VSCOVER.EXE is Trojan Agent

June 13, 2012 by NightWatcher
Filed under: Malware 
: Solved!

Fix it immediately:

We checked up the file VSCOVER.EXE and found it hazardous.
The file VSCOVER.EXE must be deleted from the system immediately.
Kill the process VSCOVER.EXE and remove VSCOVER.EXE from the Windows startup.

Malware Analysis of VSCOVER.EXE
Full path on a computer: %Templates%\VSCover.exe

Detected by UnHackMe:

VSCOVER.EXE
Default location: %Templates%\VSCover.exe

Removal Results: Success
Number of reboot: 1

VSCOVER.EXE is known as:

Trojan.Agent, Trojan.Siggen4

VSCOVER.EXE hash:

  • MD5: 88efb29cf9b0fa5ed904597641e99ab0
How to quickly detect VSCOVER.EXE presence?

Registry:
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Google Inc: “%AppData%\svchost.exe”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft? Windows? Operating System: “%Templates%\VSCover.exe”
Files:
  • %AppData%\svchost.exe
  • %Temp%\D3D8THK.exe
  • %Templates%\VSCover.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: Agent, Trojan, VSCOVER.EXE

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.