microsoftpowerpoint.exe - Dangerous
microsoftpowerpoint.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
Related files:
%Temp%\MicrosoftPowerPoint\MicrosoftPowerPoint\2.mp3 (56,467 bytes) --> Media file
%Temp%\MicrosoftPowerPoint\MicrosoftPowerPoint\drivelist.txt (72 bytes) --> List of drives it tries to replicate
%Temp%\MicrosoftPowerPoint\MicrosoftPowerPoint\Icon.ico (318 bytes) --> Icon file
%Temp%\MicrosoftPowerPoint\MicrosoftPowerPoint\Install.txt (8,743 bytes) --> AutoHotKey Script
%Temp%\MicrosoftPowerPoint\MicrosoftPowerPoint\pathlist.txt (varies) --> List of drives worm is copied to
%Temp%\MicrosoftPowerPoint\MicrosoftPowerPoint\svchost.exe (239,104 bytes) --> Copy of worm
c:\heap41a\2.mp3 (56,467 bytes) --> Media file played when alert box is displayed
c:\heap41a\drivelist.txt (72 bytes) --> List of drives to scan for
c:\heap41a\Icon.ico (318 bytes) --> Icon file
c:\heap41a\reproduce.txt (834 bytes) -->AutoHotKey Script for registry manipulation
c:\heap41a\script1.txt (3,588 bytes) --> AutoHotKey Script for Messagebox creation
c:\heap41a\std.txt (439 bytes) --> AutoHotKey Script for registry manipulation / run other scripts
c:\heap41a\svchost.exe (239,104 bytes) --> Copy of worm
c:\heap41a\offspring\autorun.inf (21 bytes) --> used to autorun the worm when the drive is accessed
Kill the process microsoftpowerpoint.exe and remove microsoftpowerpoint.exe from Windows startup.