AA_V3.EXE is Trojan RemoteAccess.AmmyyAdmin

November 22, 2012 by NightWatcher
Filed under: Malware 
: Solved!

You should Download Removal Tool here...

The file AA_V3.EXE is identified as a virus dropper.
The dropper AA_V3.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file AA_V3.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the AA_V3.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the AA_V3.EXE process and delete the file AA_V3.EXE.

Malware Analysis of AA_V3.EXE
Full path on a computer: %Temp%\AA_v3.exe

Detected by UnHackMe:

AA_V3.EXE
Default location: %Temp%\AA_v3.exe

Removal Results: Success
Number of reboot: 1

AA_V3.EXE is known as:

Trojan.RemoteAccess.AmmyyAdmin

AA_V3.EXE hash:

  • MD5: 3cd46aa0e216dc8a67a5a99499c1f7bb
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect AA_V3.EXE presence?

Folders:
  • %Common Appdata%\AMMYY
Files:
  • %Common Appdata%\AMMYY\hr
  • %Common Appdata%\AMMYY\hr3
  • %Common Appdata%\AMMYY\settings3.bin
  • %Temp%\AA_v3.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.