FJPARK8.EXE is Backboor Gurl.2

Detected by UnHackMe:

Item Name: shell
Author: Unknown
Related File: explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-85509\fjpark8.exe
Type: User Shell

Item Name: taskman
Author: Unknown
Related File: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-85509\FJPARK8.EXE
Type: Winlogon System

Item Name: fjpark9
Author: Unknown
Related File: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-85509\FJPARK8.EXE
Type: Registry Run

Item Name: FJPARK8.EXE
Author: Unknown
Related File: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-85509\FJPARK8.EXE
Type: Multi AV Detected Files

Removal Results: Success
Number of reboot: 1

FJPARK8.EXE is known as:

Backboor.Gurl.2, Trojan.Agent.aaxv (v), Troj.Agent-AAXV, Backdoor.Azbreg.bqi, Trj.Zbot.M, Trojan.Lethic.B, Trojan.Agent.Gen-IRCBot, Trojan.HmBlocker, W32.Trojan.WLUI-7811, BScope.Backdoor.IRCBot.2122, Win32.Injector.AEJX, Trojan.Ircbrute, W32.Injector.AEJX.tr

FJPARK8.EXE hash:

• MD5: 4cca12bea488186194717b7b122329b8

Registry:

• HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-85509\fjpark8.exe”
• HKCU\Software\Microsoft\Windows\CurrentVersion\Run\fjpark9: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-85509\fjpark8.exe”
• HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-85509\fjpark8.exe”

Folders:

• C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-85509

Files:

• C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-85509\Desktop.ini
• C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-85509\fjpark8.exe