AS.EXE is trojan LockScreen

September 22, 2011 by NightWatcher
Filed under: Ransomware 
: Solved!

You should Download Removal Tool here...

The file AS.EXE is malware related.
You must delete the file AS.EXE immediately!
Delete the file AS.EXE without delay!
Kill the process AS.EXE and remove AS.EXE from the Windows startup.

Malware Analysis of AS.EXE
Full path on a computer: %WinDir%\Temp\as.exe

Detected by RegRun Warrior:

Item Name: userinit.exe
Author: Gusto Hubs
Related File: %WinDir%\TEMP\AS.EXE
Type: Image Executions Debugger

Item Name: s5ch0st
Author:
Related File: %WinDir%\TEMP\AS.EXE
Type: Registry Run

Removal Results: Success
Number of reboot: 1

AS.EXE is known as:

Backdoor.ZAccess, Trojan.DoubleEagle, Trojan.LockScreen

AS.EXE hash:

  • MD5: 4824c51bd9d5027cd84f83016601a0e9
  • SHA1: 70f72ff0751263b9e8faf1b94c27ba52cb9325a3
How to quickly detect AS.EXE presence? 

Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\s5ch0st: “%WinDir%\Temp\as.exe”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\s5ch0st: “%WinDir%\Temp\as.exe”
Files:
  • %WinDir%\Temp\as.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.