We checked up the file MEMO.EXE and found it hazardous.
The file MEMO.EXE must be deleted from the system immediately.
Kill the process MEMO.EXE and remove MEMO.EXE from the Windows startup.
Malware Analysis of MEMO.EXE
Full path on a computer: %SysDir%\memo.exe
Detected by UnHackMe:
Item Name: userinit.exe
Author: Unknown
Related File: %SYSDIR%\MEMO.EXE
Type: Image Executions Debugger
Item Name: MEMO.EXE
Author: Unknown
Related File: %SYSDIR%\MEMO.EXE
Type: Multi AV Detected Files
Removal Results: Success
Number of reboot: 1
MEMO.EXE is known as:
Trojan.Bebloh, Trojan.Zeroaccess.g46, Trojan-Ransom.Blocker.bomu, Trojan.Blocker.HZLjhfsh0IM, Trojan.Agent.Gen-Bublik, Trojan.DownLoader9.44492, TR.Bublik.B.43, Mal.EncPk-AIT, Trojan.Bublik.B, Trojan.Bublik, Trojan.Zeroaccess, Win32.Spy.Bebloh.J, W32.Blocker.BOMU.tr
MEMO.EXE hash:
- MD5: 0d70023d5cffeea2c8d2b37b147a96a8
How to quickly detect MEMO.EXE presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe\Debugger: “%SysDir%\memo.exe”
Files:- %SysDir%\memo.exe
- %WinDir%\Temp\winwg.exe