What is av_md.exe, How to remove av_md.exe


av_md.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: av_md
Filename: av_md.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | av_md
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | av_md

Command:

%WinDir%\system32\av_md.exe
%UserProfile%\av_md.exe

Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [av_md] C:\WINDOWS\system32\av_md.exe
O4 – HKCU\..\Run: [av_md] C:\Documents and Settings\user\av_md.exe
O4 – HKUS\S-1-5-18\..\Run: [av_md] C:\Documents and Settings\user\av_md.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [av_md] C:\Documents and Settings\user\av_md.exe (User ‘Default user’)

DDS Line:

mRun: [av_md] C:\WINDOWS\system32\av_md.exe
uRun: [av_md] C:\Documents and Settings\user\av_md.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“av_md”=C:\WINDOWS\system32\av_md.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“av_md”=C:\Documents and Settings\user\av_md.exe

Description: trojan also known as Trojan.Pandex [Symantec], Backdoor.Win32.HareBot.alo [Kaspersky Lab], Mal/Generic-A [Sophos]

How to remove: use HijackThis + Kaspersky virus removal tool

Leave a Reply