TWR11.EXE is worm Koobface

Dmitry Sokolov recommends his nice removal tool: UnHackMe


UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved!
5 Stars (5 / 5)


The file TWR11.EXE is a computer worm.
The worm TWR11.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the TWR11.EXE problem as soon as possible!
Delete the file TWR11.EXE from all infected computers in your network.
Set up your network firewall against TWR11.EXE intervention.

Malware Analysis of TWR11.EXE
Full path on a computer: %Temp%\twr11.exe

Detected by UnHackMe:

Item Name: twr
Author: Unknown
Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\TWR11.EXE
Type: Registry Run

Item Name: twr11.exe
Author: Unknown
Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\TWR11.EXE
Type: Running Processes

Item Name: stldr
Author: Windows Service
Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\STLDR1.EXE
Type: Registry Run

Item Name: lolsb
Author: Unknown
Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LOLSBM2.EXE
Type: Registry Run

Item Name: stldr1.exe
Author:
Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\STLDR1.EXE
Type: Running Processes

Item Name: lolsbm2.exe
Author: Unknown
Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LOLSBM2.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

TWR11.EXE is known as:

Worm.Koobface

TWR11.EXE hash:

  • MD5: 5aa8227ce157d51580d79b86e0c0f718
  • SHA1: 37e7bc94c3085547d3a9f1f8c498e06edc5c11ed
How to quickly detect TWR11.EXE presence? 

Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\stldr: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\stldr1.exe”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\twr: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\twr11.exe”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\lolsb: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lolsbm2.exe”
Files:
  • %Temp%\123.tmp
  • %Temp%\fc2blog3.exe
  • %Temp%\ffreg1.exe
  • %Temp%\ftppost2.exe
  • %Temp%\gmreg2.exe
  • %Temp%\lolsbm2.exe
  • %Temp%\stldr1.exe
  • %Temp%\tum1.exe
  • %Temp%\twr11.exe
  • %Temp%\tx1.tmp
  • %Temp%\tx2.tmp
  • %Temp%\tx3.tmp
  • %Temp%\tx4.tmp
  • %Temp%\tx5.tmp
  • %Temp%\tx6.tmp
  • %Temp%\tx7.tmp

UnHackMe removes malware invisible for your antivirus!

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1. UnHackMe uses minimum of computer resources.

Testimonials:

Simon:
UnHackMe is a success where others have failed. We have used the software for sometime. Thank you for a great product, which actually works and we believe in the developers.

Bob:
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!

Leave a Reply