Max Secure Software: Encyclopedia

Home / Spyware Encyclopedia / Exploit.IMG-WMF << Back

Recommendation to Automatically remove Exploit.IMG-WMF

Our products can remove Exploit.IMG-WMF and thousands of other Virus and Spyware automatically and instantly.

Exploit.IMG-WMF Details

Category Exploit
Discovered 1/8/2009 11:06:53 AM
Modified 9/3/2024 10:52:32 AM
Threat Level High
Category Description
Exploits use vulnerabilities in operating systems and applications to achieve the same result. Or in other words, this is a type of malware containing a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software. This frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial of service attack.

The following Files were created:

VALUE	FILESIZE	COMPANYNAME	VERSION	SIGNATURE
u.exe	454656	Simon Tatham	0.60.0.0	48ae1d4dc503ee1a5fe5bab7b77d5fcf
4dffb179.exe	21236	microsoft corporation	5.1.2600.2180	fe09b8df35c65711984b8f99cfcf952b
dbfcb564.exe	21236	microsoft corporation	5.1.2600.2180	7ffab551ff047c8136214eae4a8cb7dc
xx.exe	382408	0.004	1.0.0.0	25b06e9ba4e70be9f1838b3bf68054a8
6F57504B.EXE	18656		1, 0, 0, 1	a854ec36214cd9d425e31aba15a398c2
927E4CB0.DLL	51712			fd4aa2d0c3dba46a1c400fd8e238c42e
4FA904E2.EXE	9728			fca179b97b8b93882d7cb95aea18543f
xx.exe	79360			fc5891245b46079e3bebf0f54f73b31a
8a7bf533.exe	9728			fb4707e25675aa8716df0be59c140f52
5814CBC8.EXE	9728			f7de44cd7c20595d292635816754c2c8

The following Registry Entries were created:

..\Software\Microsoft\Windows NT\CurrentVersion\image file execution options\processsafe.exe\(Default)

..\Software\Microsoft\Windows NT\CurrentVersion\image file execution options\arswp.exe\(Default)

..\Software\Microsoft\Windows NT\CurrentVersion\image file execution options\ravstub.exe\(Default)

..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe\(Default)

..\Software\Microsoft\\"WinId"\"{A2C3051D-ED7F-428C-A391-A28BDECC668D}"

..\Software\Microsoft\Windows\CurrentVersion\Run\\"Windows Workstation Disc"\"%WIN.SYS32%\xx.exe"

..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RawCopy.exe\(Default)

..\Software\Microsoft\\"WinId"\"{D07D0198-48B3-42AB-AA6F-75EE0EA0CE1F}"

..\Software\Microsoft\\"WinId"\"{FF90D3C3-8411-4E74-A855-D12C15D7FED7}"

..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqdoctormain.exe\(Default)

Notice
Please note that the following information is not controlled or endorsed by Max Secure Software. They are captured automatically by tools in our malware Research Lab as a result of executing Spyware Files or browsing Internet in virtual environment. Please contact us if you find any information inappropriate for removal. All the work contained in this report is copyrighted and should not be copied without permission from Max Secure Antivirus. We do not recommend browsing or removing these entries on your own manually. We do not take any warranty against the use or result of the use of this information.

Home / Malware Encyclopedia << Back

Recommendation to Automatically remove Exploit.IMG-WMF

Exploit.IMG-WMF Details

Useful Links