Is the file YDWZRO.EXE located on your computer? Then your computer is infected.
We do suggest you should remove YDWZRO.EXE from your computer as soon as possible.
YDWZRO.EXE is Trojan/Backdoor.
Kill the process YDWZRO.EXE and remove YDWZRO.EXE from the Windows startup.
Malware Analysis of YDWZRO.EXE
Full path on a computer: %Profile%\ydwzro.exe
Detected by UnHackMe:
Item Name: taskman
Author: Unknown
Related File: %PROFILE%\YDWZRO.EXE
Type: Winlogon System
Removal Results: Success
Number of reboot: 1
YDWZRO.EXE is known as:
Trojan.Rimecud.BB, EmailWorm, W32.Pilleuz.gen19, Rimecud.MBM, WORM_PALEVO.SMAG, Win32:Morphex [Cryp], Trojan.Kryptik.mzd (v), Mal.Palevo-A, Trojan.Rimecud.A, Win-Trojan.Kazy.83456.HL, BScope.P2P-Worm.Palevo, Malware.Pilleuz, a variant of Win32.Kryptik.AWZB, Virus.Cryptor, W32.KRYPTK.SMU2.tr, Win32.Cryptor, Trj.Rimecud.a
YDWZRO.EXE hash:
- MD5: fc349c0d58fbc49f1b82ab71d3be64d0
The file tries to connect to the dangerous web site.
How to quickly detect YDWZRO.EXE presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman: “%Profile%\ydwzro.exe”
Files:- %Profile%\ydwzro.exe