The file twunk.exe is identified as the Trojan Program that is used for stealing bank information and users passwords.
Malware Analysis of twunk.exe
Executed: Extrato_Pedencias_Serasa.exe
Removed: twunk.exe. Full path: C:\Program Files\Common Files\twunk.exe

Item Name: twunk
Author: Unknown
Type: Registry Run

Removal Results: Success
Number of reboot: 1

How to quickly detect malware presence?

Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\twunk
Value: “C:\Program Files\Common Files\twunk.exe”

C:\Program Files\Common Files\1
C:\Program Files\Common Files\twunk.exe

Antivirus Version Last Update Result
F-Secure 9.0.16160.0 2011.02.23 Trojan.Generic.KD.139367
Kaspersky 2011.02.23 Trojan.Win32.Scar.doge
Microsoft 1.6502 2011.02.23 -
NOD32 5899 2011.02.23 Win32/Qhost.OGI


MD5 11979d5e54ef0f2d411710f3a5377ea5

SHA1 cdcdd780075cb80102f5c649b014518d09071eb4

SHA256 f4bdcaa14bf3d0430bdadaf08f2adb1e9e4ff35e1e8acd6c9ba6c3c3f707ef7f


When the program is executed, it creates the following registry subkeys and values:

Keys added:1

Values added:1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\twunk: “C:\Program Files\Common Files\twunk.exe”

Files added:2
C:\Program Files\Common Files\1
C:\Program Files\Common Files\twunk.exe

Total changes:4

    THANK YOU a million times over! I used these instructions to rid myself of this trojan with success! I’ve come across this one before, but not to the degree that it wouldn’t let me open my Task Manager or Programs. This was so helpful!!