winserv.ila - Dangerous
%windir%\winserv.ila
Manual removal instructions:
Antivirus Report of %windir%\winserv.ila:
%windir%\winserv.ila
Mass mailing worm W32.Nodmin@mm.
Adds the value:
"Winserv" = "%Windows%\Winserv.ila"
to teh Windows startup registry keys.
Related files:
# %System%\kbdbg.exe
# %System%\bgHacKeR$.exe
# %System%\mymind.exe
# %System%\open.exe
# %System%\Q-We are the champions.exe
# %System%\Microsoft SuxX.exe
# %Windows%\winserv.ila
# C:\free01.exe
# C:\Documents and Settings\All Users\Start Menu\Programs\Startup\sservice.ila
# C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lservice.exe
Chanegs file associations.
Modifies HOSTS file.
Lowers security settings by modifying the following registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\System\DisableTaskMgr = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\DisallowRun = regedit.exe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\
DisableCMD = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\Zones\3\1803 = 3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\Zones\3\1804 = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\Zones\4\1803 = 3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\Zones\4\1804 = 1
HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\5.0\Mail\Warn on Mapi Send = 0
Remove it from Windows startup.
Restore HOSTS file.
| %windir%\winserv.ila | Malware |
| %windir%\winserv.ila | Dangerous |
| %windir%\winserv.ila | High Risk |
Adds the value:
"Winserv" = "%Windows%\Winserv.ila"
to teh Windows startup registry keys.
Related files:
# %System%\kbdbg.exe
# %System%\bgHacKeR$.exe
# %System%\mymind.exe
# %System%\open.exe
# %System%\Q-We are the champions.exe
# %System%\Microsoft SuxX.exe
# %Windows%\winserv.ila
# C:\free01.exe
# C:\Documents and Settings\All Users\Start Menu\Programs\Startup\sservice.ila
# C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lservice.exe
Chanegs file associations.
Modifies HOSTS file.
Lowers security settings by modifying the following registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\System\DisableTaskMgr = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\DisallowRun = regedit.exe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\
DisableCMD = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\Zones\3\1803 = 3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\Zones\3\1804 = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\Zones\4\1803 = 3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\Zones\4\1804 = 1
HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\5.0\Mail\Warn on Mapi Send = 0
Remove it from Windows startup.
Restore HOSTS file.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.