How to remove $R8E3ZFV.exe

$R8E3ZFV.exe

The module $R8E3ZFV.exe has been detected as Trojan.Agent

$R8E3ZFV.exe
Remove $R8E3ZFV.exe

File Details

Product Name:

KMSAuto Lite
Company Name:

Ratiborus, MSFree Inc.
MD5: c881a08d2dbdbef67d29d6c89c7a8742
Size: 1 MB
First Published: 2017-05-27 18:06:37 (7 years ago)
Latest Published: 2022-02-08 21:43:37 (2 years ago)
Status: Trojan.Agent (on last analysis)
Analysis Date: 2022-02-08 21:43:37 (2 years ago)

Common Places:

%sysdrive%\windows
%profile%\downloads\[ms office professional plus 2010] x32,x64 포함,정품인증툴 포함\정품인증\kmsauto lite 1.1.6 portable
%temp%\rarsfx0
%windir%
%sysdrive%\программы\kmsauto 1.1.6 w10.zip
%sysdrive%\$recycle.bin
%temp%
%desktop%\برامج اساسية ومهمة للجهاز 2020\auto.lite.1.1.6.portable افضل تفعيل للويندوز والاوفيس 2018.rar\auto.lite.1.1.6.portable
%sysdrive%\moje dokumenty\aktywatory\paczka aktywatorów window i office [marzec2015]\mtcpmar2015.rar\mtcpmar2015\microsoft.toolkit.collection.pack.march2015
%sysdrive%\flashdisk yoyo\penting\usb flashdisk\mtkp_2015.rar\microsoft.toolkit.collection.pack.march2015

File Names:

KMSAuto.exe
$R8E3ZFV.exe

Geography:

60.5%
20.7%
5.7%
5.4%
1.1%
1.1%
0.8%
0.8%
0.8%
0.4%
0.4%
0.4%
0.4%
0.4%
0.4%
0.4%
0.4%

OS Version:

Windows 7 53.8%
Windows 10 31.9%
Windows 8.1 11.9%
Windows 8 1.2%
Windows Server 2008 R2 0.8%
Windows Embedded 8.1 0.4%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x00001000

PE Sections:

Name Size of data MD5
.code 92672 9f649fba608bc7b071b7b42ef8592d5b
.text 307200 d98be557f11df82b67d643c7734bc6d4
.rdata 35840 8421f7083bec4fd5e9707a2ebc8d6ed4
.data 1590272 46c95498a1ab5823aa96f2dc8de5e3ff
.rsrc 45568 953c6c06e7ac06b1b1ae36bff45c48c6

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for $R8E3ZFV.exe
copyright for information about $R8E3ZFV.exe