WINDOWS32.EXE is Trojan Dapato

June 16, 2012 by NightWatcher
Filed under: Malware 
: Solved!

Fix it immediately:

We checked up the file WINDOWS32.EXE and found it hazardous.
The file WINDOWS32.EXE must be deleted from the system immediately.
Kill the process WINDOWS32.EXE and remove WINDOWS32.EXE from the Windows startup.

Malware Analysis of WINDOWS32.EXE
Full path on a computer: %Local Appdata%\Windows32.exe

Detected by UnHackMe:

WINDOWS32.EXE
Default location: %Local Appdata%\Windows32.exe

Removal Results: Success
Number of reboot: 1

WINDOWS32.EXE is known as:

Trojan.Dapato

WINDOWS32.EXE hash:

  • MD5: 65241869d248f08b1b5e5fb827dee1cb
The file tries to connect to the dangerous web site.
How to quickly detect WINDOWS32.EXE presence?

Registry:
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows32: “%Local Appdata%\Windows32.exe”
Files:
  • %Local Appdata%\Windows32.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: Dapato, Trojan, Windows32.exe

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.