What is photo_id.exe, How to remove photo_id.exe


photo_id.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: photo_id
Filename: photo_id.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | photo_id
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | photo_id

Command:

C:\WINDOWS\system32\photo_id.exe
%UserProfile%\photo_id.exe
C:\WINDOWS\system32\config\systemprofile\photo_id.exe

Startup Type: HKLM->Run. HKCU->Run
HijackThis Category:
HijackThis Line:

O4 – HKLM\..\Run: [photo_id] C:\WINDOWS\system32\photo_id.exe
O4 – HKCU\..\Run: [photo_id] C:\Documents and Settings\user\photo_id.exe
O4 – HKUS\S-1-5-18\..\Run: [photo_id] C:\WINDOWS\system32\config\systemprofile\photo_id.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [photo_id] C:\WINDOWS\system32\config\systemprofile\photo_id.exe (User ‘Default user’)

DDS Line:

mRun: [photo_id] C:\WINDOWS\system32\photo_id.exe
uRun: [photo_id] C:\Documents and Settings\user\photo_id.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“photo_id”=C:\WINDOWS\system32\photo_id.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“photo_id”=C:\Documents and Settings\user\photo_id.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

Leave a Reply