The program WINUPDATA.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with WINUPDATA.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of WINUPDATA.EXE
Full path on a computer: %SysDir%\MSDCSC\WinUpdata.exe
Detected by UnHackMe:
Item Name: UserInit
Author: Unknown
Related File: %SysDir%\userinit.exe,%SysDir%\MSDCSC\WinUpdata.exe
Type: UserInit Value
Item Name: WinUpdate
Author: Microsoft Corp.
Related File: %SYSDIR%\MSDCSC\WINUPDATA.EXE
Type: Registry Run
Item Name: WINUPDATA.EXE
Author: Microsoft Corp.
Related File: %SYSDIR%\MSDCSC\WINUPDATA.EXE
Type: Multi AV Detected Files
Removal Results: Success
Number of reboot: 1
WINUPDATA.EXE is known as:
Backdoor.Fynloski.A9, Backdoor.Agent.DCRSAGen, Backdoor, Trojan.Comet.ssmau, Backdoor.Graybird, DarkComet.F, WIN.Trojan.DarkKomet, Backdoor.DarkKomet.xyk, Backdoor.Fynloski, Backdoor.Agent.XAB, BackDoor.Comet.152, Backdoor.Fynloski.A (v), BDS.DarkKomet.GR, Troj.Backdr-ID, Hack.HuigeziT.cz, Backdoor.Fynloski.A, Backdoor.Agent.674304.A, Backdoor.DarkKomet, Backdoor.Graybird.rem, Win32.Fynloski.AA, Backdoor.Pontoeb.4DF0, Trojan.CDur, W32.Fynloski.XA.tr, BackDoor.Delf.DMT
WINUPDATA.EXE hash:
- MD5: 19073d7b3228f189ec8c0d1cb232260c
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WinUpdate: “%SysDir%\MSDCSC\WinUpdata.exe”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “%SysDir%\userinit.exe,%SysDir%\MSDCSC\WinUpdata.exe”
Folders:- %Appdata%\dclogs
- %SysDir%\MSDCSC
Files:- %SysDir%\MSDCSC\WinUpdata.exe