uwyrl.exe - Dangerous
%sysdir%\uwyrl.exe
Manual removal instructions:
Antivirus Report of %sysdir%\uwyrl.exe:
%sysdir%\uwyrl.exe
Trojan.Phel.A is a Trojan horse program, which is distributed as an .html file, and attempts to exploit the Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass Vulnerability (as described in Microsoft Security Bulletin MS05-001).
Creates the following files:
* %System%\uwyrl.exe
* %System%\uwyrl.dll
Adds to Windows startup.
Downloads data from the searchproject.net domain, using an ADODB object, and saves the data as My.hta in the following folders:
* C:\Documents and Settings\All Users\Start Menu\Programs\Startup
* C:\Documents and Settings\All Users\Menu Inicio\Programas\Inicio
* C:\Documents and Settings\All Users\Menu Demarrer\Programmes\Demarrage
* C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
* C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
* C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
* C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
* C:\Documents and Settings\All Users\Kaynnista-valikko\Ohjelmat\Kaynnistys
* C:\Documents and Settings\All Users\Start Menu\Programlar\BASLANGIC
* C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
* C:\Documents and Settings\All Users\Start-menyn\Program\Autostart
* C:\Documents and Settings\All Users\Menu Iniciar\Programas\Iniciar
* C:\Dokumente und Einstellungen\All Users\Startmenu\Programme\Autostart
| %sysdir%\uwyrl.exe | Malware |
| %sysdir%\uwyrl.exe | Dangerous |
| %sysdir%\uwyrl.exe | High Risk |
Creates the following files:
* %System%\uwyrl.exe
* %System%\uwyrl.dll
Adds to Windows startup.
Downloads data from the searchproject.net domain, using an ADODB object, and saves the data as My.hta in the following folders:
* C:\Documents and Settings\All Users\Start Menu\Programs\Startup
* C:\Documents and Settings\All Users\Menu Inicio\Programas\Inicio
* C:\Documents and Settings\All Users\Menu Demarrer\Programmes\Demarrage
* C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
* C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
* C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
* C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
* C:\Documents and Settings\All Users\Kaynnista-valikko\Ohjelmat\Kaynnistys
* C:\Documents and Settings\All Users\Start Menu\Programlar\BASLANGIC
* C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
* C:\Documents and Settings\All Users\Start-menyn\Program\Autostart
* C:\Documents and Settings\All Users\Menu Iniciar\Programas\Iniciar
* C:\Dokumente und Einstellungen\All Users\Startmenu\Programme\Autostart
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.