Home » Virus List
Trojan.Win32.Generic
Risk Level 1
 
File Size : 766211 KB
File Type : Portable Executable file
File Name

Zakk.exe

MD5

fe45989a7ec82052d1033c83b0f94021

SHA1

3f27ef716fd0df2be0a33ff023eac90732537122

SHA256

31ad99f1aed58dd210ab82bb6fed51aeeb090ebe8bb6a595f3

General information:

* File name: C:\Users\vmware\Desktop\malware\Zakk.exe

Changes to registry :

* Modifies value "(Default)=C:\windows\svchost.exe "%1" %*" in key HKEY_LOCAL_MACHINE\software\Classes\exefile\shell\open\command
binary data=43003A005C00770069006E0064006F00770073005C0073007600630068006F00730074002E0065007800650020002200250031002200200025002A000000
old value "(Default)="%1" %*"
binary data=2200250031002200200025002A000000
* Deletes Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "Microsoft=C:\windows\svchost.exe" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
binary data=43003A005C00770069006E0064006F00770073005C0073007600630068006F00730074002E006500780065000000
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Creates value "Version=000003E9" in key HKEY_LOCAL_MACHINE\software\mysoft
* Creates value "con=0&0" in key HKEY_LOCAL_MACHINE\software\mysoft
binary data=3000260030000000
* Modifies value "HideFileExt=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
old value empty

Changes to filesystem:

* Modifies file C:\Boot\memtest.exe
* Modifies file C:\bsa\BSA.EXE
* Modifies file C:\bsa\EXEINFO.EXE
* Modifies file C:\bsa\HAPI.EXE
* Modifies file C:\bsa\HEXDIVE.EXE
* Modifies file C:\bsa\LANG\Translator.exe
* Modifies file C:\bsa\MAEC\bsa_to_maec.exe
* Modifies file C:\bsa\MDMP32.EXE
* Modifies file C:\bsa\MDMP64.EXE
* Modifies file C:\bsa\PCAP\NetworkMinerConsole.exe
* Modifies file C:\bsa\PCAP\TCPRECON.EXE
* Modifies file C:\bsa\PCAP\UUDEVIEW.EXE
* Modifies file C:\bsa\PEID.EXE
* Modifies file C:\bsa\R3S32.EXE
* Modifies file C:\bsa\R3S64.EXE
* Modifies file C:\bsa\SIGNSRCH.EXE
* Creates file (hidden) C:\windows\svchost.exe
* Creates file C:\windows\temp\ssshost.exe

Network services:

* Queries DNS "youda2000.vicp.net".
* Queries DNS "dns.msftncsi.com".
* Downloads file from "w.c0mo.com/r.htm".
* Downloads file from "www.google.com/adsense/domains/caf.js".
* Downloads file from "d32ffatx74qnju.cloudfront.net/themes/saledefault.css".
* Downloads file from "d32ffatx74qnju.cloudfront.net/themes/assets/style.css".
* Downloads file from "fonts.googleapis.com/css?family=Libre+Baskerville:400,700".
* Downloads file from "fonts.googleapis.com/css?family=Boogaloo".
* Downloads file from "www.parkingcrew.net/scripts/sale_form.js".
* Downloads file from "d32ffatx74qnju.cloudfront.net/themes/cleanPeppermintBlack_4b29b84c/style.css".
* Downloads file from "fonts.gstatic.com/s/librebaskerville/v4/pR0sBQVcY0JZc_ciXjFsK2F7WC2UG4aaA4SZk0HPHJg.eot".
* Downloads file from "fonts.gstatic.com/s/boogaloo/v6/T5vB8h5AY7XmkrpRXqdjXvesZW2xOQ-xsNqO47m55DA.eot".
* Downloads file from "d32ffatx74qnju.cloudfront.net/themes/cleanPeppermintBlack_4b29b84c/images/chalkboard.jpg".
* Downloads file from "d32ffatx74qnju.cloudfront.net/themes/sale/orange.png".
* Downloads file from "d32ffatx74qnju.cloudfront.net/scripts/js3caf.js".
* Downloads file from "www.google-analytics.com/ga.js".
* Downloads file from "w.c0mo.com/track.php?domain=c0mo.com&toggle=browserjs&uid=MTQ2NDI0NzYwMC40NzM5OjQ5NmJjOTEyMjQwMDBhMDVhYjY4ZWFmNDI3ZmU3MjViMTZiMDhlN2Q1ODExMzNiZDNkYTkxY2YzMmQzNzdjYjM6NTc0NmE1MzA3M2I5Ng%3D%3D".
* Downloads file from "www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=2111889620&utmhn=w.c0mo.com&utme=8(Theme*Theme%20Type*Category%20ID*5!domty)9(CleanPeppermintBlack*two*0*5!ascii)11(1)&utmcs=utf-8&utmsr=1596x748&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=c0mo.com&utmhid=1150002770&utmr=-&utmp=%2Fr.htm&utmht=1464247607567&utmac=UA-48689684-1&utmcc=__utma%3D35451623.66272890.1464247606.1464247606.1464247606.1%3B%2B__utmz%3D35451623.1464247606.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=885079650&utmredir=1&utmu=qxQAAAAAAAAAAAAAAAAAAAAE~".
* Downloads file from "www.gstatic.com/domainads/tracking/caf.gif?ts=1464247607786&rid=5451888".
* Downloads file from "dp.g.doubleclick.net/static/caf/slave.html".
* Downloads file from "dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?max_radlink_len=40&r=m&fexp=21404&client=dp-teaminternet03_3ph&channel=bucket011%2Cbucket048&hl=hi&adtest=off&type=3&optimize_terms=on&drid=as-drid-2325302772630928&uiopt=false&oe=UTF-8&ie=UTF-8&format=r10%7Cs&adrep=0&num=0&output=caf&domain_name=w.c0mo.com&v=3&allwcallad=1&adext=as1%2Csr1%2Cctc1&bsl=8&u_his=0&u_tz=330&dt=1464247607879&u_w=1596&u_h=748&biw=0&bih=0&psw=0&psh=0&frm=0&uio=uv3cs1ff2sa16fa2sl1sr1cc1-wi666st22sa14lt33-&jsv=13427&rurl=http%3A%2F%2Fw.c0mo.com%2Fr.htm".
* Downloads file from "ajax.googleapis.com/ajax/libs/webfont/1/webfont.js".
* Downloads file from "fonts.googleapis.com/css?family=Libre+Baskerville".
* Downloads file from "w.c0mo.com/track.php?domain=c0mo.com&caf=1&toggle=feed&feed=afc&uid=MTQ2NDI0NzYwMC40NzM5OjQ5NmJjOTEyMjQwMDBhMDVhYjY4ZWFmNDI3ZmU3MjViMTZiMDhlN2Q1ODExMzNiZDNkYTkxY2YzMmQzNzdjYjM6NTc0NmE1MzA3M2I5Ng%3D%3D".
* Downloads file from "w.c0mo.com/track.php?domain=c0mo.com&caf=1&toggle=answercheck&answer=yes&uid=MTQ2NDI0NzYwMC40NzM5OjQ5NmJjOTEyMjQwMDBhMDVhYjY4ZWFmNDI3ZmU3MjViMTZiMDhlN2Q1ODExMzNiZDNkYTkxY2YzMmQzNzdjYjM6NTc0NmE1MzA3M2I5Ng%3D%3D".
* Downloads file from "afs.googleusercontent.com/dp-teaminternet/arr_3faad3.png".
* Downloads file from "w.c0mo.com/favicon.ico".
* Downloads file from "go.microsoft.com/fwlink/?LinkID=121792".
* Downloads file from "windows.microsoft.com/en-US/internet-explorer/products/ie-8/welcome".
* Downloads file from "windows.microsoft.com/en-us/internet-explorer/ie-8-welcome".
* Downloads file from "windows.microsoft.com/scripts/4.2/wol/modernizr.wol.js".
* Downloads file from "res2.windows.microsoft.com/resources/4.2/wol/shared/css/windows8_site_ltr.css".
* Downloads file from "res2.windows.microsoft.com/resbox/en/windows/main/15d2470f-0fcf-45e9-bf5b-c943236a61cf_534.css".
* Downloads file from "res1.windows.microsoft.com/siteresources/siteresource.ashx?id=wolNotificationCSS&hash=82512a82d6c2cb2120298514a390b3a6f2023c70e80c6401d351bc5f357b0368&us=WOLWebUrl&var=LTR".
* Downloads file from "www.bing.com/favicon.ico".
* Downloads file from "js.k0102.com/go.asp".
* Downloads file from "res2.windows.microsoft.com/resbox/en/windows/main/e64030e7-ad8c-4be8-a45a-b69a2df3caef_13.eot?".
* Downloads file from "res1.windows.microsoft.com/resbox/en/windows/main/93e33485-fea3-4687-a642-2c5dd233522f_12.eot?".
* Downloads file from "res2.windows.microsoft.com/resbox/en/windows/main/736e3781-6a19-4119-b717-e61f0d8982c0_12.eot?".
* Downloads file from "res2.windows.microsoft.com/resbox/en/windows/main/08ce8e54-41ba-4695-9963-a7669022faec_12.eot?".
* Downloads file from "res2.windows.microsoft.com/resbox/en/windows/main/5a7873a1-fd4e-4462-8ab2-32bd729117c6_7.png".
* Downloads file from "ajax.aspnetcdn.com/ajax/4.5.1/1/MicrosoftAjax.js".
* Downloads file from "ajax.aspnetcdn.com/ajax/jQuery/jquery-1.8.3.min.js".
* Downloads file from "windows.microsoft.com/scripts/4.2/wol/wol.common.js".
* Downloads file from "ocsp.omniroot.com/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACBAcnqkc%3D".
* Downloads file from "js.microsoft.com/library/svy/windows/pre_broker.js".
* Downloads file from "www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=1678327964&utmhn=js.k0102.com&utme=8(Theme*Theme%20Type*Category%20ID*5!domty)9(CleanPeppermintBlack*two*0*5!ascii)11(1)&utmcs=utf-8&utmsr=1596x748&utmvp=388x198&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=k0102.com&utmhid=673316303&utmr=-&utmp=%2Fgo.asp&utmht=1464247645413&utmac=UA-48689684-1&utmcc=__utma%3D210768270.919903980.1464247645.1464247645.1464247645.1%3B%2B__utmz%3D210768270.1464247645.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=2032183097&utmredir=1&utmu=qxQAAAAAAAAAAAAAAAAAAAAE~".
* Downloads file from "d32ffatx74qnju.cloudfront.net/scripts/json3.min.js".
* Downloads file from "js.k0102.com/track.php?domain=k0102.com&toggle=browserjs&uid=MTQ2NDI0NzYzOC4yMTU3OjZiMTYzMjNkMGRmYmNjMGQzMWJjN2RlYTViYzU3M2RkZjkyZTU4ZDE4NTU1NzcwMmJjN2E5NzU1YmIyMTA4NjI6NTc0NmE1NTYzNGFmNQ%3D%3D".
* Downloads file from "www.gstatic.com/domainads/tracking/caf.gif?ts=1464247650296&rid=590643".
* Downloads file from "dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?max_radlink_len=40&r=m&fexp=21404&client=dp-teaminternet02_3ph&channel=bucket011%2Cbucket042&hl=hi&adtest=off&type=3&optimize_terms=on&drid=as-drid-2823696925907968&uiopt=false&oe=UTF-8&ie=UTF-8&format=r10%7Cs&adrep=0&num=0&output=caf&domain_name=js.k0102.com&v=3&allwcallad=1&adext=as1%2Csr1%2Cctc1&bsl=8&u_his=0&u_tz=330&dt=1464247650296&u_w=1596&u_h=748&biw=388&bih=198&psw=388&psh=198&frm=0&uio=uv3cs1ff2sa16fa2sl1sr1cc1-wi666st22sa14lt33-&jsv=13427&rurl=http%3A%2F%2Fjs.k0102.com%2Fgo.asp".
* Downloads file from "js.k0102.com/track.php?domain=k0102.com&caf=1&toggle=feed&feed=afc&uid=MTQ2NDI0NzYzOC4yMTU3OjZiMTYzMjNkMGRmYmNjMGQzMWJjN2RlYTViYzU3M2RkZjkyZTU4ZDE4NTU1NzcwMmJjN2E5NzU1YmIyMTA4NjI6NTc0NmE1NTYzNGFmNQ%3D%3D".
* Downloads file from "js.k0102.com/track.php?domain=k0102.com&caf=1&toggle=answercheck&answer=yes&uid=MTQ2NDI0NzYzOC4yMTU3OjZiMTYzMjNkMGRmYmNjMGQzMWJjN2RlYTViYzU3M2RkZjkyZTU4ZDE4NTU1NzcwMmJjN2E5NzU1YmIyMTA4NjI6NTc0NmE1NTYzNGFmNQ%3D%3D".
* Downloads file from "jj.gxgxy.net/html/qb2.html".
* Downloads file from "d32ffatx74qnju.cloudfront.net/themes/sale/sale_simple.png".
* Downloads file from "www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=2108403946&utmhn=jj.gxgxy.net&utme=8(Theme*Theme%20Type*Category%20ID*5!domty)9(CleanPeppermintBlack*two*0*5!ascii)11(1)&utmcs=utf-8&utmsr=1596x748&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=gxgxy.net&utmhid=388656735&utmr=-&utmp=%2Fhtml%2Fqb2.html&utmht=1464247837765&utmac=UA-48689684-1&utmcc=__utma%3D210745806.660855929.1464247836.1464247836.1464247836.1%3B%2B__utmz%3D210745806.1464247836.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=1505610952&utmredir=1&utmu=qxQAAAAAAAAAAAAAAAAAAAAE~".
* Downloads file from "jj.gxgxy.net/track.php?domain=gxgxy.net&toggle=browserjs&uid=MTQ2NDI0NzgzNS4yMDk6MWEzNjVlN2NmYWJmN2EyMDM1MGI3MjZlZTc3Y2FjZGM4YjVjNzA5YWRmZWNlMzQwMDU2M2FmMTZhZjhmYmMwYjo1NzQ2YTYxYjMzMDg1".
* Downloads file from "www.gstatic.com/domainads/tracking/caf.gif?ts=1464247838810&rid=1100944".
* Downloads file from "dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?max_radlink_len=40&r=m&fexp=21404&client=dp-teaminternet02_3ph&channel=bucket011%2Cbucket047&hl=hi&adtest=off&type=3&optimize_terms=on&drid=as-drid-2347195947241528&uiopt=false&oe=UTF-8&ie=UTF-8&format=r10%7Cs&adrep=0&num=0&output=caf&domain_name=jj.gxgxy.net&v=3&allwcallad=1&adext=as1%2Csr1%2Cctc1&bsl=8&u_his=0&u_tz=330&dt=1464247838825&u_w=1596&u_h=748&biw=0&bih=0&psw=0&psh=0&frm=0&uio=uv3cs1ff2sa16fa2sl1sr1cc1-wi666st22sa14lt33-&jsv=13427&rurl=http%3A%2F%2Fjj.gxgxy.net%2Fhtml%2Fqb2.html".
* Downloads file from "jj.gxgxy.net/track.php?domain=gxgxy.net&caf=1&toggle=feed&feed=afc&uid=MTQ2NDI0NzgzNS4yMDk6MWEzNjVlN2NmYWJmN2EyMDM1MGI3MjZlZTc3Y2FjZGM4YjVjNzA5YWRmZWNlMzQwMDU2M2FmMTZhZjhmYmMwYjo1NzQ2YTYxYjMzMDg1".
* Downloads file from "jj.gxgxy.net/track.php?domain=gxgxy.net&caf=1&toggle=answercheck&answer=yes&uid=MTQ2NDI0NzgzNS4yMDk6MWEzNjVlN2NmYWJmN2EyMDM1MGI3MjZlZTc3Y2FjZGM4YjVjNzA5YWRmZWNlMzQwMDU2M2FmMTZhZjhmYmMwYjo1NzQ2YTYxYjMzMDg1".
* Downloads file from "jj.gxgxy.net/favicon.ico".
* Downloads file from "jj.gxgxy.net/html/dg2.html".
* Downloads file from "www.google-analytics.com/__utm.gif?utmwv=5.6.7&utms=2&utmn=915075319&utmhn=jj.gxgxy.net&utme=8(Theme*Theme%20Type*Category%20ID*5!domty)9(CleanPeppermintBlack*two*0*5!ascii)11(1)&utmcs=utf-8&utmsr=1596x748&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=gxgxy.net&utmhid=1839811070&utmr=-&utmp=%2Fhtml%2Fdg2.html&utmht=1464248133603&utmac=UA-48689684-1&utmcc=__utma%3D210745806.660855929.1464247836.1464247836.1464247836.1%3B%2B__utmz%3D210745806.1464247836.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=&utmu=qxQAAAAAAAAAAAAAAAAAAAAE~".
* Downloads file from "jj.gxgxy.net/track.php?domain=gxgxy.net&toggle=browserjs&uid=MTQ2NDI0ODEzMC45MTQxOmRkODVjNjI0MDQ3ZjlmNzQyNWY3MGQ5NzQzYzJkMGY3YWZjODk3ZGYxMzcyYjVkY2U4OGIzM2JjNGQ1NTI5YjA6NTc0NmE3NDJkZjMxNQ%3D%3D".
* Downloads file from "www.gstatic.com/domainads/tracking/caf.gif?ts=1464248136708&rid=5240133".
* Downloads file from "dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?max_radlink_len=40&r=m&fexp=21404&client=dp-teaminternet02_3ph&channel=bucket011%2Cbucket048&hl=hi&adtest=off&type=3&optimize_terms=on&drid=as-drid-2347195947241528&uiopt=false&oe=UTF-8&ie=UTF-8&format=r10%7Cs&adrep=0&num=0&output=caf&domain_name=jj.gxgxy.net&v=3&allwcallad=1&adext=as1%2Csr1%2Cctc1&bsl=8&u_his=0&u_tz=330&dt=1464248136739&u_w=1596&u_h=748&biw=0&bih=0&psw=0&psh=0&frm=0&uio=uv3cs1ff2sa16fa2sl1sr1cc1-wi666st22sa14lt33-&jsv=13427&rurl=http%3A%2F%2Fjj.gxgxy.net%2Fhtml%2Fdg2.html".
* Downloads file from "jj.gxgxy.net/track.php?domain=gxgxy.net&caf=1&toggle=feed&feed=afc&uid=MTQ2NDI0ODEzMC45MTQxOmRkODVjNjI0MDQ3ZjlmNzQyNWY3MGQ5NzQzYzJkMGY3YWZjODk3ZGYxMzcyYjVkY2U4OGIzM2JjNGQ1NTI5YjA6NTc0NmE3NDJkZjMxNQ%3D%3D".
* Downloads file from "jj.gxgxy.net/track.php?domain=gxgxy.net&caf=1&toggle=answercheck&answer=yes&uid=MTQ2NDI0ODEzMC45MTQxOmRkODVjNjI0MDQ3ZjlmNzQyNWY3MGQ5NzQzYzJkMGY3YWZjODk3ZGYxMzcyYjVkY2U4OGIzM2JjNGQ1NTI5YjA6NTc0NmE3NDJkZjMxNQ%3D%3D".
* Downloads file from "www.google-analytics.com/__utm.gif?utmwv=5.6.7&utms=3&utmn=1556373926&utmhn=jj.gxgxy.net&utme=8(Theme*Theme%20Type*Category%20ID*5!domty)9(CleanPeppermintBlack*two*0*5!ascii)11(1)&utmcs=utf-8&utmsr=1596x748&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=gxgxy.net&utmhid=667778495&utmr=-&utmp=%2Fhtml%2Fdg2.html&utmht=1464248146879&utmac=UA-48689684-1&utmcc=__utma%3D210745806.660855929.1464247836.1464247836.1464247836.1%3B%2B__utmz%3D210745806.1464247836.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=&utmu=qxQAAAAAAAAAAAAAAAAAAAAE~".
* Downloads file from "www.gstatic.com/domainads/tracking/caf.gif?ts=1464248147612&rid=2949206".
* Downloads file from "dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?max_radlink_len=40&r=m&fexp=21404&client=dp-teaminternet02_3ph&channel=bucket011%2Cbucket048&hl=hi&adtest=off&type=3&optimize_terms=on&drid=as-drid-2347195947241528&uiopt=false&oe=UTF-8&ie=UTF-8&format=r10%7Cs&adrep=0&num=0&output=caf&domain_name=jj.gxgxy.net&v=3&allwcallad=1&adext=as1%2Csr1%2Cctc1&bsl=8&u_his=0&u_tz=330&dt=1464248147612&u_w=1596&u_h=748&biw=0&bih=0&psw=0&psh=0&frm=0&uio=uv3cs1ff2sa16fa2sl1sr1cc1-wi666st22sa14lt33-&jsv=13427&rurl=http%3A%2F%2Fjj.gxgxy.net%2Fhtml%2Fdg2.html".

Process/window/string information:

* Gets input locale identifiers.
* Gets computer name.
* Checks for debuggers.
* Enables privilege SeDebugPrivilege.
* Enumerates running processes.
* Creates process "c:\windows\temp\ssshost.exe, c:\windows\temp\ssshost.exe, .".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\drive\C\windows\temp\ssshost.exe".
* Creates process "null, C:\Windows\svchost.exe, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\drive\C\windows\svchost.exe".
* Creates a mutex "Local\HGFSMUTEX".
* Enables process privileges.
* Contains string Traces of AutoStart registry key ("Software\Microsoft\Windows\CurrentVersion\Run")
* Contains string Checked for Symantec security software presence ("IAMAPP.EXE")
* Contains string Checked for Iparmor security software presence ("IPARMOR.EXE")
* Contains string Checked for Kaspersky security software presence ("KAV.EXE")
* Contains string Checked for Kaspersky security software presence ("KAVPFW.EXE")
* Contains string Checked for Jiangmin security software presence ("KVFW.EXE")
* Contains string Checked for Symantec security software presence ("NMAIN.EXE")
* Contains string Checked for SkyNet PFW software presence ("PFW.EXE")
* Contains string Checked for Task Manager software presence ("TASKMGR.EXE")
* Sleeps 191 seconds.

Additional Information:

How To Remove Zakk.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where Zakk.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top