RAVCPL64.EXE is Trojan BtcMine.30

June 7, 2012 by NightWatcher
Filed under: Malware 
: Solved!

Fix it immediately:

We checked up the file RAVCPL64.EXE and found it hazardous.
The file RAVCPL64.EXE must be deleted from the system immediately.
Kill the process RAVCPL64.EXE and remove RAVCPL64.EXE from the Windows startup.

Malware Analysis of RAVCPL64.EXE
Full path on a computer: %AppData%\Realtek Semiconductor\Realtek HD Audio Manager\1.0.0.653\RAVCpl64.exe

Detected by UnHackMe:

RAVCPL64.EXE
Default location: %AppData%\Realtek Semiconductor\Realtek HD Audio Manager\1.0.0.653\RAVCpl64.exe

Removal Results: Success
Number of reboot: 1

RAVCPL64.EXE is known as:

Trojan.BtcMine.30, Trojan.BitCoin

RAVCPL64.EXE hash:

  • MD5: 9aec3aed35ce9eee56ec9b06328e87e0
How to quickly detect RAVCPL64.EXE presence?

Registry:
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\RAVCpl64.exe: “%AppData%\Realtek Semiconductor\Realtek HD Audio Manager\1.0.0.653\RAVCpl64.exe”
Files:
  • %AppData%\Realtek Semiconductor\Realtek HD Audio Manager\1.0.0.653\RAVCpl64.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: BtcMine.30, RAVCPL64.EXE, Trojan

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.