The program MSGWG32.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with MSGWG32.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of MSGWG32.EXE
Full path on a computer: %SysDir%\msgwg32.exe
Detected by UnHackMe:
MSGWG32.EXE
Default location: %SysDir%\msgwg32.exe
Removal Results: Success
Number of reboot: 1
MSGWG32.EXE is known as:
Backdoor.Udr, Backdoor.Udr.EwW5NHJTxmo, W32.BackdoorX.GMX, Backdoor.Trojan, Udr.A, Win32.BackMan.A, Trojan.Udr, Backdoor.Udr.a, Trojan.Udr.csnpza, Backdoor.Udr.692018, Trojan.Agent.Gen-MSFake[Gen], PE:Backdoor.Udr.1173780587, Mal.Bckdr-G, Backdoor.Agent.~APN, BackDoor.Udr.1, Trojan.Udr.1, BDS.Udr.A, Backdoor.Udr.d, Trojan[Backdoor].Udr, Hack.Udr.B5.(kcloud), Backdoor.Small, W32.Backdoor.COLY-8496, OScope.Backdoor.Udr, Dialer.CKP, Win32.Agent.UDR, Backdoor.Udr.aa, W32.Udr.AT.tr, Backdoor.Agent.DF
MSGWG32.EXE hash:
- MD5: 6b2920cf90e10156162716284c54e327
- HKLM\Software\Microsoft\Active Setup\Installed Components\{AC332FF6-8B9A-11D5-EBA1-F78EEEEEE983}\StubPath: “msgwg32.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VCL: “vcl32.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\VCL: “vcl32.exe”
- HKLM\Software\Classes\exefile\shell\open\command\: “%SysDir%\concp32.exe “%1″ %*”
- %SysDir%\concp32.exe
- %SysDir%\explorer.exe
- %SysDir%\msgwg32.exe
- %SysDir%\vcl32.exe
- %WinDir%\spoolsv.exe