WINHE804.EXE is Trojan Yoddos

Is the file WINHE804.EXE located on your computer? Then your computer is infected.
We do suggest you should remove WINHE804.EXE from your computer as soon as possible.
WINHE804.EXE is Trojan/Backdoor.
Kill the process WINHE804.EXE and remove WINHE804.EXE from the Windows startup.

Malware Analysis of WINHE804.EXE
Full path on a computer: %SysDir%\WinHe804.exe

Detected by UnHackMe:

WINHE804.EXE
Default location: %SysDir%\WinHe804.exe

Removal Results: Success
Number of reboot: 1

WINHE804.EXE is known as:

Trojan.Yoddos

WINHE804.EXE hash:

  • MD5: cd7bc2189edaa6a08893b40eea0a8f0e
The file tries to connect to the dangerous web site.
How to quickly detect WINHE804.EXE presence?

Registry:
  • HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WIN804\0000\Service: “Win804″
  • HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WIN804\0000\DeviceDesc: “Windows804″
  • HKLM\System\CurrentControlSet\Services\Win804\ImagePath: “%SysDir%\WinHe804.exe”
  • HKLM\System\CurrentControlSet\Services\Win804\DisplayName: “Windows804″
  • HKLM\System\CurrentControlSet\Services\Win804\Description: “Windows Help System for804″
Files:
  • %SysDir%\WinHe804.exe

Fix it immediately!

Free Download

UnHackMe removes malware invisible for your antivirus!

Leave a Reply