The file K64UA.EXE is a computer worm.
The worm K64UA.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other
computers.
You must fix the K64UA.EXE problem as soon as possible!
Delete the file K64UA.EXE from all infected computers in your network.
Set up your network firewall against K64UA.EXE intervention.
Malware Analysis of K64UA.EXE
Full path on a computer: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-34587154\k64ua.exe
Detected by UnHackMe:
K64UA.EXE
Default location: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-34587154\k64ua.exe
Removal Results: Success
Number of reboot: 1
K64UA.EXE is known as:
Worm.Ngrbot
K64UA.EXE hash:
- MD5: 8e0552b997ee1f4d64ade5996a788c5b
How to quickly detect K64UA.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-34587154\k64ua.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\kk6u3a: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-34587154\k64ua.exe”
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-34587154\k64ua.exe”
Folders:- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-34587154
Files:- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-34587154\Desktop.ini
- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-34587154\k64ua.exe