The file WINDOWS ANYTIME UPGRADE.EXE is malware related.
You must delete the file WINDOWS ANYTIME UPGRADE.EXE immediately!
Delete the file WINDOWS ANYTIME UPGRADE.EXE without delay!
Kill the process WINDOWS ANYTIME UPGRADE.EXE and remove WINDOWS ANYTIME UPGRADE.EXE from the Windows startup.
Malware Analysis of WINDOWS ANYTIME UPGRADE.EXE
Full path on a computer: %Startup%\Windows Anytime Upgrade.exe
Detected by UnHackMe:
WINDOWS ANYTIME UPGRADE.EXE
Default location: %Startup%\Windows Anytime Upgrade.exe
Removal Results: Success
Number of reboot: 1
WINDOWS ANYTIME UPGRADE.EXE is known as:
Trojan.Ransom.FE, Trojan.AutoRun.VB.xw, Trojan.Foreign.bffmnj, FakeCert.A, Win32.VBInject.EAM, WORM_OTORUN.JP, Trojan-Ransom.Foreign.xqx, Worm.AutoRun.bPgghCfneeM, Trojan.Agent.Gen-Undef, VirTool.VBInject.xqx (v), TR.Injector.ajf, Troj.Undef.(kcloud), VirTool.VBInject, Win32.AutoRun.VB.XW, Hoax.Foreign.xqx, Virus.VBInject, W32.Injector.ZYM.tr
WINDOWS ANYTIME UPGRADE.EXE hash:
- MD5: 01ba5333a490308cb4af4ec22b4913d5
The file tries to download information from some web sites.
How to quickly detect WINDOWS ANYTIME UPGRADE.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\97B88A2B383D6887CD65D2B07EAA88C6ECA6DCF5DE0F8659: “%Profile%\27F6471627473796E696D64614\winlogon.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\AB1CF5C8DADC183BDCF738D50DE8381989E1D825E4D0A781: “%Profile%\27F6471627473796E696D64614\winlogon.exe”
- HKLM\System\CurrentControlSet\Services\wscsvc\Start: 0×00000004
Folders:- %Profile%\27F6471627473796E696D64614
Files:- %Startup%\Windows Anytime Upgrade.exe
- %Programs%\Internet Explorer.exe
- %Startmenu%\Fax y Escaner de Windows.exe
- %Profile%\27F6471627473796E696D64614\winlogon.exe
- %Common Startmenu%\Programs\Startup\Windows Update.exe
- %Common Startmenu%\Programs\Windows Media Center.exe
- %Common Startmenu%\Windows DVD Maker.exe