We checked up the file 134901.EXE and found it hazardous.
The file 134901.EXE must be deleted from the system immediately.
Kill the process 134901.EXE and remove 134901.EXE from the Windows startup.
Malware Analysis of 134901.EXE
Full path on a computer: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1233896\134901.exe
Detected by UnHackMe:
Item Name: shell
Author: Unknown
Related File: explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1233896\134901.exe
Type: User Shell
Item Name: taskman
Author: Unknown
Related File: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1233896\134901.EXE
Type: Winlogon System
Item Name: 1233901
Author:
Current Setting: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1233896\134901.EXE
Type: Registry Run
Removal Results: Success
Number of reboot: 1
134901.EXE is known as:
Trojan.Gurl, Worm.Net-Kolab.68231, Trojan.Agent.Gen-Undef, TrojWare.Injector.BGJ, BackDoor.Gurl.2, Trojan.Agent.aaxv (v), Troj.Agent-AAXV, Backdoor.Azbreg.bqi, Worm[Net].Kolab, Troj.Undef.(kcloud), Trojan.Lethic.B, Trojan.HmBlocker, W32.Trojan.WLUI-7811, BScope.Backdoor.IRCBot.2122, Trj.Zbot.M, Win32.Injector.AEJX, Trojan.Ircbrute, W32.Injector.AEJX.tr
134901.EXE hash:
- MD5: 9d9211f1b3e2bde188a135af4513ee85
Registry:- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1233896\134901.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\1233901: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1233896\134901.exe”
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1233896\134901.exe”
Folders:- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1233896
Files:- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1233896\134901.exe
- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1233896\Desktop.ini