{"id":11869,"date":"2012-03-16T07:07:33","date_gmt":"2012-03-16T03:07:33","guid":{"rendered":"http:\/\/greatis.com\/blog\/how-to-remove-malware\/_ex-68-exe-2.htm"},"modified":"2012-03-16T07:07:33","modified_gmt":"2012-03-16T03:07:33","slug":"_ex-68-exe-2","status":"publish","type":"post","link":"https:\/\/greatis.com\/blog\/rootkit\/_ex-68-exe-2.htm","title":{"rendered":"_EX-68.EXE is Rootkit MalOb-JI"},"content":{"rendered":"
<\/div>

Rootkit _EX-68.EXE<\/b> is software that enables continued privileged access to a computer while actively hiding its presence.
\nDetection and removal of _EX-68.EXE<\/b> may be a very difficult process.
\nYou should use anti-rootkit software to fix the _EX-68.EXE<\/b> problem.<\/p>\n

Malware Analysis of _EX-68.EXE
\nFull path on a computer: %WinDir%\\Temp\\_ex-68.exe<\/h2>\n
\n

Detected by UnHackMe<\/a>:<\/h3>\n

Item Name: MozillaAgent
\nAuthor: ROiASiLTI
\nRelated File: %WinDir%\\TEMP\\_EX-68.EXE
\nType: Registry Run<\/p>\n

Item Name: _ex-68.exe
\nAuthor: ROiASiLTI
\nRelated File: %WinDir%\\TEMP\\_EX-68.EXE
\nType: Running Processes<\/p>

<\/div>\n

After first reboot detected by UnHackMe<\/a>:<\/h3>\n

Item Name: NPF
\nAuthor: CACE Technologies, Inc.
\nRelated File: %SYSDIR%\\DRIVERS\\NPF.SYS
\nType: Services detected by Partizan<\/p>\n

Removal Results: Success
\nNumber of reboot: 1<\/h3>\n<\/div>\n
\n

_EX-68.EXE<\/strong> is known as:<\/h3>\n

Rootkit.MalOb-JI<\/p>\n

_EX-68.EXE<\/strong> hash:<\/h3>\n