msinfo.exe - Dangerous

msinfo.exe

Manual removal instructions:

Antivirus Report of msinfo.exe:
msinfo.exe Malware
msinfo.exeDangerous
msinfo.exeHigh Risk
msinfo.exe
Backdoor.IRC.Aladinz.M is a backdoor Trojan horse that uses malicious scripts in the mIRC client software, allowing unauthorized remote access.

When it is executed, it performs the following actions:
Creates different files in %System32%\Wbem\Mof\Good\System:
@ - clean text log file
conn.dll - clean IRC dll file
csrss.dll - malicious IRC script detected as IRC Trojan
and others.

Attempts to copy itself as the following files:
C:\wupd.exe
%System32%\msinfo.exe

Adds the value:
"MSInfo" = "msinfo.exe"
"MSUpdate"="wupd.exe"
to the registry keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and "MSInfo" = "msinfo.exe" to
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Disables DCOM support by setting the value to:
"EnableDCOM" = "N"
in the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\EnableDCOM

Allows a remote attacker to control the computer. The functions provided include:

Retrieving information about the computer.
Stopping and restarting the Trojan.
Downloading and running files.
Scanning hosts for vulnerabilities using the Remacc.Dwremote.

EnabledDCOM value to "Y." in the system registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\EnableDCOM

And use RegRun Startup Optimizer to remove it from startup.

Remove msinfo.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.