00000008.@ is Rootkit ZeroAccess

May 31, 2012 by NightWatcher
Filed under: Rootkit 
: Solved!

Fix it immediately:

Rootkit 00000008.@ is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of 00000008.@ may be a very difficult process.
You should use anti-rootkit software to fix the 00000008.@ problem.

Malware Analysis of 00000008.@
Full path on a computer: :\WINDOWS\Installer\{b191330c-415d-5883-57c7-9de300728739}\U\00000008.@

Detected by RegRun Warrior:

00000008.@
Default location: :\WINDOWS\Installer\{b191330c-415d-5883-57c7-9de300728739}\U\00000008.@

Removal Results: Success
Number of reboot: 1

00000008.@ is known as:

Rootkit.ZeroAccess, , Tool.BtcMine, Trojan.Sirefef

00000008.@ hash:

  • MD5: 72ced4cebd0baa4692f241e47e6836b2
How to quickly detect 00000008.@ presence?

Registry:
  • HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\: “\\.\globalroot\systemroot\Installer\{b191330c-415d-5883-57c7-9de300728739}\n.”
Folders:
  • %Local Appdata%\{b191330c-415d-5883-57c7-9de300728739}
  • %Local Appdata%\{b191330c-415d-5883-57c7-9de300728739}\L
  • %Local Appdata%\{b191330c-415d-5883-57c7-9de300728739}\U
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\L
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\U
Files:
  • %Local Appdata%\{b191330c-415d-5883-57c7-9de300728739}\@
  • %Local Appdata%\{b191330c-415d-5883-57c7-9de300728739}\n
  • %WinDir%\assembly\GAC\Desktop.ini
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\@
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\L\00000004.@
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\n
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\U\00000004.@
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\U\00000008.@
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\U\000000cb.@
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\U\80000000.@
  • %WinDir%\Installer\{b191330c-415d-5883-57c7-9de300728739}\U\80000032.@


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: 00000008.@, Rootkit, ZeroAccess

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.