WINKKG.EXE is Worm Klez

Detected by RegRun Warrior:

Item Name: AppInit_DLLs
Author: Unknown
Related File: Wqk.dll
Type: List of Injected DLLs

Item Name: Winkkg
Author:
Related File: %SYSDIR%\WINKKG.EXE
Type: Drivers

Removal Results: Success
Number of reboot: 1

WINKKG.EXE is known as:

Worm.Klez, EmailWorm, W32.Klez.F@MM, Trojan.Klez.fwai, W32.Klez.G@mm, NetworkWorm, Win32.Klez.F, Win32:Klez-E [Wrm], Worm.Klez.E-1, Email-Worm.Klez.g, I-Worm.Klez.G, Trojan.Agent.Gen-Klez, Worm.Klez.H, HLLM.Klez.2, Worm.Klez.E, W32.Klez-G, Win32.Virut.bn, Worm.Klez.G@mm, Win32.Klez.worm.G, MalwareScope.Worm.Klez.1, Email-Worm.Klez, Win32.Klez.H, Worm.Klez.j, Email-Worm.Klez.G, W32.Klez.fam@mm

WINKKG.EXE hash:

• MD5: c14651d28e981771f7c20dba139ed2d7

Registry:

• HKLM\System\CurrentControlSet\Services\Winkkg\Type: 0×00000110
• HKLM\System\CurrentControlSet\Services\Winkkg\Start: 0×00000002
• HKLM\System\CurrentControlSet\Services\Winkkg\ErrorControl: 0×00000000
• HKLM\System\CurrentControlSet\Services\Winkkg\ImagePath: “%SysDir%\Winkkg.exe”
• HKLM\System\CurrentControlSet\Services\Winkkg\DisplayName: “Winkkg”
• HKLM\System\CurrentControlSet\Services\Winkkg\ObjectName: “LocalSystem”

Folders:

• C:\Documents and Settings\NetworkService\Local Settings\Application Data\VMware

Files:

• C:\Documents and Settings\NetworkService\Local Settings\Application Data\VMware\hgfs.dat
• %Program Files%\Google\Chrome\Application\chrome.umu
• %Program Files%\Mozilla Firefox\firefox.kpd
• %Program Files%\VMware\VMware Tools\VMwareTray.ogt
• %Program Files%\WinRAR\WinRAR.yjx
• %SysDir%\dllcache\dwil1033.dll
• %SysDir%\Winkkg.exe
• %SysDir%\Wqk.dll
• %WinDir%\Temp\Abm2.exe
• %WinDir%\Temp\Jns1.exe
• %WinDir%\Temp\Zms2.exe