenu%\Programs\Startup\driver.exe
- %WinDir%\Web\drive.exe
- %WinDir%\Web\driver.exe
- %WinDir%\Web\libcurl.dll
- %WinDir%\Web\minerd.exe
- %WinDir%\Web\pthreadGC2.dll
- %WinDir%\Web\zlib1.dll