WSMANHTTPCONFIG.EXE is Trojan Dropper.Dapato

July 11, 2012 by NightWatcher
Filed under: Malware 
: Solved!

Fix it immediately:

Is the file WSMANHTTPCONFIG.EXE located on your computer? Then your computer is infected.
We do suggest you should remove WSMANHTTPCONFIG.EXE from your computer as soon as possible.
WSMANHTTPCONFIG.EXE is Trojan/Backdoor.
Kill the process WSMANHTTPCONFIG.EXE and remove WSMANHTTPCONFIG.EXE from the Windows startup.

Malware Analysis of WSMANHTTPCONFIG.EXE
Full path on a computer: %Local Appdata%\Microsoft\Windows\912\WSManHTTPConfig.exe

Detected by UnHackMe:

Item Name: WSManHTTPConfig
Author: Unknown
Related File: %LOCAL APPDATA%\MICROSOFT\WINDOWS\912\WSMANHTTPCONFIG.EXE
Type: Registry Run

Removal Results: Success
Number of reboot: 1

WSMANHTTPCONFIG.EXE is known as:

Trojan.Dropper.Dapato

WSMANHTTPCONFIG.EXE hash:

  • MD5: fee796a7dff4f900d81a95d35cbee83b
The file tries to download information from some web sites.
How to quickly detect WSMANHTTPCONFIG.EXE presence?

Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WSManHTTPConfig: “%Local Appdata%\Microsoft\Windows\912\WSManHTTPConfig.exe”
Folders:
  • %Appdata%\hellomoto
  • %Local Appdata%\Microsoft\Windows\912
  • %Local Appdata%\Microsoft\VSComponents
Files:
  • %Local Appdata%\Microsoft\Windows\912\f118abd8
  • %Local Appdata%\Microsoft\Windows\912\WSManHTTPConfig.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: Dropper.Dapato, Trojan, WSMANHTTPCONFIG.EXE

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.