XD11.EXE is Worm Dorkbot
The file XD11.EXE is malware related.
You must delete the file XD11.EXE immediately!
Delete the file XD11.EXE without delay!
Kill the process XD11.EXE and remove XD11.EXE from the Windows startup.
Malware Analysis of XD11.EXE
Full path on a computer: %Startup%\xd11.exe
Detected by UnHackMe:
Item Name: 1.exe
Author: Unknown
Related File: %APPDATA%\1.EXE
Type: Detected using Heuristic Algorithm
Item Name: 3.exe
Author: Unknown
Related File: %APPDATA%\3.EXE
Type: Detected using Heuristic Algorithm
Item Name: Microsoft DLL Registration
Author: Unknown
Related File: %APPDATA%\REGSRV15.EXE
Type: Registry Run
Item Name: xd11.exe
Author: Unknown
Related File: %STARTUP%\XD11.EXE
Type: Startup Folder
Item Name: 2.exe
Author: Unknown
Related File: %APPDATA%\2.EXE
Type: Detected using Heuristic Algorithm
Item Name: regsrv14.exe
Author: Unknown
Related File: %APPDATA%\REGSRV14.EXE
Type: Detected using Heuristic Algorithm
Item Name: regsrv15.exe
Author: Unknown
Related File: %APPDATA%\REGSRV15.EXE
Type: Detected using Heuristic Algorithm
After first reboot detected by UnHackMe:
Item Name: Cyzqzs
Author: Unknown
Related File: %APPDATA%\CYZQZS.EXE
Type: Registry Run
Item Name: Cyzqzs.exe
Author: Unknown
Related File: %APPDATA%\CYZQZS.EXE
Type: Detected using Heuristic Algorithm
Removal Results: Success
Number of reboot: 2
XD11.EXE is known as:
Worm.Dorkbot, Trojan.Vicenor, Trojan.Kryptik, Trojan.ADH, Trojan.Buzus, BackDoor.IRC.NgrBot
XD11.EXE hash:
- MD5: 293eda46a0ca5b473f310ffa3024dd05
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Cyzqzs: “%Appdata%\Cyzqzs.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft DLL Registration: “%Appdata%\regsrv14.exe”
Files:- %Appdata%\1.exe
- %Appdata%\2.exe
- %Appdata%\3.exe
- %Appdata%\Cyzqzs.exe
- %Appdata%\regsrv14.exe
- %Appdata%\regsrv15.exe
- %Startup%\xd11.exe
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
