UOOBQWE.EXE is Trojan PWS.Gamania.41448

Detected by UnHackMe:

UOOBQWE.EXE
Default location: %Program Files%\Windows Pxkcqk\Uoobqwe.exe

Removal Results: Success
Number of reboot: 1

UOOBQWE.EXE is known as:

Trojan.PWS.Gamania.41448, probably a variant of Win32.Fusing.BB, Trojan.KillAV

UOOBQWE.EXE hash:

• MD5: 07a6b568d8bdb758567ef8081da34466

Registry:

• HKLM\System\CurrentControlSet\Services\Wsayoz ooclxiam\ReleiceName: “Ybjhku ziwfku”
• HKLM\System\CurrentControlSet\Services\Ybjhku ziwfku\ConnectGroup: “76″
• HKLM\System\CurrentControlSet\Services\Ybjhku ziwfku\MarkTime: “2013-09-06 02:36″
• HKLM\System\CurrentControlSet\Services\Ybjhku ziwfku\Type: 0×00000110
• HKLM\System\CurrentControlSet\Services\Ybjhku ziwfku\Start: 0×00000002
• HKLM\System\CurrentControlSet\Services\Ybjhku ziwfku\ErrorControl: 0×00000000
• HKLM\System\CurrentControlSet\Services\Ybjhku ziwfku\ImagePath: “%Program Files%\Windows Pxkcqk\Uoobqwe.exe”
• HKLM\System\CurrentControlSet\Services\Ybjhku ziwfku\DisplayName: “Mtizwq mujuasee”
• HKLM\System\CurrentControlSet\Services\Ybjhku ziwfku\ObjectName: “LocalSystem”
• HKLM\System\CurrentControlSet\Services\Ybjhku ziwfku\Description: “Puqefm evwcmkai rcaqmuvyink”

Folders:

• C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3PCMMHXU
• C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LUIIOHEM
• %Program Files%\Windows Pxkcqk

Files:

• C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3PCMMHXU\1220426[1].htm
• C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3PCMMHXU\1220426[2].htm
• C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3PCMMHXU\desktop.ini
• C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LUIIOHEM\desktop.ini
• %Program Files%\Windows Pxkcqk\Uoobqwe.exe