WINHE804.EXE is Trojan Yoddos

February 25, 2012 by NightWatcher
Filed under: Malware 
: Solved!

You should Download Removal Tool here...

Is the file WINHE804.EXE located on your computer? Then your computer is infected.
We do suggest you should remove WINHE804.EXE from your computer as soon as possible.
WINHE804.EXE is Trojan/Backdoor.
Kill the process WINHE804.EXE and remove WINHE804.EXE from the Windows startup.

Malware Analysis of WINHE804.EXE
Full path on a computer: %SysDir%\WinHe804.exe

Detected by UnHackMe:

WINHE804.EXE
Default location: %SysDir%\WinHe804.exe

Removal Results: Success
Number of reboot: 1

WINHE804.EXE is known as:

Trojan.Yoddos

WINHE804.EXE hash:

  • MD5: cd7bc2189edaa6a08893b40eea0a8f0e
The file tries to connect to the dangerous web site.
How to quickly detect WINHE804.EXE presence?

Registry:
  • HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WIN804\0000\Service: “Win804″
  • HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WIN804\0000\DeviceDesc: “Windows804″
  • HKLM\System\CurrentControlSet\Services\Win804\ImagePath: “%SysDir%\WinHe804.exe”
  • HKLM\System\CurrentControlSet\Services\Win804\DisplayName: “Windows804″
  • HKLM\System\CurrentControlSet\Services\Win804\Description: “Windows Help System for804″
Files:
  • %SysDir%\WinHe804.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.