LIB32WAOI.EXE is Worm Roxin
The file LIB32WAOI.EXE is a computer worm.
The worm LIB32WAOI.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the LIB32WAOI.EXE problem as soon as possible!
Delete the file LIB32WAOI.EXE from all infected computers in your network.
Set up your network firewall against LIB32WAOI.EXE intervention.
Malware Analysis of LIB32WAOI.EXE
Full path on a computer: %SysDir%\lib32waoi.exe
Detected by UnHackMe:
LIB32WAOI.EXE
Default location: %SysDir%\lib32waoi.exe
Removal Results: Success
Number of reboot: 1
LIB32WAOI.EXE is known as:
Worm.Roxin
LIB32WAOI.EXE hash:
- MD5: 8670306330e04554cb67fc47c7021411
The file tries to download information from some web sites.
How to quickly detect LIB32WAOI.EXE presence?
Registry:
Files:
Registry:- HKLM\System\CurrentControlSet\Services\Tcpz-x86\ImagePath: “\??\C:\Tcpz-x86.sys”
- HKLM\System\CurrentControlSet\Services\Tcpz-x86\DisplayName: “Tcpz-x86″
- HKLM\System\CurrentControlSet\Services\WapdSvc\ImagePath: “%WinDir%\System32\lib32wapd.exe”
- HKLM\System\CurrentControlSet\Services\WapdSvc\DisplayName: “Windows Project Drinking”
- HKLM\System\CurrentControlSet\Services\WapdSvc\Description: “Optical sensors monitor the atmosphere to detect the atmosphere of light and adjust the brightness of the display changes”
Files:- %SysDir%\IKMORTV.exe
- %SysDir%\lib32waoi.exe
- %SysDir%\lib32wapd.exe
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
