ATMPVCNO.EXE is Trojan Karagany.asx

Detected by UnHackMe:

ATMPVCNO.EXE
Default location: %SysDir%\atmpvcno.exe

Removal Results: Success
Number of reboot: 1

ATMPVCNO.EXE is known as:

Trojan.Karagany.asx, Packed.Execryptor, Trojan.Agent.Gen-ProxyBot, TrojWare.Downloader.Agent.USSS, Trojan.DownLoader6.59935, Backdoor.Hupigon.vnd (fs), BDS.ProxyBot.D.546, TrojanDownloader.Karagany.gb, TrojDownloader.Karagany.(kcloud), Backdoor.ProxyBot.D, Trojan.S.Agent.297472.C, a variant of Win32.ProxBot.B, Net-Worm.SillyFDC.rem, Trojan-Downloader.Karagany, W32.Karagany.ASX.tr.dldr, Win32.CryptExe.A

ATMPVCNO.EXE hash:

• MD5: c4aac50ca79213fb1060bf241f1d0a0b

Registry:

• HKLM\Software\Microsoft\Windows\CurrentVersion\Run\smwcore: “%SysDir%\atmpvcno.exe”

Files:

• %SysDir%\atmpvcno.exe
• %SysDir%\atmpvcno.nls