How to remove cmd.exe
cmd.exe
The module cmd.exe has been detected as Backdoor.Gen
File Details
| Product Name: | Windows system files |
| Company Name: | Windows system files Inc. |
| MD5: | 1904002dd69fb05d62774c9fefbe86c3 |
| Size: | 161 KB |
| First Published: | 2017-07-22 18:12:40 (7 years ago) |
| Latest Published: | 2018-08-22 10:11:19 (6 years ago) |
| Status: | Backdoor.Gen (on last analysis) | |
| Analysis Date: | 2018-08-22 10:11:19 (6 years ago) |
Common Places:
| %sysdrive%\windows |
| %system%\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\62axopq5 |
| %system%\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\fzg8ckj5 |
| %system%\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\lixmvqoa |
| %system%\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5 |
| %windir% |
File Names:
| iexplore.exe |
| cmd.exe |
| iexplore[1].exe |
| service[1].exe |
| cmd[1].exe |
| qkqbuwmwf.exe |
| service.exe |
Geography:
| 71.4% | ||
| 14.3% | ||
| 9.5% | ||
| 4.8% |
OS Version:
| Windows 7 | 100.0% |
Analysis
| Subsystem: | Windows GUI |
| PE Type: | pe |
| OS Bitness: | 32 |
| Image Base: | 0x00400000 |
| Entry Address: | 0x00014300 |
PE Sections:
| Name | Size of data | MD5 |
| .text | 116224 | ec88d417aa17dc685d4deeb7a937bc6b |
| .rdata | 13824 | 814eef5f103f4995fae7d055b8d65d73 |
| .data | 31744 | 4a773c13fe586c6efb344eea88a3fbdc |
| .rsrc | 2048 | 544e7c992d46b4bc372ecf7efb858d63 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for cmd.exe
