WINUPGRAD.EXE is Trojan Downloader.Banload

July 27, 2012 by NightWatcher
Filed under: Malware 
: Solved!

Fix it immediately:

We checked up the file WINUPGRAD.EXE and found it hazardous.
The file WINUPGRAD.EXE must be deleted from the system immediately.
Kill the process WINUPGRAD.EXE and remove WINUPGRAD.EXE from the Windows startup.

Malware Analysis of WINUPGRAD.EXE
Full path on a computer: %SysDir%\winupgrad.exe

Detected by UnHackMe:

Item Name: ASP.NET State Service
Author: Unknown
Related File: %SYSDIR%\WINUPGRAD.EXE
Type: Registry Run

Removal Results: Success
Number of reboot: 1

WINUPGRAD.EXE is known as:

Trojan.Downloader.Banload

WINUPGRAD.EXE hash:

  • MD5: 00e9f582ffb9f8f5f458512d61ab903a
The file tries to download information from some web sites.
How to quickly detect WINUPGRAD.EXE presence?

Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ASP.NET State Service: “%SysDir%\winupgrad.exe”
Files:
  • %SysDir%\winupgrad.exe
  • %SysDir%\winupgrade.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: Downloader.Banload, Trojan, WINUPGRAD.EXE

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.