Tuesday, July 3, 2012

WATERMARK.EXE is Trojan Lebag

This time we want to draw your attention to WATERMARK.EXE file, if you detect it, it means that some parasite roots on your computer. The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center. Its presence can cause different serious problems, so do not ignore it. It should be removed at once upon disclosure.
Kill the process WATERMARK.EXE and remove WATERMARK.EXE from the Windows startup.


The short report of this malware analysis

Item Name: UserInit
Author: Unknown
Related File: c:\windows\system32\userinit.exe,,c:\program files\microsoft\watermark.exe
Type: UserInit Value
WATERMARK.EXE is known under the name of Trojan.Lebag, Trojan.Ramnit

In the process of installation it adds the following registry entries:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “c:\windows\system32\userinit.exe,,c:\program files\microsoft\watermark.exe”

The files are caused by this malware

%Program Files%\Microsoft\WaterMark.exe
In order to neutralize this malicious activity, we recommend you to launch GridinSoft Trojan Killer, a reputable antivirus tool. It will remove this unwanted file and check your computer system for other insecure stuff.

WATERMARK.EXE file remover:

malware removal tool

No comments:

Post a Comment