KNYXI.EXE is Worm Palevo

February 2, 2012 by NightWatcher
Filed under: Worm 
: Solved!

Fix it immediately:

The file KNYXI.EXE is a computer worm.
The worm KNYXI.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the KNYXI.EXE problem as soon as possible!
Delete the file KNYXI.EXE from all infected computers in your network.
Set up your network firewall against KNYXI.EXE intervention.

Malware Analysis of KNYXI.EXE
Full path on a computer: %UserProfile%\knyxi.exe

Detected by RegRun Warrior:

KNYXI.EXE
Default location: %UserProfile%\knyxi.exe

Removal Results: Success
Number of reboot: 1

KNYXI.EXE is known as:

Worm.Palevo, Trojan.Rimecud, TrojWare.Kryptik

KNYXI.EXE hash:

  • MD5: b539100c2e4875a0dec51b9dbf5e9ce1
How to quickly detect KNYXI.EXE presence?

Registry:
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman = “%UserProfile%\knyxi.exe”
Files:
  • %UserProfile%\knyxi.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: KNYXI.EXE, Palevo, Worm

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.