The file SDQW1WA.EXE is a computer worm.
The worm SDQW1WA.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other
computers.
You must fix the SDQW1WA.EXE problem as soon as possible!
Delete the file SDQW1WA.EXE from all infected computers in your network.
Set up your network firewall against SDQW1WA.EXE intervention.
Malware Analysis of SDQW1WA.EXE
Full path on a computer: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-419318475\sdqw1wa.exe
Detected by UnHackMe:
SDQW1WA.EXE
Default location: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-419318475\sdqw1wa.exe
Removal Results: Success
Number of reboot: 1
SDQW1WA.EXE is known as:
Worm.Hamweq, Trojan.Autoruner2.deakqv, Worm.Hamweq (A), HLLW.Autoruner2.1926, TR.Lethic.B.170, Worm.Hamweq.p.(kcloud), Trojan.Lethic.B, Worm.Ngrbot, Worm.Hamweq.aIC, a variant of Win32.Injector.BKFA, Trojan.Injector, Inject2.ASAB, Trj.Chgt.D
SDQW1WA.EXE hash:
- MD5: 232c87072575486b1fd5714f317709b8
How to quickly detect SDQW1WA.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-419318475\sdqw1wa.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\sfwwqqww12: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-419318475\sdqw1wa.exe”
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-419318475\sdqw1wa.exe”
Folders:- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-419318475
Files:- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-419318475\Desktop.ini
- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-419318475\sdqw1wa.exe