What is av_md.exe, How to remove av_md.exe
av_md.exe is a harmful program.
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: av_md
Filename: av_md.exe
Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | av_md
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | av_md
Command:
%WinDir%\system32\av_md.exe
%UserProfile%\av_md.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [av_md] C:\WINDOWS\system32\av_md.exe
O4 – HKCU\..\Run: [av_md] C:\Documents and Settings\user\av_md.exe
O4 – HKUS\S-1-5-18\..\Run: [av_md] C:\Documents and Settings\user\av_md.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [av_md] C:\Documents and Settings\user\av_md.exe (User ‘Default user’)
DDS Line:
mRun: [av_md] C:\WINDOWS\system32\av_md.exe
uRun: [av_md] C:\Documents and Settings\user\av_md.exe
Combofix/RSIT Line:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“av_md”=C:\WINDOWS\system32\av_md.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“av_md”=C:\Documents and Settings\user\av_md.exe
Description: trojan also known as Trojan.Pandex [Symantec], Backdoor.Win32.HareBot.alo [Kaspersky Lab], Mal/Generic-A [Sophos]
How to remove: use HijackThis + Kaspersky virus removal tool
Leave a Reply