WMPRWISE.EXE – trojan Nedsym

I use UnHackMe for cleaning adware and viruses from my friend's computers, because it is extremely fast and effective.

Download free e-book [PDF]: "How to Easily Remove Malware with UnHackMe"

Join us on Facebook
Click to Download
Solved! The issue has been fixed!
5 Stars (5 / 5)


We checked up the file WMPRWISE.EXE and found it hazardous.
The file WMPRWISE.EXE must be deleted from the system immediately.
Kill the process WMPRWISE.EXE and remove WMPRWISE.EXE from the Windows startup.

Malware Analysis of WMPRWISE.EXE
Executed: C:\sand-box\23.exe
Removed: WMPRWISE.EXE. Full path: C:\Documents and Settings\Administrator\Application Data\WMPRWISE.EXE

—————————————————————————————————————————-
Detected by UnHackMe:


Your Vote?
0 0

Item Name: Microsoft Firewall 2.9
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WMPRWISE.EXE
Type: Registry Run

Item Name: WMPRWISE.EXE
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WMPRWISE.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

—————————————————————————————————————————-
How to quickly detect malware presence?

Registry: HKCU\Software\Microsoft\Widows\CurrentVersion\Run\Microsoft Firewall 2.9
Value: “C:\Documents and Settings\Administrator\Application Data\WMPRWISE.EXE”

Files:
C:\Documents and Settings\Administrator\Application Data\ntuser.dat
C:\Documents and Settings\Administrator\Application Data\WMPRWISE.EXE
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.16160.0 2011.03.01 Gen:Variant.Kazy.8275
Kaspersky 7.0.0.125 2011.03.01 Trojan.Win32.Pakes.oqu
Microsoft 1.6603 2011.03.01 Trojan:Win32/Nedsym.G
NOD32 5915 2011.02.28 a variant of Win32/Extats.A

—————————————————————————————————————————-

MD5 e481c289782427f8122f393b9411a494

SHA1 3dd55afd31c31978650a23133b3612d62422ec3a

SHA256 c5b0a7ca9e8db7fd4091e06f232f4e6d853df87ed492d50e2deaa0a0ceb07ef5

—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Values added:2
———————————-
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\SavedLegacySettingsML: 36 33 37 34 32 37 30 31 32
HKCU\Software\Microsoft\Widows\CurrentVersion\Run\Microsoft Firewall 2.9: “C:\Documents and Settings\Administrator\Application Data\WMPRWISE.EXE”

———————————-
Files added:2
———————————-
C:\Documents and Settings\Administrator\Application Data\ntuser.dat
C:\Documents and Settings\Administrator\Application Data\WMPRWISE.EXE

———————————-
Files deleted:1
———————————-
C:\sand-box\23.exe

———————————-
Files [attributes?] modified:1
———————————-
C:\Documents and Settings\Administrator\Application Data\desktop.ini

———————————-
Total changes:6
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


I use UnHackMe for cleaning adware and viruses from my friend's computers, because it is extremely fast and effective.

Download it here




1. Download UnHackMe for free

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

2. Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed has installed the first Scan will start automatically

Review the detected threats

3. Carefully review the detected threats!

Click Remove button or False Positive.

What to do if you are unable to solve a problem?

UnHackMe Remote Assistant
  1. Open UnHackMe main screen.
  2. Click on a Remote Assistant button.
  3. Follow instructions on a screen.
  4. We will contact you and send a solution of your problem.
  5. Remote assistance is free during trial period.

Enjoy!